Data Security Optimization in Fintech Apps

Data security for a digital startup is a must. Apart from protecting company assets, data security also serves as a guarantee of trust for their customers.

These factors are becoming increasingly relevant for startups fintech. It is common knowledge that companies engaged in the financial sector. Therefore, data security in fintech not negotiable at all.

Andre Pratama as Acting CTO MoneyFriend explained, preventive measures against data leakage as a very important requirement. Andre shares his knowledge and experience in data security in the latest issue of #TuesdayStartup.

In general, issues in data security come from internal and external factors. Andre said that vulnerability from within could be the biggest problem in his field. Without a strict monitoring system, vulnerabilities can appear here and there. In addition to needing qualified tools, the company's internal integrity needs to be nurtured from the start.

"I think a lot tools out there, but if their integrity is not maintained, they will also concede," said Andre.

Guarding from within

There are several steps a company can take to prevent security vulnerabilities from appearing. One of the first steps is to make sure the entire team of employees is safe from the worst.

According to Andre, the steps can be started from making non-disclosure agreement (NDA) or confidentiality agreements with employees. The next step is to create a system that prevents problems that could arise accidentally.

An example of this step is not allowing laptops used by employees to connect to WiFi. Even if you need access to WiFi, it can only be used by certain people with a clear purpose. Another example is deleting the contents of the whiteboard after the meeting and requiring the minutes of meeting (MoM) to be circulated only internally.

From the infrastructure aspect, there are steps that are needed. As fintech, Andre said that his party has created a layered security system for every transaction that occurs. Likewise in the data itself, everything has been encrypted and has been scrambled (hashed).

When collaborating with third parties

The vulnerability is also very likely to occur when a startup wants to collaborate with a third party. The meeting of the methods and technology of the two parties allows for loopholes that intruders can enter. Therefore it is necessary to take preventive measures as well.

Andre emphasized that before starting NDA cooperation, you must attend first. Then he assesses that the company must see whether the API that each uses is open or encrypted, whether the API can be installed immediately or must register first, whether the API is already using https or not. Although it seems complicated, these steps need to be taken.

"Usually intruder akan pick up The API is still hollow or still http only. Better strict rather than easy but vulnerable," he added.

Data security for and by all

The platform certainly has a responsibility in storing and using personal data provided by the users. They are also bound by a number of regulations made by the government and associations.

However, in terms of prevention, user awareness is also expected. Due to the fact that a number of modus operandi of data leakage can occur using lack of user knowledge of personal data security.

At UangTeman, according to Andre, education on data security applies to: borrowers and Actioncalendar. They also provide education to both parties. The most basic example is that a one-time use username and password (OTP) should not be known by anyone. In addition to such education, UangTeman also uses a forced system to protect the security of user data.

"We do too soft force for customers. So we detect from our mobile app if it takes too long to log in and stay silent, we will force quit," concluded Andre.