Think perimeter security is enough? Think again…

Most of the data breaches you hear about these days are assessed from the server side. Take a recent incident in the financial services industry—a serious malware attack on the Polish banking sector that was tied to a campaign targeting organizations in more than 30 countries. In this case, a web application was infected with malicious code that spread from workstation to workstation. The malware was injected on the server side and then spread to clients using JavaScript embedded in the website. The truth is, this type of attack is the easiest to prevent.

The European Banking Authority warns against Man-in-the-Middle attacks

As discussed in a previous blog, the European Banking Authority (EBA) has released the final draft of its technical guidance for PSD2. Articles 4 and 25 of said guidance include mandates for the security of the customer authentication process.

One of the key elements of the authentication mandate is the requirement to use advanced security technology to safeguard all client-to-server communications against interception. In other words, to protect against MitM (Man-in-the-Middle) attacks.