System security is a complex of the software, tech and management tools. #digitalharbour normally provides each client with a comprehensive set of security recommendations with regard to the system and its’ implementation. Those recommendations include:

  • User account: signup, activity, block, re-activate etc. — relevant processes
  • Hardware and software asset management
  • Network security
  • Transaction processing security
  • Software security

Team Harbour standards on security have been thoroughly tested and proven by authoritative bodies of Fortune-500 companies and certified for ISO 27001 and PCI/DSS

image

Figure: Authentication factors

When designing #digitalharbour, the following principles have been agreed:

  • The system has been designed at least in accordance with C2 security standard: login and password are minimum basic requirements
  • N-factor authentication is embedded in the Auth Service and supported for the third-party authentication services like OTP by SMS, push message, various messengers, hardware tokens, etc. 2-factor authentication is enabled by default
  • All significant activities within the system, including login, are protected with OTP via SMS or synchronized electronic keys like Auth or Google
  • Server communicates with front-ends (web, mobile) and other integrated software systems via secure channels
  • System is PCI/DSS and ISO27001 ready – an audit could be included in the implementation plan
  • Auth service can be replaced by third-party service as per customer requirements, system can be integrated with any existing client’s security systems, e.g. Vasco, Gemalto, or 3d-security systems
  • System is following PSD2 requirements on security and authentication and ready for deployment in European banks

Please let us know if you want to learn more about #digitalharbour products: