Mobile app security testing conducted by viaForensics confirms that sensitive data is secure when using AprivaPay
Scottsdale, AZ July 6, 2011—Apriva, the leading provider of end-to-end wireless transactions and secure information solutions, today announced that the award-winning AprivaPay™ mobile card payment application has earned the highly-regarded appSecure™ certification from viaForensics for its Android smartphone app. The appSecure certification was issued after rigorous evaluation of the methods used within AprivaPay to prevent the exposure or disclosure of sensitive or private transaction data used in processing card-based payments on an Android-based device.
“Everyone involved in a card transaction, from the consumer all the way to the issuing bank, is increasingly concerned with protecting card numbers and private information,” said Paul Coppinger, Apriva’s president. “We engaged viaForensics to verify that AprivaPay not only met our internal standards, but was also secure in the face of a multitude of creative and rigorous attacks and attempted exploits. I am pleased that our application passed these exacting tests. Our customers can be completely confident that AprivaPay for Android provides the highest caliber of security and protection.
Recognized for its unique and thorough understanding of the risks associated with the rapid expansion of mobile apps for commerce and banking, Chicago-based viaForensics provided a full forensic audit of the AprivaPay app which leveraged advanced forensics and security techniques to ensure customers’ sensitive data was protected. As a part of the appSecure™ certification process, viaForensics employed a battery of tests and evaluations including code analysis, operational security testing, deep inspection of permanently and temporarily stored data, and encryption methodology.
“Consumers are demanding the convenience and power of mobile apps for finance and commerce, but the security methods traditionally used to protect and evaluate these applications in the web environment do not always apply to the technical landscape of the mobile phone platform,” said Andrew Hoog, viaForensics chief investigative officer. “We were quite pleased that Apriva chose to “go the extra mile” and proactively assess the AprivaPay app to ensure that it is not vulnerable to exploit. Our testing procedures have demonstrated that this particular app maintains the highest standard of security.”
AprivaPay is a full-featured payment application designed for both smartphones and browser-based mobile phones. The smartphone version of AprivaPay is compatible with numerous devices, including iPhone, Windows Mobile, BlackBerry and Android phones, and offers a number of features, including integration with optional printers/readers, and other functionalities which enable merchants to better serve customers.
“Apriva is committed to keeping sensitive data secure end-to-end,” concluded Coppinger. “As the payment industry’s first retail app to receive the appSecure certification, AprivaPay continues to lead the market in providing secure and reliable mobile payment products that consumers, merchants, and banks can rely upon.”
viaForensics™ is an innovative digital forensics and security firm providing services to corporations, law firms and law enforcement/government agencies. Areas of focus include computer and mobile forensics, mobile app security, enterprise security, infosec and penetration testing, and forensics training. As the leading experts on Android and iPhone forensics, viaForensics has developed a suite of unique services to serve the mobile and enterprise security needs of organizations.
Founded in 1999, Apriva is the leading provider of end-to-end wireless transactions and secure information messaging solutions that meet the exacting security and reliability requirements of financial services providers, government entities, and public service sectors. Through its two operating groups, Apriva Point of Sale (POS) and Apriva Information Security Systems (ISS), the company offers customers fully-managed, end-to-end, security solutions that incorporate hardware, software, network infrastructure and management tools. For more information, visit www.apriva.com.
Parallel Communications Group