Build38 Closes an Exceptional 2019, Exhibits at RSA Conference and Continues its Commercial Expansion

MUNICHMarch 2, 2020 /PRNewswire/ -- Build38, the global provider of Mobile Application Security made in Germany, closes 2019 at a new high with a total order intake in the single-digit million Euros. As the first full financial year for the company, this gives an encouraging message that its solutions and services are finding the way to market. With existing commercial references in Automotive, Financial Industry, Mobility, and Digital Identity, 2020 is going to be the year for the scaling in those verticals and further growth.

To continue supporting that commercial expansion, Build38 was present as an exhibitor at the RSA Conference in San Francisco, taking place on the last week of February. For almost 30 years, RSA Conference has been a driving force behind the world's cybersecurity agenda. The central point where people from around the world gather to share, learn and grow. Build38 welcomed current, and future, customers, partners, and investors at its booth and had breakthrough discussions and showcased beyond the cutting edge in-App protection capabilities, its Mobile Threat Detection and Analytics latest developments.

The young company was also featured in Europe last week as one of the 12 startup companies selected for the semi-final for the 4YFN Award competition.

As part of the commercial expansion, Build38 has signed agreements for the provision of their solutions and services with several partners, including markets like GermanySpainBulgariaAustriaPhilippinesSingapore and Taiwan. Adding to the existing agreements, the reach of Build38 grows steadily.

About Build38

Build38 is a global provider of mobile application protection solutions. Its Trusted Application Kit (T.A.K) solution combines AI-platform and strongest app shielding technology which protects B2B and B2C mobile channels from fraud and reduces your compliance risk exposure. It also enables new use cases and opens the market for new digital business models. Build38 protects applications across various industries including automotive, financial, public transport and health care. Build38 is headquartered in Munich with global offices in Barcelona and Singapore.

For further information about Build38 visit www.build38.com


Build38 selected for the 4YFN Awards competition at Mobile World Congress

Build38 is extremely honored to have been selected together with 12 other innovative young companies to compete for the 4YFN (4 Years From Now) Award. The Award, a highlight event that is part of the Mobile World Congress and Mobile World Capital Barcelona activities.

At Mobile World Congress, the largest mobile event in the world that brings together the latest innovations and leading-edge technology alongside today’s most influential visionaries, Build38 will have a prominent showcase. Combining the presence at the State of Bavaria Pavilion in Fira Gran Via with a booth and the participation as one of the 12 innovative young companies selected at the MWC startup event, the 4YFN Award competition. The semi-finals will take place on the 24th of February and the Final on the 26th, both at the Fira Montjuïc Exhibition Hall in Barcelona.

The Build38 team is excited to deliver a memorable pitch and show how Apps can enable service providers to have additional revenue through new use-cases and reduce fraud in the mobile channel.


An Interview with Pedro Hernandez, APAC Managing Director and co-founder of Build38

This interview was published on the ICE71 Blog as part of their founder series of members of their Scale Program. It can be accessed here.

We recently caught up with Pedro Hernandez, APAC Managing Director and co-founder of Build38, an ICE71 Scale startup. Pedro shared about the story behind Build38 as well as his thoughts on mobile app security and the digital wallet space.

What inspired you to start Build38, and what’s your role in it?
The mobile experience has become part and parcel in everything we do. Just think about actions and habits such as accessing your bank account, opening your car door, and saving your personal photos in your phone. These conveniences require access to personal and private data.

Inadvertently, these data may include those of our family. My co-founders at Build38 and I realised this earlier on, especially when we are all dads with kids (daughters, to be exact). My daughter was born in Singapore two years before the founding of the company in 2018. When you enter parenthood, protection and safety of your private and family lives become a concern. That naturally led us to focus in the protection of mobile applications to safeguard our online data—and our daughters’!

I have been working in the Mobile Security space for many years, from SIM Cards to Mobile Payment solutions in Europe and Asia Pacific, so it was a smooth transition for me. Currently, I’m taking care of the business in the Asia Pacific region for Build38.

How did the name “Build38” come about?
“Build” is there because our solution is used to build secure and relevant mobile apps and services. “3” is the number of locations where we have footprints—Munich, our HQ; Barcelona, the main development and operations centre; and Singapore, our Asia Pacific hub. “8” is the number of employees when we first started the company. Interestingly, in Chinese numerology, 3 sounds like “life” and 8 typically means “to prosper”. So you could say that our name means “build a life of prosperity”—a pretty good sign!

There are many mobile security solutions in the market. How does Build38 differentiate its product called “TAK”?
The Trusted Application Kit (TAK), is a combination of client and server protection which is unparalleled in the market. On the client side, TAK provides “hardening” of a mobile app, and for this purpose it has met very stringent security requirements. It’s been used in the financial, automotive and digital identity industries. With TAK, we combine the increase in app security (app hardening) with a monitoring service of the app. This service provides real-time data and AI-powered insights for our customers, keeping their apps secure and preventing breaches and fraud. These secured apps become “self-defending”.

Share with us an interesting client use case or two.
Our solution was originally conceived to protect mobile payments, but ended up in a very diverse number of use-cases. For instance, in China, one of the largest carmakers is using our solution to protect the mobile app they provide their customers to open a car and remotely start its engine. It was critical for the app to work even in an underground parking space without network coverage. That was a challenge from security perspective, and that was what we achieved.

In Germany, you can purchase subway tickets from your mobile phone. This convenience created a side problem—users started creating “clones” of the tickets and shared them with their friends and family, so a season ticket can be used by several people. The transit operator had to suspend this way of buying tickets! Our solution prevented ticket cloning, reducing such a fraud. We pride ourselves in protecting the bottom line of our customers in reducing fraud. Because app protection enables business where none was conducted before, we ultimately help our customers increase their revenues.

We’ve been hearing a lot of news around the digital wallet space in Singapore recently. For example, Grab recently launched Asia’s first numberless card with Mastercard. Local banks such as DBS and OCBC are also rolling out efforts for customers to use Google Pay without a credit card from 2020. What are your thoughts about this?
These developments make our lives exciting and are the reason behind our presence in this region from day one. Europe is a homogeneous and legacy-type market in payment infrastructure. On this side of the world, though, we see innovative markets exerting a big influence in introducing new ways of payment and money remittance.

Singapore is at the forefront and has become a test bed for many of these new payment methods, so we see associated security challenges emerging. You probably read in the news how some ride hailing apps were hacked in order to give some drivers an advantage in the acceptance of rides. User verification and tracking has become a challenge too, and we do see some interesting approaches here. With our solution, these challenges can be addressed, and we are pretty thrilled that we are already in discussions with many of the market players. We find lessons learned here useful as we can bring them back to other markets and be at the leading edge.

Cybersecurity is the protection of any computerised system from any compromise that would have a negative effect (trust, financial, personal) in the physical world. – Pedro Hernandez


Build38 exhibiting at the Singapore Fintech Festival & SWITCH

We are very excited to share that we will be present at the Singapore FinTech Festival & SWITCH. As one of the startups selected by the Catalonia Trade and Investment agency, we will be at the Catalonia International Pavilion of the SFF x SWITCH. Come and visit us, enjoy some souther european hospitality and learn interesting facts, like that Build38 largest workforce chunk is based in Barcelona, a vibrant and innovative city that has become a key place for entrepreneurship in Europe and globally. Meet our Asia Pacific Managing Director, Pedro Hernandez, and talk to our Head of Product Architecture, Marc Obrador, for the latest insights on Mobile App Security and Fraud Management.

The Singapore FinTech Festival & SWITCH exhibition will be held between the 11th and 13th of November at the Singapore Expo (Hall 1 to 6), 1 Expo Drive. Singapore 486150. Opening times are 10am to 6pm.


Build38 selected for the Scale Programme of ICE71

Build38 is proud to announce that it has been selected to be part of the Scale Programme of ICE71, the leading Cyber Security Accelerator in Asia-Pacific. ICE71 founding partners are Innov8, the Singtel group corporate Venture Capital unit, and NUS Enterprise, the entrepreneurship arm of the National University of Singapore.

As part of the programme, the Singapore team of Build38 will take residency at the accelerator and able to benefit and contribute to the thriving Cyber Security ecosystem of Singapore and the region. Due to the unparalleled activities and initiatives of ICE71, Pedro Hernandez, Managing Director of Asia-Pacific and Co-Founder of Build38 stated: "We are extremely honoured and happy to be part of ICE71. Singapore, as the most competitive economy in the world and a reference in the Asia-Pacific region, it's a strategic location and ICE71 is the place to be for Build38 as a Cyber Security Start-up with plans to extend our footprint in the region".

ICE71 is located at 71 Ayer Rajah Crescent, the core of the one-north Science, Research and Innovation district of Singapore, hence exposing the Cyber Security ecosystem to multiple disciplines and forging new connections. Now the Asia-Pacific team of Build38 will be benefiting from that exposure too.

 


Lessons from Japan: Preventing Account Takeover through App Security

Recently, it has appeared on the news that one of the largest convenience store chains in Japan, that uses a mobile wallet in order to perform payments associated to a credit card, has suffered an attack that ended up in the total loss of 55 Million Yen by almost 1,000 users. Based on public information, it is believed the attack was based on an account takeover scheme. The attacker started a password recovery process that ended up in sending an email with a password reset link.

Apparently, the process was implemented in a way that the user had the option to send the reset link to an alternative email address than the one that was originally used to sign for the account. This is a very strange practice as generally when resetting your password you use some element as the original root-of-trust (the original email address) but in this case it seems that they were using some very basic information like birth date as the root-of-trust.

Even if there is no evidence that the Mobile App was compromised and if additional countermeasures would have prevented the attack, the question here is: Can we design a password reset mechanism that can overcome the flaws of current methods? Beside this particular news, we have heard of many cases of account takeovers by attackers using SIM Card replacement mechanisms, where the Service Provider has to rely on the Mobile Network Operator / Carrier of the user to do the right verification before providing a SIM Card replacement.

Solving the issue: What if the Service Provider didn’t have to rely on third parties for that?

That brings us to an improved flow for the password recovery mechanism. Imagine you have a Mobile Wallet that you use to make purchases and you have a Mobile App in your phone, protected by some kind of user verification, e.g. Fingerprint or FaceID. One day, you want to access your account from a website. Or you are asked to login again and you forgot your account password. In a current scenario, the user would request a password reset and a link would be sent to their Email that once clicked would be used to set a new password. An alternative would be an SMS to their phone number with the link or a code for the password reset.

In the improved scenario, the Mobile App on the phone is strongly linked to it. This means that it can’t be copied to a different phone, the keys stored can’t be compromised or the communication sniffed. We also don’t have any need to rely on an SMS, whose phone number may have been compromised by poor carrier KYC mechanisms to get a SIM Replacement, or Emails that may be have compromised in multiple ways. This would work as follows: I want to login through the website but I can’t remember my password. I click on recover password. The user is asked through the website to open their app on the phone, do user verification, e.g. Fingerprint, and once is verified the possibility to define a new password is shown on the website. In the case of someone trying to take over the account, once they request the reset password link they will not get through as the real user is not going to open the app and accept the reset of the account.

Actually, such a flow would go in the direction of the Payments Japan Association guidelines that "requires the operators of mobile payment services to confirm the linkage between the devices of users and apps downloaded on them to prevent unauthorized access."

In the case that the user forgets the password and loses access to their phone at the same time, a specific “Red” path for the user verification shall be established. The good thing is that in this scenario, if an attacker is pretending to have lost their phone and forgot the password of the user, the actual user could be alerted of this happening though a warning to the App on the legit mobile device, being able to inform the Service Provider that they have not initiated such a process and alerting the Service Provider that an attack is happening.

Thus, using a strong device binding and a hardened app we can solve many of the risks associated with online account takeovers. Build38, through its family of technologies under the Trusted Application Kit (T.A.K) is able to make Service Providers independent of security processes of others, e.g. Mobile Network Operators / Carriers, Email and ISP providers. Contact us to learn more about Build38 and how we can help you transform your Mobile Security!

#buildonBuild38

 

Image by TheDigitalWay from Pixabay


Speakers at Cybersecurity Thailand, organised by ETDA, RSA Conference and CyberTech

Build38 was present at the Cybersecurity Thailand conference organised by ETDA, RSA Conference and CyberTech. We were invited to be speakers as part of the Start-up showcase in front of an auditory of 300+ people. Great feedback was received about the innovative showcase that Build38 brings to the table of Service Providers, e.g. Banks, Automakers, Transit operators, that want to go with a Mobile First approach.

Pedro Hernandez was part of the delegation and responsible to deliver the speech during the second day of the event that was profusely reported in Thai media. Many valuable leads and connections were established that will help bring our #buildonBuild38 motto to Thailand!

 


Speakers at the European Cyber Security Organisation event in Madrid, Spain

Dr. Christian Schläger was invited, as CEO of Build38, to be a speaker at the latest networking event between Cyber Security Start-ups and ecosystem leaders organised by the European Cyber Security Organisation, ECSO, with the support of the National Cyber Security Institute of Spain, INCIBE. The event took place last Tuesday 14th of May, at the venue of the Secretary of State for Digital Advancement in Madrid with a packed auditorium and back-to-back private discussions with selected partners. Build38 showcased the progress done so far and excited the attendees with the next steps and potential from the business side. Gracias Madrid and see you soon! #buildonBuild38

Talk to an Expert and Get T.A.K


XPeng Motors using CyWall from Build38 to secure its Digital Car Key solution

CyWall, the Mobile Application Security solution from Build38 for the Chinese market, is part of the Digital Car Key solution provided to XPeng Motors in China by the Digital Security Solutions provider Giesecke+Devrient Mobile Security. CyWall provides a key aspect of the solution as it allows the mobile app used to interact with the vehicle to be running securely on virtually any smartphone, be it Android or iOS. Combined with the physical Secure Element sitting on the car and the back-end as the Key Management System, the solution is meeting all the security requirements of the most innovative car manufacturers and continues establishing the solution as the gold standard in the China Market for Digital Card Key.

CyWall is use-case agnostic and can be applied to multiple verticals, from Auto-makers to Health-care providers, going through Financial Services, Transportation and Transit… any Solution that has a mobile application as the end-point for the consumer can benefit from the security and insights provided by it. #buildonBuild38 and supercharge your solution offering!

Talk to an Expert and Get CyWall / T.A.K