Financial Applications Security

Given the central role played by application software in customer-facing and core banking services such as ATM, Deposits, Card Issuance, and Money Transfers, MAXUT offers custom penetration testing and vulnerability assessment services focused on discovering and rectifying back-end applications security flaws – either inherent or through deployments. This service is invaluable to customers who need to combat security risks associated with relatively new online and mobile applications as well as risks from custom web and legacy applications – some of which were developed in an era when security was an after-thought in software development.

Our unique ‘ethical hacking’ testing methodology combines technical ability with the creativity of our team of experienced financial applications and security professionals, to precisely test real life business scenarios that automated testing tools are incapable of.

In addition to application vulnerability testing, MAXUT offers two-factor protection for core banking applications and internal systems that support critical services. Strong authentication is a first step in protecting these services from malicious access by unauthorized external and internal actors and to aid compliance with PCI-DSS and other financial regulations including emerging payment services standards such as PSD2.

The apps-driven economy is here!

With the ubiquity of mobile apps in practically every business interactions the need for trust has never been more important. This is even more true with mobile banking services and financial transactions.

Because mobile apps are susceptible to usual online threats such as financial malwares, web-based banking Trojans and man in the middle attacks, in addition to mobile device-specific vulnerabilities, securing mobile apps has become a critical component of an effective fraud prevention strategy for financial institutions.

Based on DigiPass for Apps, a software development security platform from VASCO Data Security, MAXUT helps customers design, and secure mobile banking apps to protect users from these threats and vulnerabilities. The platform provides a single framework for user authentication, transaction and device protection. We work with your software development teams to port existing apps to the platform or to create new highly secure mobile app. Contact us for more information.

Online Banking Security

Online and mobile banking are fast becoming the primary methods that customers prefer to interact with their banks. As financial institutions extend their products beyond the traditional banking channels to reach new customers and to offer new payment services, access to sensitive financial information is no longer confined to the four walls of your branch network or to customers in the same city or country: the identities of your customers and employees are the new security perimeters to your bank. Attacks on user credentials range from the simple – such as setting up fake bank websites and emails, or the use of USB key loggers – to more sophisticated phishing and social engineering attacks.

Recent attacks on the infrastructure of financial institutions such as the SWIFT messaging fraud on the Bank of Bangladesh, succeeded after the credentials of bank employees were compromised.

These and other high-profile heists were successful because proving user identities has remained stuck in a time warp defined by user name and password combination. Passwords remain the number one reason why online accounts are compromised and with the increasing adoption of mobile banking, the use of static user passwords or one-time passwords sent in mobile SMS texts for user authentication are no longer tenable.

MAXUT provides two-factor authentication (2FA) and fraud management solutions to address the risks associated with electronic banking, payment services and other financial transactions.

We offer:

  • Strong authentication hardware tokens and mobile app authenticators to mitigate the risks associated with stolen or compromised user credentials for online or mobile banking accounts, by replacing static user passwords with constantly changing single use, one-time passwords (or OTPs).
  • Convenient, and easy to use authenticators to ensure that only customers or employees with physical possession of an authenticator or pre-registered mobile device can access your online banking services or critical internal banking applications
  • Seamless transition from SMS-based OTPs to cryptographically generated OTPs, eliminates fraud risks associated with SIM swap and other SMS interception attack methods. The use of SMS-based OTPs is gradually being phased out due to these vulnerabilities by various financial regulatory authorities round the world.
  • Advanced fraud prevention with transaction signing, push notification and out of band authentication to address new threats from man-in-the middle/man in the browser attacks
  • Mobile app authenticators designed and customized to your bank’s mobile app development standards with high level security features such as secure storage for customer data, secure communication channel, risk indexes based on device attributes, user location, biometric ID protection etc.
  • Professional services including solution design, project management and standard API integration of 2FA platform with critical banking applications and services, and integration to your technology infrastructure. We also provide custom management and reporting applications for day to day administration, user assignment and for audit reporting purposes.

Through our partnership with VASCO Data Security NV. a market-leader in fraud & risks management for global financial institutions, we provide best practice project delivery and 24-7 technical support. And as the only regional VASCO premier technical partner, you can be assured of world class implementation across all your bank locations.