SecIron’s team of skilled analysts provided a holistic approach to safeguarding a global developer and vendor of an open digital payment solutions provider from Europe. While the Android mobile application presents a challenge to the risk of security, SecIron’s multi-platform mobile apps security solution has been able to protect and maintain the mobile application and SDK with the right steps to pass the penetration test with success.
Our client is a global developer and vendor of a digital payment software platform that provides cross-border payment services. Their list of services ranges from but not limited to providing omni-channel digital banking solutions, ecommerce, digital wallets and other financial related digital solutions. Their services span across Europe, America, Asia, the Middle East and Africa and with Over 135 banks, telecom and oil companies currently procuring their services.
As the growth of our client’s business continues, they were presented with additional risks to their digital assets and users from external sources. As many E-commerce businesses and social networks continued integrating with our client’s services to provide hassle-free third-party payment solutions, and with more transactions being performed across multiple devices, this has undoubtedly increased their mobile payments applications surface exposure, making it possible for threat actors to conduct malicious activities. This presents a significant challenge in safeguarding and protecting the mobile application against possible cybersecurity threats such as debugging or hook techniques to steal our client’s users’ credit card information, personal data and other private information.
Such data theft and data leakage are common in the industry and can cause irreparable damage to our client’s reputation in addition to legal compliance issues in the future.
To solve this challenge, SecIron provided static protection that includes the hardening of the SDK to protect and shield the source code using SecIron’s cutting edge Virtual Machine Protection (VMP) technology. This stops hackers from attempting to reverse engineer the source code for vulnerabilities and severely limit their attack angle. In addition to the static protection, we also provided dynamic protection in anti-debugging, anti-hook and many more to furnish complete and comprehensive protection for the client.
Until today, our client continues to expand their business without any breach in their security. The high-intensity penetration test has not been able to reveal or tamper with the SDK source code and key information. SecIron and our client are confident that customer data and our client’s intellectual property is perfectly protected.