As the use of mobile phones for mobile banking and personal data management applications increases, corresponding security threats are increasing as well. The majority of smart phones use only two operating systems (Android and iOS) and, therefore, they represent prey of choice for criminal groups and malevolent hackers.
In this article, we will explain some of the defence mechanisms and security techniques we have taken to ensure our users confidential data is safe and secure from any third-party attacks.
Usernames and passwords have been a foundational security measure for decades, but no longer. Multiple high-profile breaches at major financial and business institutions have resulted in millions of username/password combinations to be stolen and listed for sale on the Dark Web. Combine this with the tendency to repeat passwords across multiple accounts, and the scale of the vulnerability becomes more apparent.
This is where MFA (Multi-factor Authentication) comes in. What is MFA and why do we need a multi-factor authentication feature?
Multi-factor Authentication is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application or online account, in this case Pocket Box.
Today, this is the need of the hour because submitting a single password in order to access a user’s account as defence mechanism, is no more up to the mark.
To combat this, the team at Pocket Box have incorporated biometric authentication systems, which are less exposed to the sole use of a password vulnerability because the user’s biometric data is unique. It is very difficult for an attacker to fraudulently replicate an individual’s fingerprint or facial recognition scan when taken by robust solutions with strong liveness/spoof detection, and yet takes only a moment for the appropriate Pocket Box user to authenticate. Because of this, biometrics are considered more convenient than passwords and more secure.
Secondary to this level of security, at Pocket Box we have incorporated industry leading data encryption.
Data encryption is the process of in which we encode confidential user information. Our encryption transforms the original representation of the information from human-readable ‘plaintext’ into non-human readable form (known as ciphertext). Only authorised parties (which hold a private key) can decipher (decrypt) ciphertext back to plaintext in order to read/access the original information.
The main goal of this encryption is to prevent unauthorised parties from reading private, confidential or sensitive data about our users. Data encryption is one of the most important ways in which we protect data stored or used in the Pocket Box mobile application.
You can begin to understand the power of encryption when organisations such as Law Enforcement and the FBI are found asking for permission to access iPhones and decode WhatsApp message. If they can’t break through willfully, hackers sure can’t.
Security has been at the forefront of the minds of those behind the implementation and development of Pocket Box from day one, and thus ensuring the application has been built using the most secure infrastructure possible. Which is why we use AWS (Amazon Web Services).
The AWS infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. It is designed to provide an extremely scalable, highly reliable platform that enables customers to deploy applications and data quickly and securely.
By using this infrastructure, we are ensuring the Pocket Box application is built and managed not only according to security best practices and standards, but also with the unique needs of the cloud in mind. AWS uses redundant and layered controls, continuous validation and testing, and a substantial amount of automation to ensure that the underlying Pocket Box infrastructure is monitored and protected 24×7. AWS ensures that these controls are replicated in every new data center or service we provide.
In addition to using this infrastructure, securing the Pocket Box application is a process that never ends. New threats emerge and new solutions are needed. We invest heavily in penetration testing, threat modelling, and emulators to continuously test our apps for vulnerabilities and address them with each update and issue patches when required.