As digital finance continues to grow, the protection of consumer information remains paramount to financial service providers, and to the financial ecosystem as a whole.
The newest additions to the consortium will join an existing network of supporters that includes fintechs Flinks, MX, Plaid and Truework, and security compliance companies Drata, Laika, Secureframe and Vanta.
Following this, the updated version 1.2 of the framework was recently published, outlining further application security controls that secure a company’s software development lifecycle.
The OFDSS framework now includes 79 individual security requirements across 13 control domains that address common data security risks. These requirements are contextualised with implementation guides, along with audit steps for ensuring compliance.
A needed standard for a changing financial landscape
The availability of cloud infrastructure and enabling technologies that have made it easier for companies to deliver digital financial services at scale has enabled digital finance innovation to thrive.
As a result, thousands of new apps and services have emerged over the last decade, representing a significant change in how financial services are delivered, and also the profile of companies that provide them.
However, existing data security standards were not designed specifically for modern, cloud-native delivery models or the resource constraints of early stage companies.
OFDSS was created to address this gap and create strong, auditable data security guidelines that maintain alignment with common and relevant criteria found in other security frameworks such as SSAE18 TSC for Security and NIST CSF, while providing clear requirements optimized for cloud-native, technology-focused startups and growth-stage companies.
“The industry is rallying around OFDSS because it will help raise the bar for data security in the fintech ecosystem at a time when the pace of innovation is accelerating,” said Shano Fonseka, head of risk at Plaid.
“It provides a strong framework that helps fintechs improve security while enabling innovation, gives banks a level of confidence about the companies connecting to their APIs, and, most importantly, helps protect consumers.”
“Trust is essential in the banking industry,” added Kieran Hines, principal analyst at Celent. “Accordingly, data security is at the heart of the open finance ecosystem. The OFDSS plays an important role in supporting the creation and adoption of new services by providing a clear and rigorous security framework for market participants to follow. This is to the benefit of banks, fintechs, and the customers they serve.”