HUBTALK #5 – Security in Open Finance

Vincent Bouckaert discusses the need for all Open Finance players to leverage best practices and industry standards to ensure maximum security.

September 28, 2022

Security is one of the key enablers of digital finance as well as a key challenge for both incumbents and Fintechs that aim at reshaping the world of finance. It is also the main topic of the fifth article of our HUBTALK series, which today features Vincent Bouckaert (Cybersecurity and SecDevOps Engineer, LUXHUB). Our security expert discusses the need for all players active in the ever-growing Open Finance era to protect themselves, as well as their partners, and of course consumers. And leverage best practices and industry standards to ensure maximum security.

Today’s world is filled with innovative and flexible digital services that suit the ever-changing needs of consumers. Such services, that are often personalized and adapted to new habits, require an extensive collection and processing of personal data, which then enable the creation of intuitive and easy-to-use standards.

“The digital demand is growing in all sectors. And therefore, the amount and variety of data being processed on a daily basis has never been higher. Consumers are clearly benefiting from innovative, out-of-the-box and unique solutions. But as service providers, we have a tremendous responsibility in making sure that these solutions remain secure and transparent”, comments Vincent Bouckaert.

Furthermore, cyberattacks are increasingly frequent and can have devastating consequences when successful, whether they target individuals at home or large corporations or public bodies. In many cases, such attacks cause a loss of trust from customers or citizens, sometimes leading to bankruptcy for highly publicized cases against companies.

The financial services industry is of course not immune from cyber-attacks, and its actors must follow basic cyber hygiene principles.

How recent and powerful cyberattacks impacted the financial services industry

Over the years, many financial institutions were hit by cyber criminals with varying goals, ranging from thefts to extortion and even to political/ideological leverage. There are many examples showing that the number of cyberattacks is growing:

  • A national bank was attacked and many of its services were impacted, including the bank’s ATMs, internal network, mobile apps, etc.
  • A stock exchange had to shut down operations following an extended DDoS (distributed denial of service) attack on a network provider
  • A consumer credit reporting agency suffered a cyberattack which saw around three million customer’s data stolen by a criminal third party
  • A mortgage lender was hit by cybercriminals which resulted in a data breach and an unauthorized party accessing its server and stealing private data pertaining to 15,000+ customers
  • A major cryptocurrency player suffered a breach that led to unauthorized withdrawals of bitcoin and Ether worth more than tens of millions of dollars

SecDevOps, security by design

When selling services aimed at the financial services industry or companies that want to embed finance-like services within their own applications, security and therefore trust have become key differentiators.

LUXHUB, as a regulated player active in the Open Banking/Finance world – the Fintech was also granted AIS/PIS license from the CSSF last year –, complies with numerous European directives and their local transpositions, all including high security standards and requirements. It notably falls under PSD2 jurisdiction.

Vincent Bouckaert highlights: “the focus on security is very high: the PSD2 standards we implement already define a number of strong security measures; we need to make sure that those are implemented correctly, while also complying with local regulations and their derived requirements.”

Moreover, LUXHUB is leveraging the SecDevOps approach, implying that security is at the center of each and every development and operations. “Security requires constant vigilance. It is not something one works on periodically. Therefore, it needs to be included in every single step of the software delivery process: from software design to infrastructure setup. And more importantly, it must be constantly tested,” adds the expert.

Vincent Bouckaert also explains that startups or young companies like LUXHUB must leverage the automation of security controls and implementation of modern concepts like zero-trust to achieve this within reasonable costs. Automation also allows simulating attacks and making sure that they are appropriately detected, and that the incident response process works as expected.

Watch video

In the same category