Protecting against the BankBot Android banking malware using RASP

Earlier this month the Dutch company Securify came across a new sample of the BankBot Android mobile banking malware. While older samples of BankBot mainly targeted Russian financial institutions, the latest sample shows that BankBot now targets European and American banks as well. More specifically BankBot now targets over 420 leading banks in countries such as Germany, France, Austria, the Netherlands, Turkey and the United States. VASCO’s Threat Research analysts… Read more


What Bob Dylan and RASP Have in Common

Ok, now that I have your attention, I’ll explain how I got here. Feel free to follow along. In early April, the creative folk icon finally made his way to Stockholm and the home of the Swedish Academy to formally accept his 2016 Nobel Prize for Literature and the 8 million Swedish krona (approximately $900,000 US) that went along with it. It happens that one of his most well known… Read more


Rise of Smart Authentication

It’s the 21st century marketing mantra: Never underestimate the power of ‘smart.’ After all, we have ‘smart’ phones, ‘smart TVs’, a ‘smart’ doorbell and yes, even a ‘smart’ dishwasher. Retail niches aside though, when it comes to the stuff that really matters, (like keeping your private information private), what about ‘smart’ authentication? As detailed in this Network World article, multifactor authentication strategies, while rising in popularity continue to be dogged… Read more


Using Mobile as an Upselling Channel in Financial Services

We rely on our bank’s mobile app to check balances, pay bills and transfer money electronically. But mobile consumers want (and expect) to do more. The logical next step, then, is to enable consumers to conduct all of the services offered online (and at their physical branches), on their mobile devices. That’s easier said than done. Most financial institutions have developed mobile apps that don’t provide adequate mobile capabilities and access to… Read more


EBA Eases Strong Customer Authentication Requirements under PSD2

On Thursday 23 February, the European Banking Authority (EBA) published its long-awaited final draft Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under the revised Payment Services Directive (PSD2). In general the EBA has relaxed its requirements compared to the RTS in the EBA’s Consultation Paper from August 2016. Here are the most important changes: Transaction risk analysis. The final draft RTS introduces… Read more


iris scab

Before there were ‘preppers’ there were the sign holders, who would boldly proclaim, “The End is Near” on street corners, in football stadiums, and in fact anywhere large crowds gathered. Today, there are pundits (and others) in the security industry heralding a similar message, the end, or to really put a fine point on it, the death of static passwords is near. No surprise, really, on all the reasons why… Read more


February 10, 2017 - David Vergara

In their third quarter 2016 earnings report, Bank of America said that 20 percent of its total sales were digital and 27 percent of those sales were over mobile devices. The bank reported that it now has over 21 million mobile customers. And similar growth is being seen across the banking industry, so there’s no doubt that the mobile channel is a strong contributor to bank growth. As the proverb says,… Read more


Why Telehealth Needs Secure Patient Identification Practices

I recently registered as a patient on a leading telehealth provider’s website. I was very surprised around the lack of identity assurance.  The only verification requested was my insurance card and I had the option of skipping that step since insurance is not a prerequisite for service. WOW! In an era of stolen credit cards, stolen identities and ever prospering cybercrime, this is really not acceptable. Telehealth can become a… Read more


SMS Authentication

Banks and payment service providers sometimes rely on SMS to verify the identity of a person who wishes to make a wire transfer or confirm a payment. They send an SMS message with a one-time password (OTP) to the person’s mobile phone, and the user has to enter this OTP into the application of the bank or payment service provider. In this blog post I discuss whether SMS-based authentication will… Read more


Introducing “Smile & Sign” at Finovate Europe 2017

The ideal digital onboarding experience does away with paper and unnecessary visits to the branch. It takes into account the fact that consumers may leverage multiple digital channels during the onboarding process. With the majority of digital business transactions conducted remotely online and on mobile devices, financial services organizations are looking to offer secure yet frictionless onboarding experiences for new and existing customers alike. A growing number of consumers are… Read more