Your Bank’s Digital Side Door

Presented by

Ed Adams, CEO of Security Innovation

About this talk

A widely-used but little known technology has created a vulnerable “Side Door” to thousands of financial institutions in North America. This discovery started with a simple question: why does my bank require multi-factor authentication (MFA), but Quicken does not? This led to an exploration of the 20-year old Open Financial Exchange (OFX) protocol and the 3000+ North American banks that support it.  The conclusion:  80% of banks supporting OFX have no MFA support, putting consumers at risk by exposing login credentials.  This presentation provides a summary of our research. It also describes how organizations can assess and mitigate enterprise risk posed by OFX.  Topics include: · Open Financial Exchange (OFX) protocol — how it works and where it’s vulnerable  · Research findings —  OFX security vulnerabilities that create enterprise and consumer risk · Compliance implications - using a known vulnerable component creates headaches · Assessment techniques — commercial scanning tools don’t work with OFX. Learn how to assess this risk quickly ·Mitigation techniques — compensating controls that reduce exposure while using the OFX protocol

Related topics:

About this channel

Security Innovation
Upcoming talks (1)
On-demand talks (82)
Subscribers (9569)
In today's connected world, software runs everything - from smart phones to banking applications, cars to home security systems, even refrigerators, garage doors and other every day devices are "connected." Software is everywhere – and unfortunately, it provides the largest attack surface for hackers. We are a cybersecurity company leveraging our deep knowledge of software security to create relevant products and services.