As digital finance continues to grow, the protection of consumer information remains paramount to financial service providers, and to the financial ecosystem as a whole.
Anecdotes, Codat, Skyflow and Very Good Security (VGS) have joined the consortium of fintech and security compliance companies, supporting the Open Finance Data Security Standard (OFDSS), a proposed framework of requirements that address security risks commonly encountered by emerging fintechs that manage consumer financial information.
The newest additions to the consortium will join an existing network of supporters that includes fintechs Flinks, MX, Plaid and Truework, and security compliance companies Drata, Laika, Secureframe and Vanta.
An initial draft of OFDSS was published in November 2021, which established a common framework for consumer data security, privacy and control that also supports innovation among emerging cloud-native, digital finance companies that handle sensitive information.
OFDSS will help instil greater confidence in data holders, including financial institutions, that the fintech ecosystem has robust protections in place for consumer data, which ultimately protects consumers.
Following this, the updated version 1.2 of the framework was recently published, outlining further application security controls that secure a company’s software development lifecycle.
The OFDSS framework now includes 79 individual security requirements across 13 control domains that address common data security risks. These requirements are contextualised with implementation guides, along with audit steps for ensuring compliance.
A needed standard for a changing financial landscape
The availability of cloud infrastructure and enabling technologies that have made it easier for companies to deliver digital financial services at scale has enabled digital finance innovation to thrive.
As a result, thousands of new apps and services have emerged over the last decade, representing a significant change in how financial services are delivered, and also the profile of companies that provide them.
However, existing data security standards were not designed specifically for modern, cloud-native delivery models or the resource constraints of early stage companies.
OFDSS was created to address this gap and create strong, auditable data security guidelines that maintain alignment with common and relevant criteria found in other security frameworks such as SSAE18 TSC for Security and NIST CSF, while providing clear requirements optimized for cloud-native, technology-focused startups and growth-stage companies.
“The industry is rallying around OFDSS because it will help raise the bar for data security in the fintech ecosystem at a time when the pace of innovation is accelerating,” said Shano Fonseka, head of risk at Plaid.
“It provides a strong framework that helps fintechs improve security while enabling innovation, gives banks a level of confidence about the companies connecting to their APIs, and, most importantly, helps protect consumers.”
“Trust is essential in the banking industry,” added Kieran Hines, principal analyst at Celent. “Accordingly, data security is at the heart of the open finance ecosystem. The OFDSS plays an important role in supporting the creation and adoption of new services by providing a clear and rigorous security framework for market participants to follow. This is to the benefit of banks, fintechs, and the customers they serve.”
OFDSS is designed to be a living document that will evolve over time to meet the needs of the industry, incorporate new technology, and mitigate emerging risks. Initial customer pilot programmes are planned to take place before the end of the year.
