Our latest insights

Evaluations, Penetration Testing & Security Certifications: Lessons Learned

Share this post

Share on facebook
Share on linkedin
Share on twitter
Share on email
Evaluations, Penetration Testing & Security Certifications: Lessons Learned

In the world of IT and Cybersecurity, security evaluations are an important measure of a company’s commitment to providing products with exceptional quality. Although requirements differ across the globe, European security evaluations are now required under various legislation, including the Payment Services Directive 2 (PSD2).  As part of Okay’s evaluation process, we worked with a consulting and auditing company, PROSA Security, which modelled protocols and data flow through our systems. Based on this model, we could automatically see how encryption protected different assets, and whether we made any mistakes with our implementation.

Penetration testing is a totally different process. Also known as ethical hacking, penetration testing is a fake cyberattack used to identify a system’s weaknesses and strengths regarding how well it does or does not protect its features and data. The partner we chose for our penetration testing, YesWeHack, facilitates the connection between companies and white-hat hackers who are paid bounties if they manage to break the solution’s security. When it came time to test Okay, we first defined a set of bounties before inviting a set of hackers to try to break a “hackme” system.

Security evaluations and penetration testing are ultimately useful and necessary tools when trying to pinpoint product issues.While the formalised method used by security evaluators can be handy in finding logical errors and lack-of-documentation, the practical approach used by security testers motivated by bounties can help you find the bugs in your implementation that were originally missed.

Read the full article at okaythis.com/blog.

Who is Okay?
Okay is the fully PSD2 compliant Strong Customer Authentication platform that provides transaction and authentication security to apps, shielding the entire authentication process from any threats. We help all issuers, remittance services, and e-wallet providers comply with PSD2’s SCA requirements to deliver multiple authentication methods, including biometrics and strong security mechanisms at the point of transaction. Want to get to know us better? Visit okaythis.com.

More To Explore

Login or Register

Don't have an account?

Are you part of the Payments Association community?

Not yet set up your login for the Payments Association Community Platform? Set it up now

Set up a free account for instant access to our content

You don’t need to be an Payments Association member to view the majority of our content. Simply enter your details below once to set up your login details and get access to our library of whitepapers, podcasts, consultation papers, webinars and more.

First Name*
Last Name*
Company Name*
Job Title*
Username*
Business Email Address*
Password*
Confirm Password*
Agreement*
The Payments Association exist to help drive the industry forward. As such the Payments Association may contact you about any future content or events that we think you may have a legitimate interest in. We will store your information securely and will never share your details with third parties other than the relevant resource(s) sponsor(s)/curator(s). You may opt out at any time. By clicking register you are agreeing to the terms of our Privacy Policy.

← back