Your Bank’s Digital Side Door

Presented by

Ed Adams, CEO of Security Innovation

About this talk

A widely-used but little known technology has created a vulnerable “Side Door” to thousands of financial institutions in North America. This discovery started with a simple question: why does my bank require multi-factor authentication (MFA), but Quicken does not? This led to an exploration of the 20-year old Open Financial Exchange (OFX) protocol and the 3000+ North American banks that support it.  The conclusion:  80% of banks supporting OFX have no MFA support, putting consumers at risk by exposing login credentials.  This presentation provides a summary of our research. It also describes how organizations can assess and mitigate enterprise risk posed by OFX.  Topics include: · Open Financial Exchange (OFX) protocol — how it works and where it’s vulnerable  · Research findings —  OFX security vulnerabilities that create enterprise and consumer risk · Compliance implications - using a known vulnerable component creates headaches · Assessment techniques — commercial scanning tools don’t work with OFX. Learn how to assess this risk quickly ·Mitigation techniques — compensating controls that reduce exposure while using the OFX protocol

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (140)
Subscribers (14685)
Security Innovation is an authority on software security and helps organizations build and deploy more secure software. Global technology vendors and enterprise IT organizations such as Microsoft, IBM, FedEx, ING, Symantec, Coca-Cola and GE rely on our expertise to understand the security risks in their software systems and facilitate the software and process change necessary to mitigate them. Security Innovation specializes in software security, an area where traditional “information security” and “business” consultants tend to struggle. We have been analyzing application vulnerabilities and risk for almost a decade and were one of the first providers of software risk solutions to Fortune 500 firms. Our unrivaled proficiency in technical analysis, coupled with sound knowledge of business processes, results in world-class solutions that bridge the gap between application security holes and risk management optimization.