V-Key

V-Key

V-Key

Is Your Mobile App APRA CPS 234 Ready?

APRA's CPS 234 extends your information security obligations to every channel your customers use including mobile. Download V-Key's compliance guide to see exactly how our solutions map to each requirement.

Full CPS 234 guideline-to-solution mapping

Covers all 5 APRA requirement categories

Applicable to banks, insurers, and super funds

Certified: Common Criteria EAL3+ & FIPS 140-2 Validated

CC EAL3+
FIPS 140-2
SOC 2
ISO 27001
OWASP
APRA CPS 234
Download V-Key APRA Compliance Guide

What is APRA CPS 234?

Effective since 1 July 2019, APRA Prudential Standard CPS 234 requires every regulated entity to maintain an information security capability commensurate with the size and threats they face across every channel, including mobile. It's not optional, and it's not just a network-security checkbox. CPS 234 explicitly covers the controls, identity assurance, and incident detection your institution applies to the apps your customers use every day.
Product Suites
5

Core Requirement Categories

Capability, policy, controls, incident management, and testing — each with specific mobile implications.

10 days

APRA Notification Window

Capability, policy, controls, incident management, and testing — each with specific mobile implications.

Annual

Testing Expectation

APRA expects systematic testing of key controls - more frequently for untrusted environments like mobile.

What's Inside

What the Guide Covers

A practical reference for CISOs, compliance teams, and digital banking leaders evaluating mobile security controls under APRA CPS 234.
Info Security Capability & Policy Framework

How V-OS Mobile App Protection, V-OS App Shield, V-OS Virtual Secure Element, and V-Key ID address threat management, security operations, and your policy framework obligations.

Implementation of Controls

Full MFA coverage — biometric device binding, strong authentication, secure provisioning, tamper-proof app protection, and cryptographic controls mapped to specific V-Key products.

Incident Management & Testing

How V-Key detects threats, supports forensic investigation, responds to malware and credential compromise, and meets APRA's annual testing expectations. SOC 2 certified.

Compliance Starts on the Device

Most institutions have network and perimeter security covered. The unprotected frontier is the mobile app — where customers authenticate, transact, and are increasingly targeted.
74%

Fraud via Mobile

Majority of scams now originate or execute on mobile devices<

$3.1B

Overlay Attacks

Screen overlay attacks mimicking banking UIs have tripled

74%

Annual Scam Losses

ACCC-reported losses across Australia each year

5

Standards Required

OWASP, FIPS 140-2, CC EAL3+, SOC 2, ISO 27001

Product Suites

Ready to Talk APRA Compliance?

Speak directly with our Australian team about your specific obligations.