As part of our new series, Going Real-Time, we sat down with Dwolla’s Information Security Risk Manager, Ben Schmitt, for a behind-the-scenes look at FiSync, our real-time bank transfer protocol for banks and credit unions, and its pioneering application of “secure authentication and authorization” for bank transfers. The following technical Q&A explores some of the security principles, benefits, and considerations that make up Dwolla’s real-time DNA.
How does secure authentication work to protect users?
Secure authentication is a method to ensure a user is who they say they are over an encrypted channel, using more than a single factor (i.e. just a password). Secure authentication methods protect a user’s identity and provide the foundation for secure communications and a broader security architecture.
Relative to FiSync, Dwolla has developed a secure authentication method for linking and enabling FiSync within bank accounts, in partnership with its newest partner, BBVA Compass. For the first time, we’re removing a customer’s need to provide sensitive payment information to anyone, even Dwolla, in order to make a payment.
By default Dwolla never shares your sensitive financial information with recipients, but FiSync takes this a step further. Pioneering new Secure Authentication and Tokenization practices, FiSync-enabled accounts are able to validate account ownership, authorize privileges, and initiate bank transfers—all without providing Dwolla bank account and routing numbers.
Basically, the customer doesn’t have to share their sensitive financial information with a third party, banks worry less about customers’ financial information being exposed or stored, and Dwolla is happy that our users are able to keep their information safe while taking full advantage of the Dwolla network.
Can you explain how authentication and authorization differ?
Authentication does not provide access to resources, rather, it only proves a user is who they say they are. After authentication, authorization is the follow-on process of assigning access to data based on rules or roles which, in the case of FiSync, is achieved through OAuth scopes.
Authentication and authorization are similar but distinct actions. Authentication gets you in the front door of the hotel, whereas authorization provides you access to your specific room and no one else’s.
Relative to FiSync, how does authentication improve security?
FiSync was designed to allow for secure authentication between a financial institution and the Dwolla network as an enhancement option within the API—this is best demonstrated by the use of a one time password.
When linking a bank account, a user is challenged via a one time password with strong cryptographic controls and an out-of-band communication. Building a secure session is a combination of secure authentication including a one time password (OTP) and the implementation of 3-legged OAUTH2 for management of authorization within FiSync. Lastly, transactions are tokenized including a nonce such that replay attacks or interception are mitigated as the speed of the transaction (seconds) reduces the window of opportunity for an attacker.
Technically speaking, what are the principles that make secure authentication so valuable?
The principles include multiple factors (something you know and something you have), a secure and trusted communications channel, standards-based cryptography, and time-based tokens such as a one time password (OTP).
Cryptographic Protections: Standards-based cryptography is critical—it means some of the world’s best cryptographers have reviewed, attacked and approved secure implementations of encryption and hashing. Implementing standards-based cryptography allows for proper security of data both in-transit and at rest.
Network Design: Secure and trusted communications can be further enhanced with a network designed to limit the attack surface. Initiating communications to trusted partners only, positions a network to have a “stateful security model.” Basically, this means communications initiated from a secure network will allow a response from a trusted partner, but deny all other connections reducing entry points.
One Time Passwords: As an additional factor of authentication, a one time password (OTP) provides an out-of-band enhancement to the process. One-time passwords are time-sensitive, usually lasting a minute, severely limiting potential misuse.
Security by Design:
Our guiding principle as we build and iterate upon FiSync is that it is smarter and more effective to build security into a solution rather than adding it on after corelogic and services are built. FiSync is our flagship, real-time payment tool for financial institutions and with it, we’ve focused on security by design, following the principle of tokenization, performing threat modeling, creating a highly available network with a cryptographically sound web service design, and committing to data security.
We are never done building, and that holds true for security as well. We are never done building a more secure way to move money.