Mobile apps fall in scope for a number of regulatory requirements that govern the banking and financial services industries, such as: guidelines from the Federal Financial Institutions Examination Council (FFIEC), the Gramm–Leach–Bliley Act (GLBA), New York State cybersecurity requirements for financial services companies, the Payment Card Industry Data Security Standard (PCI DSS), the Sarbanes-Oxley Act, and more. Luckily, a repeatable mobile app security assessment program and standardized reporting go a long way in both achieving compliance objectives and securing mobile apps and data.
Originally presented on August 22, 2017, NowSecure Security Solutions Engineer Brian Lawrence explains:
-- How and where exactly mobile apps fall in scope for various compliance regimes
-- Mobile app security issues financial institutions must identify and fix for compliance purposes
-- How assessment reports can be used to demonstrate due diligence
20. Case study: MEA Financial
● SOC Type II reports
● NowSecure platform for assessments
● Archive assessment reports
● Provided to auditors upon request
“NowSecure helps us be pro-active as an
organization and gives us confidence that any
security concerns we can control truly are in order
when we let an app through to production.”
—Travis Swinford, product manager
MEA is a national leader in the provision of
innovative software solutions to the
financial services marketplace around the nation.
https://www.nowsecure.com/case-studies/mea-financial-instills-trust-in-mobile-banking-apps/