Data Security Optimization in the Fintech App
Uang Teman's CTO, Andre Pratama shares his knowledge on keeping the private data secure at #SelasaStartup session
Bintoro Agung - 26 October 2020
Data security for a digital startup is a must. Apart from protecting company assets, data security also serves as a guarantee of trust for their customers.
This factor is becoming increasingly relevant for fintech startups. It is common knowledge that companies engaged in the financial sector. Therefore, data security in fintech is absolutely not something that can be negotiated.
Andre Pratama as Acting CTO of UangTeman explained that preventive measures against data leakage are a very important requirement. Andre shares his knowledge and experience in data security in the latest #SelasaStartup edition.
In general, issues in data security come from internal and external factors. Andre said that vulnerability from within could be the biggest problem in his field. Without a strict surveillance system, vulnerability holes can appear here and there. Apart from needing capable tools, the internal integrity of the company needs to be nurtured from the start.
"I think there are a lot of tools out there, but if the integrity is not maintained, it will be conceded too," said Andre.
Secure from the inside
There are several steps a company can take to prevent security vulnerabilities from emerging. One of the first steps is to make sure the entire employee team is safe from the worst.
According to Andre, these steps can be started from making a non-disclosure agreement (NDA) or a confidentiality agreement with employees. The next step is to create a system that prevents problems that can arise accidentally.
An example of this step is not allowing laptops that employees use to connect to WiFi. Even if you need access to WiFi, it can only be used by certain people with clear purposes. Another example is erasing the contents of the blackboard after a meeting and requiring that minutes of meeting (MoM) only circulate within the company.
From the infrastructure aspect, there are steps needed. As a fintech, Andre said that his party has created a layered security system for every transaction that occurs. Likewise, in the data itself, everything is encrypted and hashed.
Collaboration with the third party
Vulnerability is also very possible when a startup wants to collaborate with third parties. The confluence of methods and technology between the two parties allows for loopholes that intruders can enter. Therefore, preventive measures are also needed.
Andre emphasized that before starting the cooperation, NDA must attend first. Then he assessed that the company must see whether the API that each uses is open or encrypted, whether the API can be installed directly or must register first, whether the API already uses https or not. Although it seems complicated but steps need to be taken.
"Usually intruders will take APIs that are still hollow or only http. It's better to be strict than easy but vulnerable," he added.
Data safety from and for all
The platform certainly has the responsibility of storing and using personal data that has been provided by its users. They are also bound by a number of regulations made by the government and associations.
However, in terms of preventing user awareness, it is also expected. Due to the fact that a number of data leak modus operandi can occur taking advantage of the user's lack of knowledge of personal data security.
At UangTeman, according to Andre, education on data security applies to borrowers and lenders. They also provide education to both parties. The most basic example is a one-time use username and password (OTP) that no one can know. In addition to education like that, UangTeman also uses a forced system to protect the security of user data.
"We also do soft force for customers. So we detect from our mobile app if it takes too long to log in and just stay silent, we will force quit," Andre concluded.
– Original article is in Indonesian, translated by Kristin Siagian