Updated Open Finance Data Security Standard gets four more supporters
As digital finance continues to grow, the protection of consumer information remains important to financial service providers and to the financial ecosystem as a whole.
Anecdotes, Codat, Skyflow and Very good security (VGS) has joined the consortium of fintech and security compliant companies, endorsing the Open Finance Data Security Standard (OFDSS), a proposed framework of requirements that address security risks often posed by emerging fintechs that manage financial information for consumers.
The newest additions to the consortium will join an existing network of supporters that includes fintechs Clever, MX, Plaid and Real workand security compliance companies Drag, Laika, Secureframe and Vanta.
A first draft of the OFDSS was published in November 2021, establishing a common framework for consumer data security, privacy and control that also supports innovation among new cloud-based, digital financial companies that handle sensitive information.
OFDSS will help create greater confidence among data holders, including financial institutions, that the fintech ecosystem has robust protections in place for consumer data, ultimately protecting consumers.
Following this, the updated version 1.2 of the framework was recently published, which outlines additional application security controls that secure a company’s software development lifecycle.
The OFDSS framework now includes 79 individual security requirements across 13 control domains that address common data security risks. These requirements are contextualized with implementation guidance, along with audit steps to ensure compliance.
A necessary standard for a changing financial landscape
The availability of cloud infrastructure and enabling technologies that have made it easier for companies to deliver digital financial services at scale have allowed digital financial innovation to thrive.
As a result, thousands of new apps and services have emerged over the past decade, representing a significant change in how financial services are delivered, and also the profile of companies that provide them.
However, existing data security standards were not developed specifically for modern, cloud-based delivery models or the resource constraints of early-stage enterprises.
OFDSS was created to address this gap and create strong, auditable data security guidelines that maintain compliance with common and relevant criteria found in other security frameworks such as SSAE18 TSC for Security and NIST CSF, while providing clear requirements optimized for cloud-based technology-focused startups and companies in the growth stage.
“The industry is rallying around OFDSS because it will help raise the bar for data security in the fintech ecosystem at a time when the pace of innovation is accelerating,” said Shano Fonsecahead of risk at Plaid.
“It provides a strong framework that helps fintechs improve security while enabling innovation, gives banks a level of trust in the companies that connect to their APIs, and, most importantly, helps protect consumers.”
“Trust is important in the banking industry,” added Kieran Hinesprincipal analyst at Celent. “That’s why data security is at the heart of the open financial ecosystem. OFDSS plays an important role in supporting the creation and introduction of new services by providing a clear and rigorous security framework for market participants to follow. This benefits banks, fintechs and the customers they serve. ยป
The OFDSS is designed to be a living document that will evolve over time to meet the needs of industry, incorporate new technology and mitigate new risks. Initial customer pilot programs are planned to take place before the end of the year.
