Tesco Banking
Client Case Study
SCOPE
Tesco Banking was underway to make its Clubcard scheme more accessible to its
customers and wanted to develop a Tesco Bank Credit Card with Clubcard integrated into their
existing mobile banking application. The development team requested support from Complete
Cyber to perform analysis of their mobile architecture solution to ensure compliance and to
ensure best practices pertaining to mobile security were being implemented.
CHALLENGE
The development team had already designed and began building the mobile
banking applications modifications and therefore, any proposed changes made by our team
would introduce extended delays and therefore careful consideration was needed to minimize
the impact on the team's go-live date for the integrated Clubcard/Credit Card.
OUTCOME
We managed to identify a series of issues with the proposed architecture that could
lead to potential malicious adversaries compromising the mobile app, should a particularl attack
vectors be carried out. This resulted in our team working closely with the solution architects and
developers to remediate our findings, such as leveraging native iOS and Kotlin libraries rather
than using custom-built solutions for performing cryptographic and secrets management. We
also reviewed the interaction between the mobile app and the backend infrastructure owned and
managed by Tesco Banking and identified some issues around authentication of the app's
microservices and addressed this by the introduction of introducing authentication methods for
all calls made between the mobile app and backend IT Infrastructure.
NAVIGATION
Not sure if you found what you were looking for? Why not ping us an email or follow us on social media to contact us?
