What is the first thing that comes to mind when you hear the word “bank”? Probably “security” – even if “bank charges” come a close second.
Banks are traditionally the safest places on earth to keep your valuables, whether we’re talking gold ingots, bearer bonds, or simply your savings. However, traditional banking is now being challenged by startup fintech companies offering higher convenience and lower charges, using mobile apps as the way to reach their markets.
Mobile banking, mobile trading, digital wallets, peer-to-peer lending, and mobile money management are now available on smartphones, anywhere, anytime. Users flock to app stores and web sites to download the new applications. They also bring some unspoken assumptions with them, notably that they will benefit from at least the same levels of security, privacy, and confidentiality they had with their old, high-street banking.
But how sure can fintech companies be about the security of their apps? Under pressure to produce ever smarter, more functional applications, release cycles are continually being shortened and testing time squeezed. Established players, like conventional banks, seeking to extend into the fintech market, face similar challenges. Worse still, an ingrained culture of waterfall-style development can lead to app source code testing taking two to three weeks at a time.
If only app release schedule pressure was all that fintech companies and banks had to deal with. They also have two other major items to contend with:
- End-user expectations. Mobile financial apps must meet the highest standards, not only in usability, but also in reliability and privacy. Bad reputations for apps can spread like wildfire as users text, tweet, and post their opinions online.
- Financial industry regulators. These watchdogs check that companies handling other people’s money meet their legal obligations of protecting sensitive financial data. Any data breach, whatever the size, can mean direct liability to the company failing to provide sufficient security.
Fintech companies find themselves pulled one way by the opportunities to build new technologies like machine learning and predictive analytics into their apps to help customers manage their finances better – and pulled in the opposite direction by constraints of legislation and the underlying threat of fines, lawsuits, and more, if their apps contain flaws or vulnerabilities that lead to compromised or stolen data.
Any solution for safeguarding mobile app reputation must be fast, dependable, and flexible. Fast, because of rapid app release cycles, some of which may be urgently needed to correct defects from previous versions. Dependable, because fintech companies cannot afford to let bad apps get through their release process. And flexible, to allow fintech companies to set their own pass or fail levels when testing apps, to make they sure they satisfy their market and comply with financial security standards.
Properly executed binary analysis answers these requirements. AppInterrogator, for instance, not only seeks out vulnerabilities and security holes in an app in just minutes, but it also flags possible problems of compliance with security standards like PCI DSS. It tells fintech companies what the reputation of their mobile app is, and allows fast “In or Out” classification to accept or reject each app, each version, and each upgrade on which it is used. In this way, mobile apps will only be released when their reputation is good enough, a boon for fintech companies and their customers everywhere.