Financial Services
Privately / Publicly Owned
Private
Employees
2700+
Customer Since
2019
Challenges
Solutions
Founded in the early 1990s, this European IT service provider is present in 16 countries across North America, Europe, the Middle East, Africa, and Asia. With a team of more than 2,700 employees, it has completed more than 2,000 successful projects in more than 50 countries across the globe. Introduced in 2019, its smartphone-based payment acceptance SDK transforms NFCenabled Android or iOS devices into a point of sale (POS) terminal. The company's solution is being leveraged by some of the largest financial institutions across Europe and Asia to streamline the payment processing and acceptance of hundreds of thousands of restaurants, delivery services, public transportation, and other businesses.
“With our extensive experience in designing and building traditional hardware point of sale terminals, adding SoftPOS into our product offering was a natural progression for our business. Even though there were no well-defined, security related standards or regulatory requirements when we started, we already incorporated security early throughout our development process.”
— VP of Fintech Services, Leading European IT service provider
Given the highly regulated industry the company operates in, it understands the importance of incorporating security throughout every aspect of its business. The team has adopted the Secure Software Development Lifecycle (Secure SDLC) processes from the beginning, despite the absence of well-defined industry-wide security standards. This framework incorporates security as one of the SDK development team’s main responsibilities. The company sought to empower its developers to build secure Android and iOS applications and SDKs more effectively by providing them with robust and comprehensive code protection and automated security testing tools that can be integrated directly into their CI/CD pipeline.
”When PCI MPoC was published, it became the one everyone in the industry went for. As a part of the compliance requirements, we needed to ensure that our white label app and SDK were well protected against reverse engineering, tampering, and automated attacks.”
— VP of Fintech Services, Leading European IT service provider
As the industry evolved and matured, different security standards (i.e., Visa’s Tap to Phone and Mastercard’s Tap on Phone) were introduced to ensure the security of mobile-app-enabled payment processing - each with varying requirements that they needed to comply with. It was not until the end of 2022 that the benchmark security standards for MPoC solutions were introduced by the Payment Card Industry Security Standards Council (PCI SSC). The company needed to ensure threat actors could not reverse engineer and tamper with the SDK’s internal logic to modify its behavior or steal the embedded Intellectual Property (IP). Without sufficient protection against static and dynamic analysis, a large-scale breach could happen and impact all mobile applications that use their SDK, potentially resulting in financial and reputation damage, loss of business, non-compliance, and even criminal lawsuits.
After a thorough evaluation of four mobile application security vendors and their products, this leading IT service provider chose Guardsquare for its Android and iOS code hardening and runtime protection tools, DexGuard and iXGuard, and its mobile application and SDK security testing tool, AppSweep. The decision was made in large part due to Guardsquare’s strong reputation in the financial services industry. The development team found DexGuard and iXGuard's code protection capabilities to be much more comprehensive than the other products they considered. Lastly, this leading IT service provider found Guardsquare’s pricing policy to be more favorable than the competition.
“Out of the four alternatives we evaluated, Guardsquare was the only one that met our technical requirements. We could easily understand their propositions and the problems they can solve. On top of its great track record in the financial services industry, Guardsquare has a better pricing policy compared to the competition."
— VP of Fintech Services, Leading European IT service provider
Unlike some alternatives that only apply a thin layer of protection, DexGuard and iXGuard’s compiler-based approach provides the most comprehensive mobile app and SDK protection with multiple layers of code hardening and automated runtime application self-protection (RASP). The tools’ static and dynamic analysis defenses are mutually reinforcing making it exponentially harder for threat actors to tamper or reverse engineer the code. Additionally, these protections are implemented polymorphically, ensuring that no two builds leverage the same protection techniques, automatically resetting attackers’ clocks and rendering their previous knowledge useless. Additionally, Guardsquare’s mobile app security testing product, AppSweep, empowers developers to detect and fix security issues and dependencies thanks to its static and dynamic security testing capabilities and actionable insights. Additionally, developers can integrate the tool into their DevOps pipeline with minimal configurations to automatically perform security testing early and often.
This leading European IT service provider was able to quickly implement DexGuard and iXGuard into their Android and iOS white-label applications and SDKs. The development team applied multiple layers of Java and native code obfuscation techniques as well as runtime integrity checks to ensure complete protection against static and dynamic analysis. For instance, by obfuscating the app and SDK's code, the development team ensured that threat actors could not easily understand the internal logic. Using tamper and hook detection, it prevents attackers from being able to modify the software’s intended behavior. To ensure that its applications and SDKs can only be run in a safe, uncompromised environment it implemented root/jailbreak and emulator detection. Lastly, the company also implemented AppSweep into its DevOps platform to automate its SAST activities.
“Guardsquare helped us meet PCI MPoC requirements, making our solution one of the first 10 SoftPOS solutions globally to be MPoC Software Application and MPoC Isolated SDK certified. This milestone showcases our dedication to innovation rooted in security and technological excellence."
— VP of Fintech Services, Leading European IT service provider
As a result, the company was able to fulfill all of its internal security requirements and have full confidence that it's whitelabel applications and SDKs are well secured. The company's software was able to meet all of the security requirements mandated by its payment processing partners (i.e., Visa, Mastercard) and became one of the first 10 solutions globally to meet the stringent PCI MPoC requirements. The certification proves the leading European IT service provider’s longstanding reputation in providing high-quality, highly secure solutions for its clients.
Guardsquare offers the most complete approach to mobile application security on the market, delivering the highest level of protection in the easiest possible way. Guardsquare's software integrates seamlessly across the development cycle, from app security testing to code hardening to real-time visibility into the threat landscape. Guardsquare products provide enhanced mobile application security from early in the development process through publication.
More than 900 customers worldwide across all major industries rely on Guardsquare to help them identify security risks and protect their mobile applications and SDKs against reverse engineering and tampering in the ever-evolving threat landscape.