Security is a crucial issue for banks and financial institutions. There are a number of international and local regulations created to control specific restrictions and guidelines.
The most popular and detailed regulation is the PCI DSS.
PCI DSS security standard is one of the security standards applied to organizations that handle branded credit cards from major card schemes. This standard is created to increase control of cardholder data and reduce credit card fraud.
International Organization for Standardization (ISO) is also quite active in the sphere of standardizing the payments and IT markets. A large amount of data is stored electronically nowadays and it’s one of the threats for the Banking industry. One of the ISO standards is an information security standard which provides all kind of organizations with a framework for securing confidential and sensitive data.
ISO 27001 certification is a great solution for banking as it identifies security risks, guards confidential information, and lets your clients see that you value their personal information and security. Every precaution can go through ISO 27001. It guarantees bank clients confidentiality and shows that they care for client safety.
ISO 12812 certification refers to building a safe environment for consumers and merchants, promotion of protection mechanisms like fair contract rules, clarification of liability, complaints and dispute resolution.
ISO 12812-5 — use cases and requirements for compatibility of mobile financial services used to make payments to business.
ISO 12812-5 — the document deals with different types of applications used to cover authentication, credentials for banking and payment applications.
With security standards requirements for financial institutions, SDK.finance, being a technical provider, clearly, understands the importance of it and provides a product which fits major security standards in the payment sphere. It allows assuring our clients that, using our technology, they can successfully pass certification and licensing.
How do we follow security standards?
During the development process, we use all the best practices and methods of ensuring security layers at all stages — from starting from developing the source code to supporting the infrastructure of ongoing projects.
Each new version of the project is automatically audited by the OWASP ZAP and system, which allows us to identify potential vulnerabilities of the infrastructure at an early stage.
- Storage of critical users data meets PCI DSS requirements.
- All communication and data exchange is done using strong encryption SSL certificates.
- The source code is checked by active and passive source code analysis tools such as SonarQube & Lapse +
- Monitoring of logs infrastructure, servers, databases, and application servers is provided by Logentries or other services (Nagios, Zabbix) according to consumer preference.