SAMA Mobile Banking Security & Cybersecurity Framework
Regulator: SAMA (Saudi Central Bank)
Overview
SAMA's Cybersecurity Framework establishes mandatory controls for mobile banking applications in Saudi Arabia, covering authentication, encryption, fraud prevention, and operational security.
Mobile App Security Requirements
- SAMA CSF compliance for mobile channels
- Arabic and English secure authentication flows
- National cybersecurity standards alignment
- Incident reporting to SAMA within mandated timelines
Fraud Control Requirements
- Real-time fraud detection for mada and SARIE transactions
- Device trust scoring and enrollment
- Biometric authentication with liveness detection
MASVS Governance Mapping
| MASVS Control | Regulatory Requirement |
|---|---|
| MASVS-RESILIENCE-1 | Anti-overlay protection for payment screens |
| MASVS-CODE-2 | Code integrity and anti-tampering controls |
Common Violations
- Missing SAMA-mandated security headers
- Inadequate encryption for locally stored credentials
- Third-party payment SDK vulnerabilities
Recommended Protections
- SAMA CSF control mapping in governance reports
- Continuous APK assessment per release cycle
- GCC-wide regulatory intelligence monitoring
Frequently Asked Questions
What is the SAMA Cybersecurity Framework for mobile?
SAMA CSF mandates cybersecurity controls across people, technology, and processes including specific requirements for mobile banking channel security and fraud prevention.
Assess Your Banking APK
Upload your Android APK for a governance assessment mapped to this framework.