As digital finance continues to grow, protecting consumer information remains paramount for financial service providers and for the financial ecosystem as a whole.
Anecdotes, Codate, Skyflow and Very good security (VGS) have joined the consortium of fintech and security compliance firms, supporting the Open Finance Data Security Standard (OFDSS), a proposed framework of requirements that addresses security risks commonly faced by emerging fintechs that handle consumer financial information.
The newest additions to the consortium will join an existing network of supporters that includes fintechs flashes, MX, Plaid and trueworkand security compliance companies Drata, Laika, Secureframe and Vanta.
A first draft of OFDSS was released in November 2021, which establishes a common framework for consumer data security, privacy and control that also supports innovation among emerging cloud-native digital financial companies that process information sensitive.
The OFDSS will help instill greater confidence in data holders, including financial institutions, that the fintech ecosystem has strong protections for consumer data, which ultimately protects consumers.
Following this, the updated version 1.2 of the framework was recently released, outlining further application security controls that secure an enterprise’s software development lifecycle.
The OFDSS framework now includes 79 individual security requirements in 13 control areas that address common data security risks. These requirements are contextualized with implementation guides, as well as audit steps to ensure compliance.
A necessary standard for a changing financial landscape
The availability of cloud infrastructure and enabling technologies that have made it easier for businesses to deliver digital financial services at scale has enabled digital financial innovation to flourish.
As a result, thousands of new applications and services have sprung up over the past decade, representing a significant change in the way financial services are delivered, as well as in the profile of the companies providing them.
However, existing data security standards were not designed specifically for modern, cloud-native delivery models or the resource constraints of start-up companies.
OFDSS was created to fill this gap and create robust, auditable data security guidelines that maintain alignment with common and relevant criteria found in other security frameworks such as SSAE18 TSC for Security and NIST CSF, while by providing clear requirements optimized for cloud-native technology. targeted startups and growth-stage companies.
“The industry is rallying around OFDSS as it will help raise the bar for data security in the fintech ecosystem at a time when the pace of innovation is accelerating,” said Shano FonsekaChief Risk Officer at Plaid.
“It provides a solid framework that helps fintechs improve security while enabling innovation, gives banks a level of trust about companies connecting to their APIs, and most importantly, helps protect consumers.”
“Trust is key in banking,” added Kieran hinessenior analyst at Celent. “As a result, data security is at the heart of the open finance ecosystem. The OFDSS plays an important role in supporting the creation and adoption of new services by providing a clear and rigorous security framework for market players to follow. This is in the interests of banks, fintechs and the customers they serve. »
OFDSS is designed to be a living document that will evolve over time to meet industry needs, incorporate new technologies and mitigate emerging risks. The first customer pilot programs should take place before the end of the year.
Comments are closed.