Mobile Security Suite Features
Proactively protect your Android and iOS apps against attacks even in untrusted, potentially hostile environments with mobile app shielding from OneSpan. Detect and mitigate the latest malware attacks, impede reverse-engineering, defend against tampering, and stop app spoofing and cloning with an invisible, always-on layer of state-of-the-art mobile app security.
Rooting or jailbreaking a device deactivates key operating system safeguards and can put a mobile app at increased risk. Detecting the operation of your app on such a device can allow you to monitor this risk factor and use it in making decisions on back-end fraud management and authentication systems.
Enforce the highest mobile app security for communications between the server and mobile device with end-to-end encryption. Add an additional layer of protection by independently encrypting data on the server side for decryption on the mobile device.
Strengthen the security of data stored on the device with additional encryption and dynamic masking of the data storage method beyond what is provided by the platform. This additional security also safeguards the stored data should the Trusted Execution Environment, Secure Element, or Secure Enclave be compromised.
Counter attacker attempts to dismantle mobile app security by extracting an app’s encryption keys. Whitebox cryptography uses advanced encryption and obfuscation to keep keys hidden in the source code even during runtime so that an attacker cannot recover them.
Enable and maintain a secure bond between a given mobile device and an authorized user to mitigate account takeover, stop the repurposing of cryptographic keys, and prevent app cloning as required by PSD2.
Integrate continuous mobile authentication for account access and transactions. In real time, monitor and score the way users interact with their mobile devices via keystroke and gesture dynamics. Recorded over time, these actions are mapped to the returning user to generate a risk score to step up authentication when needed.
Implement OneSpan’s patented visual transaction signing solution in your mobile app to allow users to verify and sign transactions anywhere at any time without the need for a wireless or physical connection.
Identify a mobile device via unique attributes to provide persistent identification that’s unaffected by mobile OS updates and defeat malicious attempts to spoof the mobile device.
Give users a choice of the biometric authentication that’s right for them at any given time by integrating facial recognition technology into your application security. Use facial data points and advanced liveness detection and spoof detection benchmarked by NIST to accurately authenticate users.
Deliver a passwordless mobile experience by integrating open, scalable, and interoperable PIN, push, and biometric authentication that complies with the FIDO Universal Authentication Framework (UAF) standard. Users authenticate locally to their device, removing the need for a “shared secret” stored on the server and eliminating the server-side attack vector.
Use a fingerprint scan to quickly and accurately authenticate users. A recent Javelin survey indicated that fingerprint is consumers’ most preferred authentication method when logging in to their accounts. Easily integrate this popular, simple, and proven biometric authentication option into your mobile app.
Pinpoint and timestamp a mobile device’s longitude and latitude within meters to determine the trustworthiness of a mobile device and feed risk analytics and risk management solutions with contextual data
Gather numerous data points about a device, its user, and the apps residing on it. Allow artificial intelligence (AI) and machine learning to score the risk of a transaction based on the available data points and dynamically step up authentication as needed.
Fully integrate transaction signing to prevent social engineering, banking Trojans, and Man-in-the-Middle attacks, while balancing user convenience and strong security for even the most sensitive mobile transactions.
Enable “push to log-in” use cases for online banking and send cross-platform notifications with a single server-side function to securely alert users, send authentication codes, and more from the server to the mobile device.
QR Code Support
Leverage a flexible image scanning feature that reads standard QR Codes for enrollment and other use cases.
Natively build e-signing capabilities into your existing mobile apps to allow users to sign from anywhere, at any time, on any device. Capture tap-to-sign and handwritten signatures, extensive electronic evidence, and more. The optimized SDK allows you to get up and running with your first prototype in as little as 10 minutes.