Towards the Advancement of Cashless Transaction: A Security Analysis of Electronic Payment Systems

In recent decades, day-to-day lifestyle requires online payments as easy and simple solutions to several financial transactions, which makes the concept of Electronic payment Systems very popular in the growth of a cashless society. In fact, cashless transactions through simple mobile apps are not merely a concept anymore rather are implemented robustly and being used extensively. On the dark side, obvious financial benefits are making these apps vulnerable to being attacked, which can be successful through security breaches. These cybersecurity issues need to be traced out and resolved to make the financial transactions through an app secure and trustworthy. In this paper, several related papers are analyzed to trace out possible cybersecurity issues in the domain of Electronic Transaction System. The objective is to establish sufficient theoretical background to propose methodologies for measuring security issues and also identify the security strength of any FinTech application and provide standard security metrics.


Introduction
The development of internet resources and services is empowered by the extensive progress of mobile phone technology. The technology of the mobile phone, especially the smartphone, makes the conduction of several tasks extremely easy, thy Fintech apps. Hence, the Security Measures (SM) of a financial app is required to be specified. It's important for developers, as well as clients, to be acknowledged the cybersecurity issues of mobile payment applications. This paper addresses the most recent security threats, cyberattacks, and vulnerabilities in using Fintech apps and, for this purpose, reviewed a list of articles from various reliable sources and renowned journals. Several possible recommendations and solutions are figured out to cope with the cybersecurity issues and classified the security parameters.
The entire paper is divided into a total of nine sections for ease of following and understanding, including the current one as the introduction to the paper.
In Section 2, the related articles are reviewed. The fundamental concepts and components are discussed in the 3 rd section. In Sections 4 and 5, the current security issues and most occurring cyberattacks are discussed respectively. In Section 6, the technologies for cybersecurity and security environments are discussed. In Section 7, some security requirements for mobile banking apps are described. Sections 8 and 9 are dedicated to the description of learning outcomes, future works and conclusions.

Previous Works
Cybersecurity concerns are one of the most interesting research fields for experts and researchers nowadays because of their prominent necessity. However, a proper subset, the cybersecurity aspects for the Fintech apps, is creating more interest among the experts because of being the first-choice targets of the cyber attackers. One fact can be mentionable to understand the total contribution workload in this sub-field: the cyber attackers do not consider the cyberattacks as attacks but rather an investment of time and money for some financial benefit [10]. A deep study of hands-on works, studies and papers that are closely related to the scope of this paper is provided. It is divided into three sub-sections to discuss the related works according to the related sub-domain.

E-Wallets and Mobile Payment System
Wodo et al. elucidated salient elements of the security system on electronic and mobile banking, covering the technical areas as well as areas related to user awareness and consciousness. Burning issues and solutions like reliable password patterns, proper system software maintenance, secure network selection, biometrics solutions, sandbox mechanism against forceful transactions, two-factor authentication, two-level implementation of security: for non-operational and operational activities, vulnerabilities of SMS codes, phishing based social engineering attacks and preventions are discussed in detail. Numerous authentication mechanisms, legislative improvements, and protection against unauthorized access and theft of data are proposed [11].
Bosamia et al. proposed a threat model with all its integral parts discussed in depth considering possible threats on principle components of mobile applica-tions specific to E-wallets. Also, a comparative analysis of the used technologies and interfaces in numerous E-wallet applications is provided [12]. Bhatnagar et al. analyzed the data security issues of mobile banking applications in the context of Inter-Process Communication (IPC), Inter-Component Communication (ICC), and an Application Programming Interface (API) in the android operating system. A research methodology is provided to investigate the activities of the intents (messaging objects used in IPC or ICC) with fuzzing techniques to find out possible data leaks considering the Mobile Application Security Vetting Standard (MASVS) of OWASP as standard. Fuzzing techniques of Mutation and Generation which are provided by various tools with the enhanced facilities to be customized are applied. Security weaknesses relating to architecture, data leaks, malevolent intent activities, and unhandled and inappropriately handled exceptions were found as the result of the methodology [ Various parameters of mobile payment systems are exposed where socioeconomic circumstances, diffusion of mobile phones, cost-efficiency, convenience, security issues, underdeveloped ecosystem, restrictions, and collaboration are considered. The mobile payment system with its key attributes is described where authentication, confidentiality, access control, integrity, availability, and non-repudiation is focused. The encryption technology of mobile payment systems involves symmetric key encryption, where an identical key is employed to encrypt and public-key encryption, where two distinct keys (public, private) are used. Several types of cyber attacks on mobile payment systems are stipulated specifically, obtaining the PIN of the user, brute force attacks of PIN, attacking MMS traffic and server, etc. [15].

Mobile Application and Computing Context
Botas et al. proposed a three-phased methodology to inspect mobile applications in order to discover and analyze cybersecurity issues like malevolent behaviors, possible vulnerabilities, coding level issues, faulty designs that can be subjected to detrimental, etc. The first phase is composed of analyzing components from reverse engineering in depth and investigating information gatherings by the application. The second one consisted of analysis of the activities during the running of the application like handling and accessing of data and files including sensitive ones, the behavior of networks, and the execution of the source codes, etc. The last one consists of the analysis of modules that were subjected to be changed during the running of the applications like internal database, downloaded files, and internal storage of credentials: keychain, cookies, logs of execution files, etc. However, the methodology depends on some analysis blocks consisting of the top ten risks in the Open Web Application Security Project (OWASP, 2014) [16].
Sarker et al. proposed a general-purpose multi-layered framework implementing advanced machine learning techniques to develop automated and intelligent cybersecurity systems where heterogeneous security data were analyzed.
In fact, cybersecurity modeling is proposed to be developed based on machine learning with security big data analytics. Basically, in this paper, cybersecurity data science is discussed to reveal how intelligent and actionable the computing process can be to ensure cybersecurity [17].
In another paper, Sarker et al. exposed cybersecurity intelligence, automated and, at the same time, smart modeling to manage cybersecurity issues in an intelligent manner where various artificial intelligence (AI) approaches like machine learning (ML) enhanced by deep learning, natural language processing (NLP), knowledge representation and reasoning (KRR), rule-based expert systems (RBES) are implemented. Malware detection and analysis, malevolent behavior detection, phishing attack identification, malicious code detection, etc., can be carried out with this modeling based on AI. In fact, cybersecurity analysis driven by AI is the main focus of this paper [18].

Techniques and Mechanism
Asher et al. proposed a methodology to analyze reverse engineering tools on the applications specific to mobile banking from the systematically collected and sorted dataset. Shrewd enough research questions were defined and answered considering the criteria of time complexity, generation of errors, and the number of resulting files. Observations of the analysis can be listed: a time-consuming procedural creation of decompiled APK files in an obfuscated form, filing the error details in text format, and creation of many files from one APK file. However, the outcomes were not identical for different tools. It is worth to be mentioned that comprehensive reverse engineering was not under the capability of a single tool [19].
The literature reviewed in this section conforms to the specified subject and is important enough to be mentioned before going to the next sections. However, the first sub-section is the most-close of the Fintech apps, but the later ones are also explained as they are important as well.

Key Concepts and Technologies
Diving deep into the cybersecurity aspects requires adequate knowledge about the technological and conceptual components that are related to the specified domain. This section serves that purpose. Multidisciplinary aspects with emphasis on technical terms are considered.

E-Wallet/Digital Wallet
An E-wallet can be introduced as a tool, software application, or program that collects identity authenticity information with the information of financial cards or bank accounts and offers real-time services to perform specified financial possible by E-wallet which is creating a significant possibility for the elimination of physical wallets [21]. Some E-wallets provide facilities for putting amounts equal to cash of a certain limit in accounts that can be done from their respective easily available agents for cashless transactions [24] [25] [26]. Nowadays, several E-wallets are in massive use in international as well as national domains due to being adaptive, easy to use, convenient, fast and secure [23]. There are a few terms and concepts sorely related to the concept of E-wallet are also introduced.

Cashless Transactions
Cashless transactions can be defined as such financial transactions among the respective parties where banknotes or coins are transacted as digital information or digital currency or in the form of electrical representation of cash instead of the physical form. As a payment method, digital payment via transacting digital agreed-upon entities is prioritized over cash payment in cashless transactions [27]. In fact, it's a solution to payments without physical cash, an entry to the future cashless economy where goods and services are available in exchange for electronic payments [28]. Although the term cashless transaction was coined years before the term E-wallet, it is being promoted by E-wallet and is being used as a strong medium these days.

Payment Cards
Payment cards are financial cards that authorize the card possessor with the right to access as well as performing transactional operations of electronic funds and allowing ATMs access, fastened with financial accounts like bank accounts, credit accounts, etc. Financial institutions issue payment cards including ATM cards, credit cards, debit cards, charged cards, gift cards, prepaid cards, etc. [29].

Mobile Banking
The concept of mobile banking or m-banking is a blessing of mobile technologies as well as mobile internet in the financial sector, which can be presented as an implementation of mobile commerce authorized by financial institutions like banks to carry out financial operations or transactions, avoiding direct interactions with banks even ATMs [31] [32] [33] [34]. Remote payments, money transfers, Management of financial accounts like bank accounts, participation in the stock market by buying and selling stocks and so on could be the available financial services [33]. These services can be relished by permission through dedicated mobile banking applications, short message services (SMS), mobile calls, etc., using devices like Personal Digital Assistants (PDA), smartphones and even basic mobile phones for accessing banking networks [31] [34].

E-Banking
E-banking can be defined as a process where a client can interconnect digitally with a bank using a computer, laptop or a kiosk to perform several financial or banking activities without any human intervention [31] [35]. These activities include transactions of funds, ordering new cheque books, online payments of bills, requesting bank statements, investing in the stock market and management of account savings and fixed deposits, paying insurance installments, etc. There are similar suitable phrases namely, Online Banking, Electronic Banking, Internet banking, etc. that are used in the same sense [35].

Digital Currency
Digital currency, also called e-cash, can be defined as a format of currency that is digital and that is equivalent in amount to fiat currency for any financial transaction. The central authorizer of a physical currency is also the authorizer of the equivalent digital currency and has control over the monetary value [36] [37]. In E-wallet or Mobile banking-based applications or software and in ATMs, it is used as currency for various financial operations instead of physical cash. There is another type of currency named cryptocurrency, which is sometimes considered a digital currency and is beyond the discussion of this paper.
The entire system of electronic payment system and the functionality of the Fintech apps can be illustrated with the concepts of these fundamental components. Also, this discussion creates a strong base for further deep invasion.

Security Issues
In recent years, the considerable recognized payment technique in equally rising economies and current society, the mobile payment application or e-wallet, has Journal of Computer and Communications been significantly famous. As a result, the cyber security issues of mobile payment applications to defend the cyber-threats are a major apprehension of the software developer and user. A group of technologies and methods schemed to defend computers, software, networks, and data from being impaired by various types of cyberattacks or unauthorized entrance are comprehended as Cybersecurity [17]. On the other side, a malevolent and premeditated endeavor by a person or system to access forcefully the information of any computerized process of another person or system is termed a cyberattack. Typically, some sort of advantage by hampering the privacy of the sufferer's information using the unauthorized entry is aimed by the attacker [38].
Open Web Application software (OWASP) is a Foundation that updates the security metrics for web application developers as well as e-payment system developers [39]. We have addressed the OWASP identified critical security issues in Figure 1, along with some more unavoidable threats in Table 1.
A mobile payment application must include the objectives-Authentication, Integrity, Availability, Confidentiality and Accountability to assure cybersecurity [14]. A mobile payment application or e-wallet becomes vulnerable when several types of cyberattacks are committed against these main objectives. The security of a system, person, susceptible data, or network is engendered by different kinds of cybersecurity affairs, which are demonstrated in Table 1. [17] [40]- [52]. Security issues are most vulnerable to attacks, which is represented in brief in Table 1 below. The detailed Table A1 is in Annex.

Cyberattacks on Electronic Payment System
The financial benefit is the primary goal of attacking an electronic payment system or application by hackers. The scope of attacks is sectioned into three major   [14]. They are covered considering their explicit importance in cybersecurity.

Attacks on Authentication
Multifarious attacks are consummated on diverse pivotal access information to breach the authentication method of an E-Wallet. Violating the authentication through the brute force attack, which is performed on the password of the E-Wallet [15] [50]. The vulnerable authentications system allows credentials stuffing attacks by an intruder who is well-informed with the details of the legitimate users including the name of the user, password, and so on. Phishing attack, as well as Trojan horse attack, attempts to snatch tactically the personal information of the users like login data, and credit card information. Spoofing attack and also masquerade attack is performed by stealing several types of user data. As a result of these attacks, the authentication becomes a failure by giving unauthorized entrance into the E-wallet. In addition, the absence of multifactor authentication and poor credential recovery system makes the authentication to be way more vulnerable. The attacks and vulnerability for the authentication of an E-Wallet are illustrated in Figure 2.

Attacks on Integrity
Another major care of an Electronic Payment System is Integrity, concerning the immutability of users' information. If the information is entranced and mutated by the attacker, the integrity of the E-Wallet is endangered [15]. In a salami attack, archenemies are authorized to withdraw money through the process of installation of malware into the server [53]. As the insiders are permitted to penetrate the cyber assets of the system, hence an adequate possibility is to be impaired the integrity of data by the malicious insider compared with an exterior invader [54]. In Man in the Middle attack, through eavesdropping on communication, the attacker impersonates an authorized user to mutilate the information or inject fraudulent data for exploiting the transactions in real-time, the transmission of data, and so forth [15] [55]. In consequence, these illegitimate mutations and annihilation of information and also unobserved modifications violate the integrity of an E-Wallet. The attacks and vulnerability to the integrity of an E-Wallet are illustrated in Figure 3.

Attacks on Availability
The deliberate discontinuation of the server of the E-Wallet application by a rival is considered an attack on availability. Distributed denial of service (DDoS) attack is one of the greatest accusations in cyber security. In a DDoS attack, the attacker blocks the permissible traffic by transmitting fraudulent traffic [15]. At once, the DDoS attack can down the server for many hours by hacking together hundreds or thousands of devices. Comparatively, the Denial of service (DoS) is deemed a specific attack on a single device [56]. After a DDoS attack, the services of an authorized user get unavailable. In a mobile theft attack, the SIM card of the stolen mobile is accessed by the attacker. As a consequence, it eventuates the unavailability to access legitimate users into E-Wallet. By tampering with the resources, the modification attack affects on availability of the server. The attacks and vulnerability of the Availability of an E-Wallet are illustrated in Figure 4. The various cyberattacks and various aspects of cyberattacks, including Attacks on Authentication, Attacks on Integrity and Attacks on Availability are illustrated with adequate explanation. These cyber-attacks are needed to be defined to recommend technological tool kits, instruments and systematic procedures and approaches.

Communicating Environment and Technologies
There are a lot of tools, technologies and solutions for communication, payment, authentication and security that are currently being used in Electronic Payment Systems. These are being used to make the features and financial transactions to be performed offered by E-wallets more secure, convenient, and extensive.

Near Field Communication (NFC)
Near Field Communication (NFC) can be defined as a set of standards or protocols of radio transmission that offers opportunities for transmitting or interchanging data in short-range around 0.04 to 0.

Quick Response Code (QR Code)
The Quick Response Code, abbreviated as QR Code, is a two-dimensional symbology code or two-dimensional barcode or simply a matrix barcode that can store particular information which can be retrieved when required with a visual scanning tool or technology [63] [64] [65]. In fact, QR Codes are optical labels similar to barcodes that are machine-readable where information is stored in two dimensions: horizontal and vertical and in the form of square or rectangle black dots, named modules, assembled in a perfectly square or rectangular grid on a background color as white [63] [64] [66]. Compared with a conventional barcode, QR codes are cost-efficient and, being quickly responsive makes them time-efficient as well. The two-dimensional layout makes it scannable from 360 degrees with the facility to decrypted data from any angle [64]. QR codes are being used nowadays to encode and store numerous types of information including contact information, physical address information, phone number, e-mail address, map or geo-location, URL, a particular SMS or text, and access information of a WIFI network, calendar events, etc. [67]. And in the field of E-wallets, since almost all mobiles or smartphones have at least a basic camera that can be used as a QR code scanner and there are huge utilization and future possibilities of QR codes, QR codes are extensively used. However, the practical usage of the QR code reminds the users about the risk and security concerns subjected. The security concerns lie in the dotted code beyond human interpretability with mere eye observation. Bits of codes in a hidden manner can be used to collect user information and malware or phishing attack can be launched with the machine's interpretable code [68]. Fortunately, these limitations can easily be eliminated by proper user consciousness and a well-designed, well-structured, secure-prone and robust QR-code reader [69].

Secure Element (SE)
A secure element can be defined as a component as an internal part or even an integrated circuit of a hardware device that can be used to provide various security services by resisting any tampering attempt. A long enough list can be de-

HCE (Host Card Emulation)
Host Card Emulation is basically an advanced cloud technology that makes use of the cloud server to store, access and manage crucial transactional data, dissimilar to an environment (for example, SE) that performs the data management locally in the device. It avails secure contactless payment to be placed in accordance with the NFC technology [73]. HCE technology can be implemented as one of the two HCE NFC models: pure HCE by simulating SE in the way of communicating to a POS terminal without any intervention of a physical SE and hybrid HCE by being associated with the security features of a real security element [74]. This technology should be adopted where rich resources, high performance, excellent user interface, cost efficiency, and high processing speed are expected at the expense of compromised security compared to the technology of that of the SE [75].
The tools and technologies are the most trending and mostly used in the famous and well-known cybersecurity systems and Fintech apps. Hence, the discussed ones can be considered reliable and trusted enough to be used and to be implemented.

Mobile Banking App Security Requirements
Mobile banking and Fintech app developers must meet the requirements for a secure and trustworthy app. Even financial service organizations want their apps to be protected from fraudulent activities. Developers can follow the security requirements in Figure 5, for mobile banking and Fintech apps in developing an app.

Anti-Reverse Engineering
The application developers perform Anti-Debugging and Anti-Tampering to authorize the applications to defend against malevolent reverse engineering. By linking a debugger, the state and execution of the application can be instructed, and then the code can be tempered by attackers [76]. So, the anti-debugging, Android, and iOS anti-reverse engineering shields to the app must be retained these qualities by this shield-like explication. The app from operating simulators and emulators can be inhibited by ensuring this OneShield solution [77].

Code Obfuscation
Developers can obfuscate the source code of the application to cover up the entire to confine code tampering and reverse engineering [78]. With SDKs and 3 rd party libraries, there needs to be the obfuscation of all the components of non-native and binary code [77]. The identifier renaming, control flow obfuscation, string encryption, and reflection obfuscation are comprised of the techniques of Android code obfuscation [79].

Encryption
In the encryption method, to transform plaintext into ciphertext, the encryption algorithm and key are applied while decryption is the opposite method where the decryption algorithm and key are used to bring back the ciphertext into plaintext [80]. In the two-factor authentication of mobile money, the utmost used cryptographic functions are symmetric, asymmetric encryption function, and hash function [81].

Operating System Security
For the shelter of the operating system against attackers, there need to assure the Figure 5. Mobile banking app security requirements [77]. security to obstruct unauthorized alternation of the operating system. A jailbreak is an advanced attack that dispels the prevention of the iOS software to entrance a device and the file system [82]. On the other hand, for the Android operating system, it is known as rooting the device [82]. In the case of banking and Fintech apps, it's significant to make sure Android root prohibition and iOS jailbreak preclusion.

Secure Communications
In a secure communication mechanism for the network, the data transmissions between the client and server must be protected to defend against unauthorized third-party access. The construction of a protected communication method is mandatory to defend the Man-in-the-Middle (MitM) and further network-arisen threats for any mobile banking and Fintech app. The attacker breaks off and tempers the dispatched data in the Man-in-the-Middle attack, which is extensive in both cyber-physical and computer systems [83]. The invulnerable certificate pinning and bot protection to the apps to additionally shield the connection between the app and the mobile back end is furthermore added by it.

Accessibility Misuse Detection
The accessibility benefits are intended to assist users with incapability or handicap in guiding their machines [84] [85] [86]. As the current securities do not permit applications to rescue the users with demands of accessibility, the robust functionalities of untrustworthy applications are sometimes misapplied for envious objectives, for instance, the thievery of data from additional apps [84] [87].
Any application ensconced on the device with excessively multiple accessibility assistance authorizations must be tracked out. For all Trojans and RATs, this claim escalation is typical [77].

Prevention of Clickjacking
Overlay Attack, also known as Clickjacking against user interfaces forms an enigmatic overlay that thoroughly hides a security-tactful application when the user assumes a nonmalignant overlay is interplayed actually on the underneath; the intentional application is interplayed with the user [88] [89]. There must be endured protective actions to defend against overlay attacks on the user interface. Screen overlays attacks, for instance Anubis, StrandHogg, Cloak&Dagger, Ginp, BankBot, Ghimob, BlackRock, and MazarBot from exhibiting a counterfeit screen on the lid of the app screen should be unrolled and forbore [77].

Prevention of Command Line Debugging Tools
A client-server program like Android Debug Bridge (ADB) acts as a multipurpose command-line tool. With emulator models or linked devices, the users are permitted to transmit data [90]. It enables one in debugging, installing, and troubleshooting Android applications and also supplying Unix shell entrance [90] [91]. For malevolent reverse engineering and debugging of the application, the usage of ADB needs to be stopped.

Prevention of Rooting Interfaces Misuse
The rooting interfaces can be introduced as system-less rooting tools, e.g., Magrisk Manager, Superuser-ChainsDD, Kingoroot etc., that can provide system-level access to mobiles phone without any altering to the core code, for example, rooting, un-rooting etc. [92] [93] [94] [95]. Unfortunately, these interfaces or tools can also be used for fraudulent activities like illegal rooting, tampering with rooting (root hiding, root cloaking etc.) etc. So, suspicious behaviors and activities must be determined and obstructed to protect against any misuse of these interfaces.

Prevention of Development & Engineering Toolkits Misuse
There are several toolkits, e.g., Frida, PyREBox, Radare2 etc., that are generally used as a strong instrument for the developers, security experts, security researchers and reverse-engineering experts to do various development and engineering tasks. However, the ill-intentions of the cyber attackers and cyber criminals can lead to the usage of these toolkits for fraudulent activities by injecting malicious codes, extracting private and sensitive data by reverse-engineering, tampering underlying logic of the apps, altering the behavior of the apps etc.
[96]- [101]. Hence, the suspicious usage of these toolkits needs to be detected and stopped automatically to avoid any kind of cyberattacks. Strong monitoring and regulating of various activities can help for that purpose [102].

Learning Outcome and Future Work
Cashless transaction is a buzzword in today's society and their popularity is increasing day by day. Life becomes easy nowadays with the use of financial technology applications as users can easily do their daily tasks and make transactions with a single finger trip. Within a second, any amount of money transfer is done.
In parallel with this security concern with these Apps is a major issue as financial benefit captivates the intruders to manipulate the app data. In our study in this paper, the most recent potential cyber security threats are identified, which creates a question about the reliability of these Fintech apps. Mobile Emulator makes the OS ambiguous to the sole user and the hackers. Moreover, malware drains the app users' data which is also an issue to be taken a look very carefully.
Hence, Machine learning algorithms are being used in some cases to cope with the evolved malware. This process of defending against cybersecurity threats is a continuing task with the growth of technology.
In this paper, electronic transactions' potential security threats and attacking modes are studied, but there were limitations in studying the vulnerability assessment matrices with any security model. Future work, therefore, will be to build a security model to identify as well as take protective measures against cy-ber security threats of these apps. Moreover, a framework for the detection of some particular cyber-attacks based on machine learning will also be another future task so that an AI-enabled automated security model can come into action.

Conclusions
On the eve of the 5 th Industrial Revolution (IR 5.0), the expansion of the cyberworld is tending to move society to a cashless one where virtual as well as electronic transactions are becoming more and more universally accepted [103] [104] [105]. This ever-growing popularity of electronic transactions leads financial organizations and agents to the tremendous activities of Fintech app development. However, the features and functionalities are making these Fintech apps stupendous facilities and advantages bringer for the clients, but clean targets for cyber attackers and cybercriminals, on the other hand. Hence, there arises the concern of cybersecurity to protect these apps from cyberattacks and to take care of handling the threats and vulnerabilities. This cybersecurity concern is studied, elaborated, described, and analyzed from some pre-defined aspects throughout this whole paper in a precise and concise manner. The former portion of the paper is dedicated to providing the concepts and components that are related to Fintech apps are explained in a neat and clean manner. Also, an abstraction of related research works and studies is provided collectively that can be very helpful to any further research work or implementation. Naturally, there are some explicit and implicit outcomes and contributions of this paper that can be listed: 1) The state-of-the-art cyberattacks, threats, vulnerabilities, cybersecurity issues, and cybersecurity parameters are discovered and analyzed in a concise manner, including Phishing, Malware, DDos attacks, Man in The Middle, Injection, and Zero-Day Attack etc. where the up-to-date real-life instances are considered.
2) Some recommendations are provided on the environments, tools and technologies related to cybersecurity, including NFC, QR-Code, HCE, SE, etc. The reason behind this recommendation is their proven trustworthiness and robustness.
3) Some cybersecurity requirements are recommended for mobile banking apps, a sub-set of Fintech apps. An abridged keyword-based list could be Anti-Reverse Engineering, Code Obfuscation, Encryption, Security of Operating System and Communication, Detection of Accessibility Misuse, etc. Also, prevention of the phenomenon: Clickjacking, Command Line Debugging Tools, Rooting Interface Misuse, Development and Engineering Toolkits misuse, etc. are also appended. These requirements are of multiple layers and aspects of the apps. • Unknown susceptibility of any system which is concerned to manipulate with malevolent actions • Until architects determine the blunders, the exposures could be continued over days or a few months, even years • Without awareness of the security, the software version is released  The zero-day attacks emerged on the File Transfer Appliance (FTA) of Accellion. The confidential data owned by the clients were embezzled through the attacker