Boosting Your Mobile Retail App Security before the Holiday Season

Posted on by Isla Sibanda

The holiday season starts earlier every year, and 2022 is no exception. Already, Christmas decorations are littering the big-box stores, and our inboxes are awash with a flood of email marketing pushing early bird salesa month before Thanksgiving!

While the deluge of holiday cheer isn’t a surprise, there is a drastic change to this year’s holiday shopping landscape. Whether a natural outflow of digitization or post-pandemic agoraphobia, more and more shoppers are checking items off their holiday lists through apps. More than 60% of consumers use mobile apps to purchase, and half of those users download new apps for that express purpose.

With the excitement of technology and a less stressful shopping experience comes a fatal flawhackers and bad actors are increasingly drawn to poorly secured apps for a payday of their own, so it’s more important than ever to take ownership and boost your mobile retail app security before the holiday season. Unfortunately, misconceptions and mistakes abound in this critical sphere.

App Vulnerability

Suppose you developed your retail app in-house without specific expertise or used a fly-by-night service rather than industry-tested and trusted developers. In that case, you may be opening yourself up to significant in-app vulnerabilities. Hackers and scammers are naturally drawn to these poorly secured apps like moths to a flame.

One tested mobile device revealed an average of 3.5 instances of app-induced malware installation feeding attacks every 39 seconds. With that pervasive threat, can anything be done to combat attacks on mobile retail apps?

Even if the app itself isn’t a target of an attack, ingenious bad actors use other methods that include reverse-engineering downloaded apps to create clones and copies for nefarious purposes, so you need to be on high alert even if you think your app itself is airtight.

Audit, Audit, Audit

Before, during, and after launching your mobile retail app, you need to audit the security infrastructure of the app. Don’t go it alone, eitheryou need to outsource this to the experts and, ideally, to a third party uninvolved in the app’s development to avoid conflict of interest.

Your red hat team should target some specifics: data storage security to protect Personally Identifiable Information (PII), communications storage to prevent sensitive chat log leakage, and authentication processes to prevent fraud. Just like how you trust your business income in a secure bank, make your app a secure storage center for your customers’ payment information.

Compliance Is Key

Luckily, there are many industry standards to measure the security of your system against testing several domains within apps.

The Payment Card Industry Data Security Standard, or PCI-DSS, is one of the most crucial. This standard ensures and validates the internal app security of any payment processing done in-app and is the bare minimum needed to create a sense of safety and trust between your retail app and consumer.

PCI standards test several vital components, including:

  • Firewalls
  • Stored data protection
  • Encryption methods and efficacy
  • Antivirus protection
  • Secure systems and applications
  • Networking and data monitoring access
  • Security testing

These are just a few required in-app security measures, and the PCI standard itself is comprehensive but vital.

Close Your Gaps

Once you’ve identified areas of weakness that industry standards caught or don’t precisely measure, you need to proactively brick over those weaknesses. Some, like enhanced encryption, are part and parcel of best app practices. Still, others, like code obfuscation and runtime application self-protection checks, are more esoteric and often forgotten even by the most robust security teams (another reason to outsource!).

Continuous Monitoring

Identifying and closing gaps isn’t a one-and-done solution. Instead, mobile retail app security is iterative and cyclical. Data, inbound and outbound, needs to be constantly monitored for aberrations or flaws that point to active attacks. This isn’t enough on its own, and all monitoring needs to be bundled with a comprehensive and practiced response protocol to react to threats.

AI Is Your Answer

Luckily, enhanced artificial intelligence tools are creating an unbiased and tireless one-stop shop for your retail mobile app needs. Some AI-driven services can simultaneously test, protect, and monitor at a fixed price point without needing human niceties like sleep, food, or positive reinforcement. Your best bet is to leverage these tools to protect yourself and (more importantly) your valuable consumers.


Don’t let poor retail mobile app security be the coal in your stocking this holiday season. Ensure you’re proactively protecting your infrastructure with industry-trusted best practices, continually monitoring your app and data, and closing gaps as they arise. AI is an excellent tool for these, but if you go for traditional, human help, make sure they’re trustworthy and experienced. Doing this will give you the most fantastic present of alla happy customer for life.

Isla Sibanda

Freelance Writer,

DevSecOps & Application Security Human Element

application security risk & vulnerability assessment secure coding security awareness vulnerability assessment Internet of Things mobile applications mobile device security mobile security

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs