Page 42 - Digital Financial Services security assurance framework
P. 42
(continued)
Affected Entity Risks and vulnerabilities Controls
The risk of exposure of sensitive infor-
mation occurs because of the following
vulnerabilities:
- Exposure of customer-sensitive infor- C117: Third-party providers should restrict the sharing of
mation in transactions or through APIs information with other parties such as payment service
Third-Party Pro- (SD: privacy) providers and DFS providers to the minimum required to
vider assure the integrity of the transaction.
- Insufficient data protection controls C118: Providers should ensure that customer-sensitive
(SD: privacy) data is removed from environments such as trace logs (for
example, cash retrieval voucher codes, bank account num-
bers, and credentials). Use place holders whenever possible
to represent this data in log files.
9 TEMPLATE FOR APPLICATION SECURITY BEST PRACTICES
In this section, we discuss a template for a mobile services to determine that they and the underly-
money smartphone application security framework. ing platform have not been modified.
The focus here is on general best practices and not ii. Remove any extraneous code that might have
specific individual technologies except where explic- been added to the application during develop-
itly discussed. For this template, we draw on recent ment, such as features that are not designed for
works on examining digital financial services appli- the device platforms that the app is to be deployed
cations from the standpoint of the mobile money upon or developer/debug features to reduce the
application space, including the GSMA study on attack surface of the deployed production code.
mobile money app security best practices, the iii. On the server-side, determine whether the app is
9
ENISA smartphone secure development guidelines, running in a high integrity state through signature
10
and a mobile payment applications security frame- validation or hashing over the app or certain pro-
work developed by the State Bank of Pakistan. This gram function blocks.
11
template can also be used also as input to an app
security policy by DFS Providers.
In this section, we summarize the recommenda- 9�2 Communication Security and Certificate Han-
tions as a starting point for regulators or application dling
security examiners to perform security assessments.
The template strictly considers the mobile appli- i. Apps should be making use of standardised cryp-
cation on the device unless stated otherwise, and tographic libraries and for communication with
subsections describing recommendations deal with back-end services, should use end-to-end encryp-
various aspects of the operation or underlying policy tion with standardized protocols, specifically TLS.
relating the mobile application. The focus is primar- The minimum recommended version of TLS that
ily on Android applications given their large market should be used is version 1.2.
share, though many recommendations are applica- ii. TLS certificates should not be expired and should
ble across mobile operating systems. Privacy is also present strong cipher suites, specifically AES-128
an important factor to consider, but these recom- encryption and SHA-256 for hashing. Authenticat-
mendations focus on security. ed encryption modes of operation such as GCM
are encouraged.
9�1 Device and Application Integrity iii. Limit the lifetime of issued certificates to 825 days
in accordance with the CA/Browser Forum best
i. The safest devices for performing financial trans- practices.
actions on are ones that have not been “jailbro- iv. Assure the trustworthiness of the certificate
ken” or “rooted”, as it can be difficult or impossible authority and consider a contingency plan for if
to assess the security of the underlying operating the CA is no longer trusted.
system when it has been replaced or exploited. v. Ensure the configuration of TLS is performed in a
Applications should thus use the mobile platform secure fashion and avoid misconfiguration issues
40 Digital Financial Services Security Assurance Framework
