DEV Community

Cover image for Building security for digital wallets and financial applications
Cossack Labs
Cossack Labs

Posted on

Building security for digital wallets and financial applications

The financial market requires secure, compliant, and scalable solutions. How would you define “security”? Oftentimes it is perceived as a checklist of features to be implemented or a distraction. Others see security as a technical debt that could be taken care of “someday” when the product is already launched. But no one wants to see their product compromised and customers go. Is there a way to build a secure architecture that will serve as a shield to users’ assets and company’s name?

In this read, we’ll put on a security engineer’s shoes and walk a mile to see security from their perspective. Diving into this world will equip you with new ideas on how to build a reliable product by choosing a security-first approach.

A life-saving tip: Huge security incidents once were little weaknesses that were not timely taken care of. Thus let’s address the issues in 4+ steps:

Define your unique risks and threat profile: Identify specific risks, analyse your architecture for risks that can possibly turn into threats. The next step is to develop a targeted security strategy, design and build security controls. You also need to build your incident response capability and invest in winning user trust.

Fight typical risks with typical mitigations like focusing on data protection via a layered approach to security:

  • Platform security - the foundation of mobile / web security measures- requires special attention.
  • Mobile wallet security starts with OWASP MASVS and MASTG recommendations, like secure data storage, proper cryptography, local authentication, and device trust.
  • Web & web extension wallets are to use encrypted data storage, minimise the memory footprint of private keys and mnemonics. In the case of desktop wallets, stored private keys could be available for superusers and malicious apps.
  • Backend security should include secure user authentication, session handling, user enumeration, data harvesting, network settings, security headers, transaction integrity, and protection against replay attacks.
  • Supply chain security requires pre-selected and monitored 3rd party services.
  • Monitoring and incident response: Monitor transactions to timely detect anomalies and prevent potential incidents.

Treat problems systematically to reduce the number of risks and vulnerabilities.

Target the specific financial risks to your product and shoot back with effective tech solutions:

  • Key leakage and transaction fraud
  • User deanonymisation
  • Know Your Customer and Anti Money Laundering
  • Financial Anti Fraud Systems
  • Regulations and compliance

Follow the white rabbit for more juicy tips.

Building security into the development process is your key to success! Engage security engineers with product and financial expertise. Allow professionals to audit your digital wallet so that you can see the real picture and timely mitigate the risks.

When you make security the cornerstone of your product — you invest into your reputation, user retention and help your digital wallet stay competitive. As you implement smart security solutions throughout the product development process, you keep the end-user’s wants and fears in mind, doing your best to make their digital life a little easier. This is your road to success!

Read the full guide on digital wallets security.

Top comments (0)