Ed Adams, CEO of Security Innovation
A widely-used but little known technology has created a vulnerable “Side Door” to thousands of financial institutions in North America. This discovery started with a simple question: why does my bank require multi-factor authentication (MFA), but Quicken does not? This led to an exploration of the 20-year old Open Financial Exchange (OFX) protocol and the 3000+ North American banks that support it. The conclusion: 80% of banks supporting OFX have no MFA support, putting consumers at risk by exposing login credentials.
This presentation provides a summary of our research. It also describes how organizations can assess and mitigate enterprise risk posed by OFX. Topics include:
· Open Financial Exchange (OFX) protocol — how it works and where it’s vulnerable
· Research findings — OFX security vulnerabilities that create enterprise and consumer risk
· Compliance implications - using a known vulnerable component creates headaches
· Assessment techniques — commercial scanning tools don’t work with OFX. Learn how to assess this risk quickly
·Mitigation techniques — compensating controls that reduce exposure while using the OFX protocol