Recent international mobile banking and financial services app regulations in Turkey and Singapore are paving the way for tighter app security policies. While these regulations are primarily intended to safeguard consumers and their sensitive financial data, in the process, they will protect app publishers from the unintended consequences of mobile application hacking and misuse.
Luckily, application shielding is a measure organizations can easily implement to remain compliant with these upcoming regulations, as well as keep sensitive logic and data protected from misuse. Application shielding makes an app more resistant to common intrusion techniques, including reverse-engineering and tampering. According to OWASP, these techniques rank among the top ten most common security risks for mobile applications.
Here’s a quick look at some of the highlights mobile app developers should be aware of when it comes to these upcoming regulations. They’re likely to become industry standards that other countries will embrace in 2020 and beyond, so it’s best to be prepared!
The Turkish banking regulatory agency, BDDK, recently issued draft legislation to ensure that banks are held responsible for the secure development and ongoing protection of their mobile applications. Among the provisions in the legislation:
These regulations are intended to ensure that financial institutions are proactive about their banking app security, rather than waiting to be affected by a breach. Taking the right preventative measures can protect banks from financial loss, customer loss, reputational damage, and more.
Like Turkey, the Singaporean government has been serious about data privacy, introducing regulations such as the Personal Data Protection Act (PDPA) and the Cybersecurity Act to ensure digital regulatory compliance. However, many organizations have overlooked these business obligations when it comes to their mobile applications, which has led to more specific guidance around the protection of mobile apps.
New mobile regulations in Singapore include specific application security measures for developers and app publishers, including:
Many cybersecurity experts believe that once Singapore passes these regulations, other countries including Malaysia and Thailand with similar PDPA requirements will quickly follow suit.
In the banking industry and beyond, application shielding can protect your mobile apps against tampering and misuse that could result in unauthorized access, malicious code injections, credential theft, app cloning, and more. In addition, as more and more countries introduce regulations similar to Turkey’s and Singapore’s, global organizations will need to be prepared for compliance reasons.
To be defended against a full spectrum of attacks, it’s important that organizations search for a solution that combines both static and dynamic app protection. Static protection prevents hackers from decoding sensitive parts of the application (such as API keys or credentials), and protects code and data at rest. Dynamic protection defends apps against analysis at runtime and live attacks. Code hardening techniques such as code obfuscation and encryption, as well as RASP, can help organizations remain both protected and compliant with the latest regulations.
Even with these emerging international regulations, surprising new research from Guardsquare recently confirmed that just under half of the top global banking apps are obfuscating their code. Ideally, new compliance requirements will empower an industry-wide change, or at least raise awareness for more organizations to embrace proactive application shielding.
Learn more about Security for Mobile Financial Applications and how we can help protect your customer data with our state-of-the-art security.