Security is an important part of compliance. Making sure systems that interface with customers follow the highest security standards is something every business should strive for. So to make security compliance easy to navigate for our developer community, today we are adding another service in our stack. We call it Security as a Service (yes another SaaS).
Why is Synapse offering this service?
Synapse is essentially a middleware between banks and developers. For developers, this makes it easier to build out banking applications on top of an existing network of banks. For banks, it brings them more transactions and more deposits.
While this is a win-win for both, an API form factor adds its own set of compliance and security hurdles which, if not addressed, can have detrimental effects.
We currently help you maintain compliance by making sure that (1) your platform has proper authorizations and disclosures in place; (2) you have a strong Customer Identification Program ; and (3) your flow of funds is kosher to regulatory standards.
However, ensuring your platform meets the highest security standards is generally forgotten by most FinTech firms. Additionally, expecting developers to get external audits is not always an option given the high cost.
As a result, we decided to offer security testing as a part of our compliance stack.
How do I utilize this service?
Nothing changes for current platforms or new customers. We will begin independently reviewing current customers’ platforms and new customers will receive a security report prior to obtaining API production keys.
The report will have a list of security concerns that your application might be vulnerable to and quick suggestions to address them. It’s that easy.
How much does the service cost?
There is no separate cost for this service. It is a part of your existing Synapse monthly package.
This service is in no way an alternative to bug bounty programs (we recommend https://cobalt.io/), but should give you a head start with good security practices.
If you have any questions regarding the implementation, please feel free to reach out on our discuss page or email us at firstname.lastname@example.org.