Background

In an era where digital transactions are omnipresent, securing financial services against fraud is paramount for any leading financial institution. Our client, a prominent credit card and savings account provider faced challenges related to monetary fraud, exploiting vulnerabilities in authentication and authorization mechanisms. In response, they sought to overhaul their security posture, focusing on the authentication and authorization layers of their service infrastructure.

Challenge

The company's primary challenge was the increasing incidence of monetary fraud due to defects in the authentication and authorization processes. These vulnerabilities not only posed significant financial risks but also threatened the trust and reliability customers placed in the company's services. Addressing these vulnerabilities required a multifaceted approach that could adapt to the evolving landscape of digital fraud.

Solution

Our involvement as an integral part of the client's DevSecOps activities led to the implementation of several cutting-edge security measures designed to reduce the risk of monetary fraud significantly. These measures included:

1. Custom Authorization Logic:

  • Implementation: A custom authorizer was developed and integrated behind the API Gateway. This authorizer employed advanced logic to scrutinize the pattern of usage across our systems and validate JWT token properties. By focusing on critical services responsible for handling monetary transactions, the authorizer could effectively identify and reject illegitimate requests.
  • Impact: The introduction of the custom authorizer led to a dramatic decrease in fraud, with more than 80% of potentially fraudulent requests being identified and blocked. This measure significantly enhanced the security of transaction processing and protected users' assets.
AWS Private VPC

Click to view the full image

2. Enhanced Two-Factor Authentication (2FA):

  • Implementation: To bolster user authentication, 2FA was mandated, utilizing Cognito triggers for seamless integration and Twilio for sending WhatsApp OTPs. This approach not only ensured the users' phone numbers were kept current but also leveraged the heightened security of WhatsApp OTPs over traditional email OTPs. The system was designed with flexibility, allowing users multiple attempts to enter the correct OTP while implementing a threshold for blocking users after excessive incorrect attempts, alongside a retry backoff mechanism.
  • Impact: By leveraging WhatsApp's widespread acceptance and security, we significantly reduced instances of compromised account logins, making it considerably more challenging for threat actors to gain unauthorized access.

Click to view the full image

3. Revolutionary Signature Exchange Mechanism:

  • Implementation: A groundbreaking signature exchange mechanism was introduced between the frontend and backend, based on the Elliptic-curve Diffie-Hellman (ECDH) key exchange algorithm. This mechanism ensured that upon successful authentication via WhatsApp OTP 2FA, a unique signature, tied to the user's device, was generated for subsequent backend interactions. This signature acted as a robust layer of security, making unauthorized access almost impossible without the specific user's device.
  • Impact: The implementation of this signature exchange mechanism further fortified the authorization process. It ensured that any discrepancy in the computation of the signature would invalidate the transaction attempt, thus providing unparalleled security.
Create Digital Signature

Click to view the full image

Verify Digital Signature

Click to view the full image

Conclusion

Integrating these advanced DevSecOps solutions marked a significant milestone in enhancing our client's financial transaction security. By leveraging custom authorization logic, enhanced 2FA through WhatsApp OTPs, and a revolutionary signature exchange mechanism, we not only mitigated the risk of monetary fraud but also established a new benchmark for security in digital financial services. These measures, rooted in cutting-edge technology and innovative thinking, demonstrate our commitment to providing secure, reliable, and trustworthy banking solutions, reinforcing customer confidence in our client's services. This case study exemplifies our expertise in navigating the complexities of modern digital security challenges and underscores the importance of continuous innovation in the fight against financial fraud.