What is malware resistance ?

Malware is a generic term for software created by criminals to exploit end users. Malware comes in many forms, but with payments the target is typically to steal credentials, capture data such as text messages used for OTP codes or to modify banking software to trick users into approving fraudulent transactions.<br/><br/>

There are many mechanisms that can help provide malware resistance:<br/><br/>

- Secure execution environments;<br/><br/>

- Honeypots to tempt attackers into targeting the wrong targets
Integrity tests to verify that there is no tampering;<br/><br/>

- Strong, verified, cryptography to ensure that communication is correct;<br/><br/>

- Dynamically changing environment so that one attack does not transfer to all other devices;<br/><br/>

- Obfuscation, to make the executable code on the device harder to analyse;<br/><br/>

- Behavioural biometry mechanisms, such as analysing the movement of a device during SCA.<br/><br/>

In general, the operating system on the device should be trusted as little as possible, and as much as possible should be verified on the server-side, where the environment can be considered secure.

Previous