Consortium collaborating on data security requirements optimized for early and growth-stage digital finance companies grows and plans first customer pilots

By OFDSS Committee

As digital finance continues to grow, the protection of consumer information remains paramount to financial service providers, and to the financial ecosystem as a whole. Today, anecdotes, Codat, Skyflow and Very Good Security (VGS) joined the consortium of leading financial technology and security compliance companies, supporting the Open Finance Data Security Standard (OFDSS), a proposed framework of requirements that address security risks commonly encountered by emerging financial technology companies that handle consumer financial information. 

The new supporting companies are joining a consortium of OFDSS supporters, including fintech technology companies Flinks, MX, Plaid, and Truework, and security compliance companies Drata, Laika, Secureframe, and Vanta.

In November 2021, the first draft of OFDSS was published, establishing a common framework for consumer data security, privacy and control that also supports innovation among emerging cloud-native, digital finance companies that handle sensitive information. OFDSS will help instill even greater confidence in data holders, including financial institutions, that the fintech ecosystem has robust protections in place for consumer data, which ultimately protects consumers.

A new version of the framework (version 1.2) was recently published, updating the proposal to outline application security controls that secure a company’s software development lifecycle. The OFDSS framework now includes 79 individual security requirements across 13 control domains that address common data security risks. These requirements are contextualized with implementation guides, along with audit steps for ensuring compliance.

A needed standard for a changing financial landscape

Digital finance innovation has thrived due to the availability of cloud infrastructure and enabling technologies that have made it easier for companies to deliver digital financial services at scale. As a result, thousands of new apps and services have emerged over the last decade, representing a significant change in how financial services are delivered, and also the profile of companies that provide them.

However, existing data security standards were not designed specifically for modern, cloud-native delivery models or the resource constraints of early stage companies. OFDSS was created to address this gap and create strong, auditable data security guidelines that maintain alignment with common and relevant criteria found in other security frameworks such as SSAE18 TSC for Security and NIST CSF, while providing clear requirements optimized for cloud-native, technology-focused startups and growth-stage companies.

“The industry is rallying around OFDSS because it will help raise the bar for data security in the fintech ecosystem at a time when the pace of innovation is accelerating. It provides a strongframework that helps fintechs improve security while enabling innovation, gives banks a level of confidence about the companies connecting to their APIs, and, most importantly, helps protect consumers,” said Shano Fonseka, Head of Risk at Plaid.

Next steps

OFDSS is designed to be a living document that will evolve over time to meet the needs of the industry, incorporate new technology, and mitigate emerging risks. Initial customer pilot programs are planned to take place before the end of year. To learn more and potentially get involved, please visit OFDSS.org.