Mindtree helps fortify the mobile payment platform for one of the fastest growing digital wallet provider
Online and wallet payments are the norm of the day. Over 2.1 billion consumers use wallet payments worldwide. This makes it a lucrative target for hackers to gain access to critical personal and financial data of users. So, for the fastest growing mobile wallet providers in Europe, the most important business aspect to take care of was to ensure the security of its 1.5+ million users.
The client handled over 3 million transactions per month from over 750,000 daily active users. It has API connections to some of the largest banks and payment card issuers of the world (as shown in flow diagram). Therefore, any compromise in its mobile platform could cause business impairment of major financial clients. The company required application security checks and adherence to PCI security standards to ensure business continuance
The extent of wallet use for commercial transaction is estimated to cross $7 trillion by 2024. Whenever a consumer signs up for a wallet service, they have to provide their sensitive personal information (SPI) for verification that is stored in the provider’s ecosystem. These databases are further connected to various ecommerce or company portals through an API. Targeted hacking into these databases and connections can allow the hackers to gain access to all the information and manipulate data as required-.
To avoid such an incident, Mindtree offered its Hacking-as-a-Service and Application Security services to the client. Proactive testing scenarios were created to find hidden vulnerabilities present in the system. Compliance-based attack vectors were created for penetration testing. The vulnerability assessment revealed over 20 critical problems that plagued the system and exposed financial data. Mindtree also analyzed the database and mobile application platform and uncovered encryption issues that made the transaction data readable to a third party
Mindtree created customized mobile application security and database encryption rules to meet the client’s requirements. Further, secure coding rules were implemented to ensure security at every stage of future development and testing scenarios.
The company’s SAST workflows were also optimized and automated to make it more robust:
The potential of the impact was for the entire user database (over 1.5 million users). All sensitive data was secured and advanced security standards were implemented.