IT Examiner School

Money Transmission

Application Risks User Device Risks Session Risks

Insecure application development

Rooted / Jailbroken Devices Unsecure Connections

Application Bug Exploits Reverse Engineering

OS Vulnerabilities

SMS Account Takeover

Cryptographic Key Theft

Malware

Mobile Account Takeover

Money Transmission

Mitigating controls include: • Well-defined policies, procedures & standards • Development standards, including quality assurance & testing • System Access/Segregation of Duties • Periodic Penetration Testing & Application Security Assessments • Timely Patching & Remediation of Identified Vulnerabilities