Information Security at Curve - Ask Me Anything!

Information Security at Curve - Ask Me Anything!

Hi - My name is Oussama. I’m the Head of Information Security here at Curve.

We’re excited about all the new under the hood security features we’ve been adding to our systems, and all the work the security and privacy team here is doing to make curve products the most cybersecure in the world of finance.

Would welcome your questions, thoughts and comments around anything related to those topics in this thread :slight_smile:

Regards,
Oussama

1 Like

Hi @Curve_Oussama

I have been posted before some features that will increase security so you can see the post here:

2 Likes

Hi! Welcome to the community! I have a few questions and would be very glad if you answered at least some of them.

Why does it take so long to implement basic security features such as 3D Secure in Curve? It wouldn’t seem to be such a hard thing to do, especially that Curve is an app-based product, so the authorisation could then go through the app, no sending texts, logging in on-line or any other weird solutions. I ask that especially that it’s been a topic at this forum for quite some time already. Take a look: 3DS or some alternative

Fintech and finance in general are very regulated fields - does it make it harder to improve security and make some instant improvements? Or maybe it’s completely different and regulations inspire you and the rest of the Curve team to make it a more secure product? And also: how does cooperation with other parties affect your work? I mean Mastercard, Wirecard etc.

You have also mentioned

What are they? I think we’d all love some technical information. Is it related to machine learning, for instance? As far as I know, his seems to be a current trend in the industry.

3 Likes

Sorry for the nudge, @Curve_Oussama, but I’m sure we’d be more than happy to actually hear some of your answers :smiley:

1 Like

Thanks @Pawel, @vebaev for your great questions :slight_smile:
I would like to give you thorough answers and will post during the weekend :+1:

2 Likes

Thanks for your patience guys, been quite hectic the last couple weeks, but here we are! @vebaev - great idea, yes! Giving a more granular control on those is definitely a great security enhancing app feature. Will work on it.

We are working on implementing the 3DS protocol, @pawel. Everyone will be able to open the app to authorise new transactions at some point in the future (a great implementation of other industry and security standards as well… :wink:)

On your regulatory comment, @pawel, IMO - despite the “heavy” regulations, Fintech is still less regulated than “old” finance, capital markets and other sub-industries from a cyber perspective (e.g. crypto, and ICOs…). But if you look at the FCA EMI requirements and similar, a good cyber maturity and a resilient IT infrastructure are both a must for any licensed Fintech entity.

Also, and in the case of Fintech, regulations are more of a sandboxed framework to work within and benchmark products and maturities against (in addition to protecting customers, creating trust, etc… i/e. think GDPR…) rather than a fining machine as they tend to be perceived for/by big established players. Regulators are also facing new challenges of their own when it comes to innovation, and the duality innovator/regulator couldn’t get more polarised, even if efforts are spent towards alignment.

Can’t say much about those enhancements, I’m afraid, but happy to take suggestions from you guys :blush: and yes, data is definitely playing a huge role in cyber security and fraud monitoring these days :wink:

Looking forward to reading you guys!

2 Likes

Hi Oussama,
please read my following message:

BR,
Andrey

1 Like

Spot on! Just replayed it and it’s working! Thanks for reporting - A fix should be included in our next app release :wink:

PS. As a way of responsibly disclosing security bugs and vulnerabilities, you guys can send your detailed security reports to security@imaginecurve.com. We also have a bug bounty program in place, and security researchers who’re members of this community are very welcome to join our program! :smiley:

Why not pay the OP a bit of money or send him a bit of Curve clothing for the disclosure? After all he did uncover a security bug after all.

1 Like