16 Results
Pavlo Farb Security Engineer at Cossack Labs
In fintech, user’s data protection is among the top priorities requested by regulations, but surprisingly they are mapped onto real-world risks. As a data security engineer, I can say that while it might look like much work to comply with GDPR, CCPA, PCI DSS, FFIEC, etc., these regulations exist not to add problems but to prevent them and protect ...
18 October 2021 /security /regulation Fintech
Check if you take these security points into consideration before you migrate to the cloud. While you move your infrastructure into the cloud (“lift and shift”), your security assumptions also go through the change, since the on-prem threat model and security priorities are very different from cloud-based. And it’s always less stressful to get wel...
27 September 2021 /security /cloud Fintech
How to keep your data encrypted and still be able to securely search over it, without constraining the app architecture? In data security, we say “you should try searchable encryption!” Let’s shine a new light on it here! Here’s an example. You store valuable encrypted data (like PII and fin data) in a database. Some app backend interacts with a da...
13 September 2021 /security Fintech
Check this list while planning a new business and putting your fintech app in the cloud. By noting these arguments you can avoid risky misconceptions of trusting too much responsibility to cloud providers and cloud environments. From our experience at Cossack Labs, we know that such an approach saves data, funds, and reputation. First, start with r...
23 August 2021 /security /cloud Digital Banking Trends
Lots of recently introduced regulations require audit logging as one of the measures for data protection in fintech. We know from practice that cryptographically signed audit logging can be a secure and pragmatic way to cover this point. Let's cut through complexity. Audit logs, or audit trails, capture evidence about any activity in your software...
02 August 2021 /security /devops Fintech
Facing a blend of old and new regulations, fintech companies, neobanks, and banks-as-a-service use application-level encryption (ALE) to encrypt transaction data, PII, and data sensitive with payments and accounts context. What Pro’s and Con’s application-level encryption has compared to the traditional database data-at-rest encryption? First, nowa...
19 July 2021 /security /payments Digital Banking Trends
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.