Go to content Phone human-readable description of the message we trying to accomplish. Search human-readable description of the message we trying to accomplish. Map pin human-readable description of the message we trying to accomplish.

Securing FinTech app innovation - commenting on the FinTechEU conference: EU regulation and financial technologies

Participating at the #fintechEU conference brought home to me the vibrancy of the European fintech scene. European innovation, coupled with sensible regulation, is opening the market to new entrants, and they are ready to shake things up. However, EU citizens will only take it up if they trust fintech products to be secure. Today, the EU leads the world in cybersecurity products and services, but it can’t rest on its laurels – it must ensure it continues to support and protect European innovation.

This second and updated version of the European Payments Services Directive (PSD2) will facilitate a revolution in payments when it comes into force next year. Traditional banks will now face competition from entirely new third-party providers leading to disintermediation of traditional banking services. Established banks will have the opportunity to rethink business models and to out innovate their rivals and new entrants, resulting in overall better services.

However, these benefits will only be achieved if the cybersecurity challenges are also addressed. Smartphones are now the primary device for accessing digital services, and so with more sensitive apps and services ‘going mobile’, the need for mobile device security is greater than ever. Consumers are demanding quick, convenient and, importantly, secure access to all of their digital services, from whichever device they are carrying in their pocket.

Most manufacturers of mobile devices recognise the importance of security and now embed Trusted Execution Environment (TEE) technology at the point of manufacture. The TEE offers hardware protection in the form of a secure operating system that is completely isolated from a device’s main operating system. Recognising the benefits of this technology, the European Union Agency for Network and Information Security (ENISA) have included TEE in their best practice guidelines for smartphone app development.

Today, almost every premium Android smartphone contains TEEs accessible to third party app developers. Applications secured by TEEs can protect their critical operations and data from scalable (think mass takeover) software-based attacks. They can also make use of advanced services such as biometrics (fast, strong authentication) and trusted user interaction (removal of phishing and key logging threats). Beyond this, most TEE-enabled devices are also imprinted with a Root of Trust that ensures a trusted identity is preserved within the device. Giving each device a unique identifier during manufacture enables a host of security applications. It makes it easier to identify counterfeit or compromised devices, prevents remote takeover of accounts and services, and it gives service providers high assurance that the user attempting to log in to a service is doing so from a device they know is trustworthy.

Although much of the global TEE research is currently conducted in the EU, Europe is at risk of being left behind when it comes to scaling the technology. Work by groups such as the European Cyber Security Organisation (ECSO), and a long overdue look into how ENISA can be better resourced, are a step in the right direction. However, Europe must also look to other policy levers to ensure European businesses, and especially SMEs, continue to be at the forefront of bringing greater security to EU citizens. It is not sufficient that only innovation happens in Europe – the infrastructure to support businesses as they scale up is also necessary for Europe to continue to play a leadership role.

This blog, by Trustonic CEO Ben Cade, was first published on the European Union’s Digital Single Market thread.

Related content

Korea’s KB Bank Uses Trustonic In-App Protection to Enhance Mobile Banking Experience

Using Trustonic Application Protection enables KB Bank to dramatically improve the authentication experience for users of its mobile banking app and allow secure high value transactions

2nd April, 2020 – Mobile cybersecurity leader, Trustonic, today announces the successful implementation by KB Kookmin Bank (KB Bank) of Trustonic Application Protection (TAP) to enable a simpler authentication experience for users of its KB Star Banking app.



Trustonic + Lookout – Advanced Mobile Security for Banking & Fintech Apps

The need for in-app protection for critical mobile apps is greater than ever. The partnership between Lookout and Trustonic brings together two of the most robust app security platforms on the market, delivering the advanced security and protection required by banks and fintechs wishing to offer PSD2-compliant services and Strong Customer Authentication (SCA) requirements.


Lookout & Trustonic Partner to Provide Comprehensive End-To-End Mobile App Security

San Francisco, CA - October 17, 2019 - Lookout, Inc, the leader in securing the post-perimeter world, has announced a record year for its App Defense product with new customer acquisitions and strategic go-to-market partnerships. App Defense helps enterprises protect their customer-facing apps from data compromise and fraudulent transactions. Breaches can have a significant impact on brands as hackers can compromise consumer's credentials, steal PII data and initiate account takeovers.


Trustonic joins PCI Security Standards Council to protect payment data and mPoS devices

Trustonic to contribute to the development of PCI Security Standards as Council’s newest Participating Organization.

17 July 2019 - Cambridge, England - Mobile cybersecurity leader, Trustonic, announced today that it has joined the PCI Security Standards Council (PCI SSC) as a new Participating Organization. Trustonic will work with the PCI SSC to help secure payment data worldwide through the ongoing development and adoption of the PCI Security Standards.

All Financial Services posts
Back to top