Tell us about Xinja's Cybersecurity capability

I understand there is a lot of talk about Cybersecurity and the fact that small or new banks face huge challenges to match the more traditional/big banks in this space. In light of the article https://www.afr.com/technology/neobanks-face-cyber-security-struggle-to-match-big-banks-20190208-h1b06y
Can Xinja explain how overall security is being fulfilled to meet all sorts of security requirements and concerns?

2 Likes

Hey @rkyobe Ronnie! Sorry to take so long to get back to you.

Xinja as you can imagine - takes this area very seriously and it’s a primary focus; every employee - in any part of the business - understands its importance - it’s a massive component of trust now - ie: can I trust you to keep my money and data secure?

The idea that the big banks’ bigger budgets mean better security, doesn’t always follow - It’s not only a question of budget but of approach, process and technology. Big budgets might be being deployed by big banks because of complex, cumbersome legacy systems that are generally expensive to run, maintain, update and to which applying new restrictions and checks and balances is also expensive. Architecture and automation have a lot to do with effectiveness in this area. The advantage we have as a new player is that we can bake security into our design from day 1. The old banks were designed at a time where cyber security was far less of an issue and far less was understood.

As to details, I’m afraid it’s a case of ‘I could tell you but I’d have to kill you’ when it comes to security :ninja_emojis_pink_03: I’m sure you understand that the first rule of security is not to talk about security (or rather what we’re doing in it!) But you can be assured it’s a major priority for us and we are taking advantage of latest technology and approaches to make it best in class or better.

Hope that goes some way to answering your question?

Many thanks!

1 Like

Hi, I’d like to revive this thread since it’s probably worth thinking about again with so many new users coming on board and the granting of the banking licence. I’d be very interested in knowing what Xinja does to proactively pursue data security, from a high level. Information about secure software development lifecycle principles/approaches the team takes, the use of internal and external security assessments, data protection principles, etc, would all be useful communication if done well.

A lot of trust is given to banks and data leaks like the Westpac PayID one a few months ago usually come as a nasty surprise to customers. If you have a well formed SSDLC and data security posture, you should use that as a feature. It may help lure in tech professionals who go on to convert their friends and family.

1 Like

Hi @maybe great to hear from you - do check out the blog we wrote about a week ago https://www.xinja.com.au/news/2019/unto-the-breach-lets-face-up-to-reality-october-19-10/ We are always going to be coy about detail around security for obvious reasons but I hope this gives you a view on our approach at least. I can get our CISO Jean-Baptiste onto the forum to answer general questions as well?

I believe it’s fair to say that we all take security very seriously and it is important to revisit security practices time and again. This 2019 ComputerWorld article reveals security issues from a different lens. Paragraphs 2 and 4 summarise the issues and the last paragraph gives a recommendation to financial companies to “Hire a pen tester today to check out your site and apps”.

Would love to have Xinja’s reaction to this.

Hey @rc-reg!

Thanks for the link, we do penetration testing as standard. You might like to read more about our security from @xinjasecure, our CISO, in our blog about how Xinja approaches data security :lock:

Thanks @xinja_blair. It’s very reassuring to know that Xinja has penetration testing.