The Green Sheet Online Edition
April 24, 2017 • Issue 17:04:02
Secure, all-in-one developer's toolkit for mobile apps
VASCO Data Security International Inc., a global technology company launched DIGIPASS for Apps (DP4A), a comprehensive software development kit (SDK) designed to optimize mobile app security and the customer experience. DP4A includes an application programming interface library to simplify integration, the company stated.
"As organizations move into the digital realm from brick-and-mortar environments, cybercriminals and hackers are targeting mobile applications, using multiple attack vectors to peel off personally identifiable information (PII)," said David Vergara, Head of Global Product Marketing at VASCO. "DP4A includes 16 specific capabilities designed to help the mobile channel continuously monitor mobile devices, authenticate users and mitigate risk."
Vergara said that within DP4A's three-pronged security strategy, monitoring and authentication are in the SDK library, enabling any developer to readily integrate the features into their own mobile apps. Risk management is accomplished by integrating DP4A with VASCO's Risk Platform.
Continuously monitor devices
DP4A continuously monitors mobile devices to detect anomalies and protect devices from numerous types of malware. Following are some examples VASCO provided:
- Runtime application self-protection continuously runs in the background of a mobile device to detect and block malicious attacks such as key logging and overlay attacks.
- Jailbreak and root detection employs key application security elements to alert users when rogue applications interfere or tamper with a device's download restrictions and operating system.
- Device identification leverages the unique attributes of a mobile device to provide a persistent identification, irrespective of mobile updates to defeat hackers' attempts to spoof the device.
Vergara noted a common pain point for business owners and mobile app developers is balancing the need to drive growth and engagement with the need to provide secure authentication. "In the beginning we used hardware tokens, but we went on to develop more frictionless solutions for authentication," he said. "For example, we use behavioral authentication to understand how users behave with devices and online, through the amount of pressure they use in their keystrokes, how they hold a phone, and dozens of other data points. This real-time, artificial intelligence can detect anomalous behaviors based on a user's behavioral model."
Fingerprint identification, facial identification that measures "selfies" against stored templates, and risk-based authentication that uses available data points to score the risk profile of a transaction are other examples of DP4A's dynamic multifactor authentication schemes.
Risk platform intelligence
VASCO's risk platform, the third essential component of DP4A's three-pronged security strategy, uses advanced analytics to determine the risk level of an individual mobile device. The company's IDENTIKEY Risk Manager integrates with DP4A to holistically interpret data and the health and integrity of a user's mobile apps.
The risk platform can leverage geolocation and communications technology to determine a device's physical location, whether its communications channels are open or secured, and if a user's mobile device has been jailbroken or rooted. It will use this data to calculate a risk score, based on the device's propensity for fraud.
Secure, enjoyable mobile experience
"Development teams are pressured in two ways: they're tasked with creating the best possible experience to attract and retain customers, while providing added security," Vergara said. "Developers tend to spend much more time on experience, either because they don't have the time or ability to address security, or because customer acquisition is a top priority.
When you think of the sheer volume and uniqueness of malware created every day, it can be staggering, he added. "We take that tradeoff and balancing act away with DP4A by removing friction and providing an incredible user experience," he said. "We can also intelligently manage the level of security and ramp it up as needed without impacting the user experience in many cases."
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.