Ease of implementation:
DexProtector is a no-code solution. It applies protections automatically to APKs, AABs, AARs, IPAs, Frameworks, and XCFrameworks. There’s no need for bitcode, awkward SDKs, or custom toolchains.
Mobile Banking Protection:
Enhanced security to prevent mobile banking fraud.
We secure the mobile channel between banks and over 310 million end users.
Licel solutions are used around the world to protect the mobile channel linking banks to the end users of their applications.
Our fraud prevention products are integrated automatically post-build into mobile apps on both major platforms; Android and iOS.
For more than a decade, this proven approach has helped our clients protect their applications against the fast-evolving threat of mobile banking fraud.
Trusted protection against mobile banking fraud.
Licel provides you with all the tools you need to prevent account takeovers (ATO), mitigate authorised push payment fraud, prevent eKYC fraud, and stop automatic transfer system (ATS) malware, among other threats.
Our solutions to stop these threats include:
- Runtime Application Self Protection (RASP) Engine
- Network Security Module
- UI Protection Module
- Security Monitoring Module (with Alice Threat Intelligence)
- Anti-Malware Module (with Alice Threat Intelligence)
- Licel vTEE White-Box CryptoModule
- Device ID Module
- Authenticator Module
Layers of protection to guarantee your application’s integrity.
Our mobile app protection product, DexProtector, integrates modular solutions that are cryptographically bound to the host app. They are tamper proofed, and secured during runtime by the Licel vTEE and the DexProtector RASP Engine.
DexProtector comprehensively secures your mobile banking app via obfuscation, encryption, and RASP. The components it integrates prevent fraud, reverse engineering, tampering, IP and data theft, and API abuse.
At the protection stage, DexProtector injects its Runtime Engine and security modules.
And at the runtime stage, DexProtector’s integrated Runtime Engine and security modules protect your mobile banking app dynamically as it runs on users’ devices.
Implementation and integration made simple.
Licel security solutions are designed with developers and security teams in mind and exist to save you time and money.
Ease of integration:
Whichever way you build your app, protection is just one simple step. Run DexProtector locally and offline, or integrate protection automatically in your Android Studio, Xcode, and CI/CD builds.
Stability and performance:
The DexProtector RASP engine is optimized for each platform, with native-level operations that run seamlessly in the background without affecting the user experience.
Preventing account takeovers.
Account takeovers (ATO) happen when a fraudster gains unauthorized access to a user’s account. In mobile banking, this can happen via stolen credentials, malware, remote access tools, and inadequate authentication mechanisms.
How we stop account takeovers.
Licel solutions help banks to detect suspicious login attempts from new or untrustworthy devices:
our Device ID module provides your authorization servers with unique, tamperproof device identifiers, enabling you to detect suspicious user activity
Our products also prevent the theft of user credentials:
our Network Security module prevents credential theft via man-in-the-middle attacks and stops data theft by instrumenting app network communications, blocking cleartext traffic, checking device network configuration, and leveraging Public Key Pinning and Certificate Transparency
Anti-Malware and UI Protection modules prevent credential theft via banking trojans, keyloggers, screen scrapers, and overlay attacks
The Licel vTEE White-Box CryptoModule offers white-box cryptography protection and secure storage for user credentials, keys, and tokens - reinforced by device binding
The Authenticator Module provides an additional factor of user authentication
Preventing eKYC fraud.
Mobile banking apps often carry out eKYC (electronic Know Your Customer) checks when onboarding new users to verify their identity. This can be done via digital documents, photos, videos, and biometric data.
Fraudsters will try to bypass or abuse this ID verification process, using stolen or counterfeit documents to open accounts, apply for loans, and obtain credit.
How we stop eKYC fraud.
Licel solutions help banks to:
- prevent deepfakes and image injection spoofing for ID verification
· DexProtector’s RASP engine detects compromised devices, prevents exploits based on modifying app functionalities, and stops interference with the app in memory
· via the Anti-Malware module which interacts with - and provides data to - Alice, our threat intelligence solution - stop fraudsters from using outdated, insecure, or tampered versions of your app to evade security controls
· app authentication methods are essential for API protection, providing ways to identify trusted endpoints, and to reject API requests from fraudulent endpoints, as well as untrusted, tampered, insecure, or outdated versions of the app
Preventing automatic transfer system malware.
An automatic transfer system (ATS) malware, installed on a user's device, can automatically perform unauthorized transfers and divert funds to accounts controlled by fraudsters.
ATS malware generally only becomes active after the user has already authenticated. And it can even hide transactions from the user. This makes it tricky to detect the fraudulent activity until significant damage has already been done.
How we stop automatic transfer system malware.
Banks are aware of the automatic transfer system threat, but often lack the tools to prevent it. That’s where Licel’s advanced anti-malware capabilities can offer vital reinforcement:
- DexProtector’s Anti-Malware module scans devices for malware and potentially harmful apps and can take action upon detection
- Alice Threat Intelligence monitors the threat landscape for malicious malware, and its app protection behavior can be configured based on the category of malware detected
- Instant over-the-air (OTA) updates to secure both end users and apps from the latest threats
Preventing authorized push payment fraud.
Authorized Push Payment (APP) fraud involves manipulating users into authorizing payments themselves. In mobile banking, this can occur through social engineering, impersonation, and deceptive phone calls.
Fraudsters trick users into believing they are interacting with legitimate entities or individuals, convincing them to initiate transactions or even provide remote access to their devices.
How we stop authorized push payment fraud.
Licel solutions help banks to:
Stop cybercriminals from exploiting screen sharing and remote access:
- The UI Protection module mitigates the threat of social engineering and remote access fraud by preventing screen capture and screen sharing from within the mobile app
- The Anti-Malware module detects the presence and activity of Potentially Harmful Apps, including remote access tools, which might be used for APP fraud
The threat of app cloning: a cautionary tale from the Middle East.
Attacks targeting mobile banking applications are becoming multi-layered. Take this example from a bank in the Middle East:
- Bad actors launched a phishing campaign alongside the bank’s marketing campaign to launch their new mobile banking app
- They distributed a maliciously-modified version of the application that was fully functional; users could make transactions, send payments, and pay bills. The tampered app could still communicate with the bank’s backend, too
- The attackers also embedded the app with an intelligence gathering functionality that meant that they were able to compile a lot of data to use for mobile banking fraud
This real-world example of a sophisticated cloning attack emphasizes the need for equally-sophisticated mobile banking protection. A combination of Device ID, integrity control, threat monitoring, and SSL Pinning would have stopped this attack from succeeding.
DexProtector: the complete package for app and SDK security.
DexProtector is a no-code security solution for Android and iOS applications, SDKs, and libraries. Its core mechanisms include anti-tampering, anti-reverse engineering, and network security.
Its anti-malware capabilities, UI protection, API protection, and authenticator functionality represent the cutting-edge of mobile banking protection.
DexProtector provides the core security foundations needed to maintain integrity and prevent the most sophisticated threats facing mobile banking applications. It has been evaluated and approved as a software protection tool by EMVCo for 4 consecutive years.
Alice Threat Intelligence: real-time security monitoring.
Alice is a threat intelligence, monitoring, and attestation solution that shares incident reports for DexProtected applications.
Its data about the threats facing your app and the wider industry helps you to bridge the gap between vigilance and action. Alice empowers you to strengthen your security posture both now and in the near future.
Alice not only helps you to identify malicious threats facing your mobile banking application. It also forms a key part of our Anti-Malware Module, enabling you to configure app protection actions based on the severity of the threat.
Industry-leading anti-malware solutions.
Licel’s Anti-Malware Module is leading the fight against the persistent malware threat.
Leveraging both DexProtector and Alice Threat Intelligence, the Anti-Malware Module provides apps with integrated malware and Potentially Harmful App detection capabilities. This includes checks for known malware signatures, and heuristic checks which flag indicators of potential interference by malware or PHAs.
The core malware database is maintained by Licel’s security research team. It can be customized according to your requirements, and it delivers instant over-the-air (OTA) updates to secure both end users and apps from the latest threats.
Our UI Protection Module also mitigates the malware threat. It stops screen capture (screenshots, screen sharing, and screen recording), protecting IP and reducing the threat of remote access fraud.
The Licel vTEE: next-level security for sensitive mobile operations.
The Licel Virtual Trusted Execution Environment (vTEE) enables trusted applications to carry out sensitive transactions and operations. It is making innovative banking and payment processes much more seamless and secure.
The vTEE provides a safe storage space for banking credentials, keys, and tokens, as well as software-based cryptographic mechanisms and device binding to link bank accounts to specific devices.
More agile than traditional TEEs, it can be updated in a fraction of the time it takes for a hardware equivalent to get back up and running.
The Licel vTEE has been evaluated and approved by EMVCo under the SBMP TEE category.
Advanced security modules protected by the Licel vTEE.
The EMVCo-approved Licel vTEE implements trusted applications (TA) that provide advanced security modules to protect mobile banking apps against sophisticated threats.
White-Box CryptoModule
Automatically protects app cryptographic operations and keys via vTEE isolation, white-box cryptography, and device binding.
Authenticator Module
Time-Based One-Time Password (TOTP) generator to enhance Multi-Factor Authentication (MFA).
Licel solutions are EMVCo approved for both TEE-based and SBMP specifications.
EMVCo is a global technical body responsible for the secure integration of card-based payment products worldwide. It is collectively owned by industry giants such as American Express, Discover, JCB, Mastercard, UnionPay, and Visa.
DexProtector was the first software protection solution to be SBMP evaluated by EMVCo for both Android and iOS. It has been approved for 4 consecutive years.
Our Licel vTEE is currently the only virtual trusted execution environment listed with EMVCo SBMP TEE approval.
Both of these solutions are helping to enable and accelerate innovation in the mobile banking and finance industry.
