White papers

Account Takeover, aka ATO, happens when a fraudster successfully gains a user’s account credentials.

Application Fraud is a form of identity fraud that involves a fraudster applying for a new account in a service or product using stolen or synthetic identities.

Instant payments are electronic money transfers in which the funds are available for the payee in real-time. The service is available 24/7, and transfers occur directly from the payer’s account to the payee’s account. Many countries are using a fast, convenient, and available technology or are almost ready to use between people, businesses, and government [...]

13 January 2018 was the deadline for Member States to incorporate Directive 2015/2366/EU, known as PSD2, into their national legal systems. The goal of the “Payment Services Directive II” is to standardize the modalities of making digital payments, ensure safer transactions and protect consumers. PSD2 is only the latest of a series of measures taken [...]

This document describes the evolution and trends in Android malware behaviour with a focus on the financial context. After an initial contextualisation and an explanation of the usual anatomy of a mobile malware attack, the current landscape is presented with some interesting statistics. In conclusion, the MORE® malware engine is introduced explaining the benefits of [...]

As widely known, the Android operating system is based on Linux. Even if it has been subjected to a heavy customisation to improve it in terms of performance and security on mobile/embedded devices, it still preserves a lot of interesting concepts and components of its parent, one of them is the “everything is a file” [...]

The analysed malware, internally baptised as PowerFakeToken, has been identified to belong to the Android/FakeToken.A family. In a nutshell, the mentioned malware family pretends to be a mobile token generator, typically used for transaction validation in online banking systems, but in fact it is an application whose purpose is to steal sensitive credentials to perform [...]

This document is a synthesis regarding the results of a Security Assessment activity, based on a sample of mobile apps, released by institutes and companies such as bank and finance services, on-demand multimedia content providers, automotive, home automation, social and enterprise management, from the Italian and worldwide scenes. In consideration of the exponential growth of [...]