Cyber security for an Open Banking technology provider
By Robert Gridley,
Basic
Safety first – a strategic approach to cyber security for an Open Banking technology provider
As a software development company for Open Banking cyber security is critical for us and our customers. Therefore, a strategic approach is mandatory to achieve the right maturity level. The first step is to organize a security strategy that prioritizes cybersecurity as a company imperative. The required steps are:
Get your documentation and policies straight.
Review your IT and IT Security processes and complement if required.
Get management support and commitment!
Implement an overall IT Security strategy that complies with the company’s IT strategy.
Having an operational risk management is mandatory.
Establish a regularly Management report based on agreed KPIs/RKIs.
Implement and practice your Security Incident Response Plan.
Creating a risk management and vulnerability framework is as well essential as getting the C-Level leadership and employees on board. Therefore, the ISO 27001/22301 is used as a security foundation framework by ndgit:
Sections covered by the ISO 27001:
Risk Management
Security Policy
Organization of Information Security
Asset Management
Human Resources Security
Physical and environmental Security
Communications & Operations Management
Access Management
Information Systems acquisitions, Development and Maintenance
Business Continuity Management
Compliance
Information Security Incident Management
To display and document the Information Security strategy approach an ISMS (Information Security Management System) is used to manage security challenges.
An incident mitigation and incident response plan matched with a Business Continuity Plan is the next important step to ensure security resilience and availability. Identifying the company used assets, e.g., data (at rest or in motion), network (Firewalls, Routers, Switches and Wi-Fi), Devices (Laptop, PC, mobile) and facilities is another important step to achieve a higher maturate level. Knowing your infrastructure and data helps you to identify top cyber threats related to your company. Analyzing the attack vectors like Malware (Ransomware), Social Engineering (Phishing), Insider Threats and DDoS Attacks helps to identify the risks and evolving challenges. Such challenges are varying from company to company. As a software development and technology driven company a transition to Cloud, Hybrid or on premises can be challenging for a company.
These are not only customer driven requirements, but also a strategic security decision. What does this mean? It is essential to have an endpoint protection strategy combined with an appropriate SIEM solution. Do not underestimate the recent attacks combined with machine intelligence or artificial intelligence against software deployments from ATP Groups, e.g. supply chain (Solarwinds, Kaseya) or ransomware attacks (Colonial Pipeline).
Having a good Risk Management, reasonable security controls and a Business Continuity Management (BCM) in place helps a company to reach a good maturity level. Of course, the support of senior management is vital as well as the cooperation of all involved departments and teams.
Launched 14th of September 2019, the European Second Payment Service Directive (PSD2) has now been in place for more than three years. Time for ndgit to have a look at the statistics, insights and outlooks of its PSD2 solution with the usage from Europe’s major banks in 36 productive instances and eight countries in EU […]
According to analysts, we may expect a continued strong growth for the open banking market. Thus, the global open banking market size will reach $135.17b by 2030, meaning a CAGR of 26.9%. Drivers of the expansion are the rise of open APIs, an increased adoption of innovative applications and services and the favorable government legislation. […]
One of the major trends of digitization is the reshaping of value chains with a focus on the perspective of the digital customer. Within this process, many companies concluded that financial services are an elementary add-on to their products, as they are related to most buying processes. This led to a booming market of Embedded […]
The largest European online car market, AutoScout24, enters the B2B business. With the purchase of AUTOproff, the leading European B2B marketplace for car dealers, Autoscout24 gains access to more than 43,000 dealers across Europe and opens up a completely new business area. More than 20,000 registered car dealers can buy and sell vehicles in real […]
Next level embedded finance platforms: From regulatory-driven to market-driven Open Banking infrastructure The introduction of PSD2 has put pressure on banks to implement the Payment Service Provider Directive by the deadline of early 2018. The result was a boom for service providers specialising in the management of PSD2-relevant interfaces (APIs). Ndgit thus made it into […]
Open Banking 2022: Trends in Business and Technology* (*Webinars only available in German) In 2021, the digitization of the banking world will accelerate significantly once again. In our webinars, we want to show what opportunities banks have to leverage this development for their business: both in the form of more efficient technological solutions and through […]
Working with an external PSD2 API solution provider can have various benefits: reducing costs and risks on the one hand and opening new business opportunities through enabling new business models or external service offerings by TPPs on the other hand...
ndgit announced today that the leading provider of market research and analysis on information technology, Forrester Research, has included ndgit among the nine providers that matter most in their report, „The Forrester New Wave™: Open Banking Intermediaries, Q1 2021“.
The International Organization for Standardization (ISO) has issued two certificates to ndgit in recognition of the company’s achievements in the fields of information security management and business continuity management.
In 2021, the digitization of the banking world will accelerate significantly once again. In our webinars, we want to show what opportunities banks have to leverage this development for their business.
The second EU Payment Services Directive PSD2 has been fully in force for a good year. Time for ndgit, one of the pioneers in PSD2 compliance, to look back and forward.
Banks need to open up their backend systems and connect with third-party providers. Roger Wisler, Business Manager Switzerland at ndgit, reflects in a blog post about the core aspects of opening up banks as well as on the latest developments in Switzerland.
ndgit has been awarded as winner in the category "Best Banking Platform Germany 2020" at the International Business Magazine Awards. The aim of the award series is to recognize the best achievements of emerging companies in the international business and finance industry.
Over the past 18 months, one topic or acronym has been the main concern of the banking industry: PSD2 or tendered Payment Service Directive II. Driven by legal requirements, banks had to develop strategies and solutions to open their systems to third party providers [...]
Take a look at the ndgit API Platform version 2.0, now in a brand new design with enhanced functionality in the areas of team and stakeholder management, documentation and developer support.
Guest article - By Oliver Bohl and Birgit Spors, Advanced
What role does invisibility play for banks – especially in the area of tension of the platform economy? Today, established portals increasingly dominate customer perception. Mediated or integrated services of third parties lose their anchor point in the customers' consciousness. Are these developments a trap for banks or rather an opportunity?
Not all, but many, traditional banks are very busy with themselves. As a result, they’re often too distracted to confront external disruptors. It also means there's little time or consideration for their own disruptive evolution. There are just too many other things to tackle first.
Interesting interview between the Austrian online magazine economy.at and our CEO, Oliver Dlugosch, about Open Banking as a challenge to time-honoured financial institutions, current industry trends and his experience as FinTech entrepreneur.
Nils Elmark discusses the disruption in the banking environment and explains why financial executives must have bigger dreams. "They have to forget the past and leave the old business models behind and instead take the new FinTech and InsurTech tools on an adventure."
Banking disruption forces banks to adapt to new technologies, with voice banking playing an increasingly important role. Voice banking may be the future and will change the financial sector permanently, but it also imposes new requirements on the IT security of banks.
Lending money can be complex and expensive for financial institutions, which face strict compliance and transparency rules (many of which were introduced following the financial crisis over a decade ago). While digitisation could make life easier, its progress is often stalled in operational silos with change viewed by various bank departments as a threat rather than an opportunity.
Kevin Smith is Head of Analytics & AI at Contovista. As a data scientist, Kevin Smith specialises in analysing data using AI methods and extracting actionable insights from it. In this interview, he answers three questions about the opportunities that data-driven banking affords for medium-sized banks.
Currently, everyone is talking about Open Banking. One important thing is the right definition or interpretation of this term. There are some banks that understand Open Banking as purely publishing OpenAPIs so TPPs can access their data. But Open Banking is so much more than this...
Funding partner DVH Ventures recently interviewed ndgit’s founders, Oliver Dlugosch and Florian Pahl, to get a quick snapshot of the business and discover what sparked its creation and success. Here’s what they found out...
In an exclusive interview with Money Today in Switzerland, ndgit’s CEO, Oliver Dlugosch, and Head of Business Development, Franziska Zangl, share their thoughts on PSD2 toolkits, the importance of open banking and the role of Swiss banks.
European banks are increasingly discovering the power of going beyond PSD2 and successfully advancing their open banking projects. Here, Peter Hiekmann, of ndgit, looks at how Middleware and APIs are linking banks and FinTechs to power next generation Platform Banking and accelerate a brave new world of financial services.
PSD2 is a starter drug for many into open banking. PSD2 means implementing a software that follow all PSD2 rules i.e. an out-of-the-box solution from providers like ndgit.
PSD2 and Open Banking have paved the way for banking transformation. But compliance and regulation aside, what else is driving change, how should banks respond and how does this impact their service direction?