
Papara Customer
Story
Instantly Reduce
Fraud
.webp)
As the first non-bank to issue a MasterCard logo prepaid card in Turkey, Papara hit the ground running upon launch in 2016 and is now a MasterCard, Visa and Interbank Card Center member. Millions of users take advantage of Papara’s services each day and the company has quickly become a significant player in the Turkish financial services scene.
It has been a driving principle within Papara that the financial services we offer should be available to everyone, in an easily adoptable form, with the convenience that customers expect from mobile apps. However, as we quickly discovered, this has significant implications for platform security.
'- Emre Kenci, CTO, Papara'

The Challenge
How Approov Mobile App Protection Helped
Equivalent to the way it used Google’s ReCaptcha services to protect its web channel, Papara wanted to ensure that only its mobile apps could access its backend services. If such a solution could be found, fraudulent automated traffic could be blocked while maintaining a frictionless experience for legitimate customers.
Since Approov verifies that a genuine and unmodified instance of the mobile app is present when each API request is made, it prevents scripts and bots which spoof mobile app traffic from accessing the Papara API. Approov enables blocking illegitimate API requests that did not originate from the official app.
Integrating Approov into Papara’s Android and iOS apps took seven days after which the apps were released to app stores and downloaded by customers. The Approov token check was monitored but not switched on for another 21 days. Once the testing phase was complete, any API requests with no Approov tokens or with invalid tokens were blocked. Instantaneously, all phishing activities stopped and the vast majority of automated onboarding and transfers stopped, resulting in a dramatic drop in operating costs.
Emre sums up his experience:
We are very happy with Approov. It works well and matches exactly to the use cases we were initially concerned about. Blocking so much fraudulent traffic from scripts and automators significantly lifts the pressure on Papara's systems as well as on our finances. We have also found the Approov team to be very flexible and proactive with respect to managing our service.
Read on


What is 'Bank-Grade Security' and is it Enough?
"Bank-grade security" is a term often used to describe a high level of security measures...

Approov and Fintech Scotland Partner to Boost AI Security in Fintech
In a groundbreaking move for the fintech industry, Approov Limited, a leading provider of advanced...

Why the OWASP Mobile Application Security Project is Critical
The OWASP MAS project continues to lead the way in mobile application security. This article...

Empowering Mobile Payments: Approov's Security and PCI MPoC Mastery
In the ever-evolving landscape of mobile applications, especially those dealing with sensitive...

Vulnerabilities in Fintech Mobile Apps
Mobile applications play an increasingly important role in our lives -- and the current global...

Understanding the Security of Mobile Apps in Africa
CyLab-Africa researchers partner with mobile security provider for summer collaboration experience
...

How Does Your App Rate Against the 2024 OWASP Mobile Top Ten Risks?
In case you didn't notice, the OWASP Mobile Top 10 List was just updated, for the first time since...

Approov Publishes Carnegie-Mellon University CyLab-Africa Report on Mobile App Security in Africa
This is a Guest Blog written by the CyLab-Africa team : Theoneste Byagutangaza, Lena Chacha, Trevor...
Request a Demo
Give us 30 minutes and our security experts will show you how to protect your revenue and business data by deploying Approov to secure your mobile apps and your.
Get a Trial
Approov offers a complimentary 30 day trial (no credit card necessary) to give you immediate and valuable insight into the security risks of your mobile apps and the devices they run on.