A bank’s applications drive the business. As they evolve and grow, they expose more APIs causing the attack surface to grow as well. Cybercriminals are exploiting this phenomenon, attacking web applications and APIs with advanced methods that include SQL injection, cross-site scripting, and deploying automatic scripts known as “bots.” These attacks are damaging and costly, and the ability to secure applications has never been more critical.
But detecting and preventing these attacks is challenging, requiring the bank to implement app-specific security defenses, such as building security into their mobile apps from the get-go. When they don’t, the implications are dire, with great damage that can be incurred to customer security and the bank’s reputation.
Here in India, a banking organization is being attacked on an average 1364 times per week in the last 6 months, compared to 919 attacks per banking organization in APAC, as outlined in Check Point’s Threat Intelligence Report. Apart from this, in India, the average weekly impacted organizations by banking malware stood at 7.0 percent as compared to the APAC average of 2.9 percent.
Check Point’s “Mobile Security Report 2021” lists a 15% increase in global banking Trojan activity in 2020, threats that put mobile users’ banking credentials at risk as threat actors have been using mobile remote access Trojans (MRATs), banking Trojans, and premium dialers often hidden within apps claiming to offer COVID-19-related information in 2021, thus making mobile banking apps fertile ground for cyber attacks and one of the biggest risks for the banking industry. Security is obviously a growing priority within most organisations but as the numbers have presented, never more so than in the banking industry.
This blog will present two banks’ stories, their challenges, and the solutions they leveraged to overcome the challenge and boost their security posture.
Customer story: a large European bank enhances security for e-banking web apps
In the effort to overcome the challenges of securing its e-banking offering, a European bank was looking to enhance and automate the security of its customer-facing web applications’ APIs.
With Check Point’s CloudGuard AppSec, the bank can now prevent real threats such as those from the OWASP top 10, as well as zero-day API attacks and malicious bot traffic. And all this as it eliminates false positives.
Among the improvements made possible by the Check Point solution are:
- Improved security with automated application security and API protection using contextual AI
- Increased scalability with a fully automated solution for public clouds (AWS, Azure, Kubernetes, and more) and on-prem multi-apps, with protection for billions of annual application requests
- Reduced operational expenses by eliminating the need for manual tuning and fully automating across multi-environment & apps
e-Banking services security with Check Point’s CloudGuard AppSec
Customer story: large APAC bank releases mobile e-banking innovations to 1M+ customers quickly and securely
With Check Point’s Harmony App Protect mobile SDK, the bank has been securing its e-banking mobile apps from the start, achieving:
Apps secured out-of-the-box
- Runtime protection against malware, jailbreak/root, MitM attacks, and tampering attempts
- Detection of known and unknown threats and prevention of compromise
Faster version release
- Developers quickly and securely release new features
- A reduction in development and testing efforts
- Apps compliant with financial regulations from day one, incl. FFIEC, PSD2, PCI DSS, and more
Secure apps with Check Point’s Harmony App Protect
Solutions for securing advanced e-Banking services
Banks can protect web apps and APIs from cyber security attacks and build secure mobile apps from the get-go with Check Point’s CloudGuard AppSec, which automates financial service applications and API protection, and with Harmony App Protect for securing e-banking mobile apps.
Check Point enables banks to provide advanced digital services to their customers with the highest level of security to their network, cloud, users, and access, with the Quantum, CloudGuard, Harmony, and Infinity families of products.
By adopting a consolidated security approach with Check Point Infinity architecture and services, banks realize preemptive protection against advanced fifth-generation attacks while achieving a 50% increase in operational efficiency and a 20% reduction in security costs.