Apps can run in unknown and malicious environments, with no possibility to directly manage the devices on which they are installed. “Trust your App” is the suggested security approach to protect mobile apps in an autonomous way, independently from the device and without admin privileges. MORE® implements “Trust your App” approach allowing the highest level of security when apps run.
While there has been a significant growth in in the provisioning of IoT systems, the correlated security risks are undervalued. IoT systems are distinguished for two factors: no existing standards-based rules (heterogeneous environment); and they are not developed with security best practices in mind. XTN®’s work in the Domotics and Automotive fields provides a comprehensive portfolio for IOT security, management and analysis. XTN® solutions automate the security analysis of applications to detect code vulnerabilities and anomalous behaviours, which could compromise or impair devices.
XTN® strives to guarantee usability and an enhanced user experience. Continuous requests for user login and authorization codes are not necessary. Thanks to the user biometriccontrol based on behaviour and risk analysis into the end-point, it is possible to reduce the user’s security specific interaction. MORE® and SMASH® guarantee the highest level of service and data protection, choosing when an authentication is truly necessary.
Statistical analysis on frauds confirms the need for financial institutions to provide themselves with advanced solutions for transaction monitoring against the increasing number of online frauds. Year on year, statistics confirm the trend: the offering of services and their increasing use by a growing number of users are the perfect scenario for the increasingly sophisticated criminal groups intent on committing banking fraud.
An adapted level of defense, cannot disregard from evolved systems of transaction monitoring able to self-learn and in according with the attack pattern evolution. In this way, the requisites imposed are set by EBA (European Banking Authority), which imposes the use of advanced transaction monitoring systems for online payments.
The evolution of SMASH® is based on the growing needs for EFM’s (Enterprise Fraud Management) solutions, in order to provide a unique framework able to manage antifraud processes across different channels. This is the very reason SMASH® capabilities have evolved to increase the monitored perimeter to include credit/debit card transactions and SWIFT channels.
Have you ever done the math on fraud in your business? Fraud can be very costly: the costs can be calculated in merchandise or services lost, shipping and handling, time to process the order, processing chargebacks and your time and effort to investigate the fraud. SMASH® protects merchants from typical e-commerce frauds, providing Anti-Fraud checks before the payment processing phase, scoring the information provided within the credit card, the geolocation of the transaction, the shipment and the information regarding the order.
The European Banking Authority published the guidelines for the security of Internet Payment on 19/12/2014 (EBA/GL/2014/12), in which it instructed financial institutions and PSPs (Payment Service Providers) to improve instruments, processes and awareness in order to guarantee a stronger level of security regarding their payment services provided to customers. Requirement number 10:
“Transaction monitoring mechanisms designed to prevent, detect and block fraudulent payment transactions should be operated before the PSP’s final authorisation; suspicious or high risk transactions should be subject to a specific screening and evaluation procedure. Equivalent security monitoring and authorisation mechanisms should also be in place for the issuance of e-mandates.”
In detail, the EBA asks financial institutions and PSPs to implement the following kind of controls:
“Such systems should be based, for example, on parameterized rules (such as black lists of compromised or stolen card data)…”
“… and they should monitor abnormal behaviour patterns of the customer or the customer’s access device (such as a change of Internet Protocol (IP) address or IP range during the internet payment services session, sometimes identified by geolocation IP checks, atypical e-merchant categories for a specific customer or abnormal transaction data, etc.)”