There is no financial safety without software security.
Technology providers for Financial Institutions face many challenges: protect sensitive data, build innovative products, comply with numerous regulatory requirements, and integrate with back-end financial systems.
Security Innovation leads the Data Security technical working group of Conexxus, a member-driven organization that builds standards, technologies, and advocacy for the convenience store and petroleum payments market.
We have conducted extensive security research and assessments on the FinTech ecosystem including testing APIs, authorization mechanisms, HSMs, and mission critical applications. We leverage this expertise help clients find critical vulnerabilities in their systems, rollout a secure SDLC, and build secure coding skills to better protect their customers.
OFX Direct Connect Research
A widely-used but little known technology has created a vulnerable “Side Door” to thousands of financial institutions in North America. 80% of banks using OFX (open financial exchange) protocol have weak or no multi-factor authentication support, putting consumers at risk by exposing login credentials.
Security Innovation has assembled several resources for organizations to better understand inherent OFX Direct Connect Risks and devise techniques to mitigate.
- Executive Summary With Mitigation Recommendations
- DefCon Video
- Blog Post
- OFX postern tool (scanner)
This “horizontal” CoE is a collaborate effort between all CoE leads who share information on the various platforms that impact this broad yet critically important vertical.
To understand and research the broad-scale risk in fintech systems, we need to understand threats posed on Desktop, Web, Mobile, Cloud, and IoT systems alike.