Safety of financial (bank) transactions (service station of BR FAPI.SEK-1.6-2020)

2020: The standard for security of financial services on the basis of the OpenID protocol is developed

The Infotecs company announced on November 24, 2020 that safety of financial (bank) transactions took part in development of the standard of the Bank of Russia ". Application programming interfaces of security of financial services on the basis of the OpenID protocol" (service station of BR FAPI.SEK-1.6-2020).^[1]

As it appears from the name of the standard, the document is devoted to safety of financial banking activities and includes requirements to the application programming interfaces ensuring safety of financial services, developed based on the OpenID protocol.

The standard for security of financial services on the basis of the OpenID protocol is developed

The standard was developed by request of Association of development of financial technologies (Association of Financial That) according to plans of subcommittee No. 1 of the technical committee on standardization 122 which is responsible for safety of financial (bank) transactions. Further it passed the examination in shopping mall 122 and in the technical committee of shopping mall 26 which is responsible for cryptographic information protection.

As of November 24 the document is accepted and enacted by the order of the Bank of Russia, published on the official site of the Bank of Russia on October 23, 2020.

Provisions of the standard are developed on the basis of specifications of FAPI technologies (Financial-grade API) and Connect of the OpenID Foundation organization. It includes mandatory requirements to all developers creating the software for financial institutions and defines an order of use of model of application programming interfaces with structured data and model of a token of JWT (JSON WebToken) for increase in security of financial technologies.

"Work on this standard gives valuable work experience in new data domains of standardization that allows to define the new demanded directions of development of products of the company — Dmitry Gusev, the deputy CEO of Infotecs company commented. — Also this experience will be used within the current standardization efforts according to plans of TK26, including on standardization of OpenID Connect based on domestic cryptographic algorithms".

You See Also

• Information security in banks
• The policy of the Central Bank in the field of data protection (cyber security)

• Information security support of financial institutions of the Russian Federation (service station of BR IBFO-1.5-2018)
• Standard of the Bank of Russia of service station of BR IBBS

Notes