Every so often, the issue of API security makes it into the headlines. When it does, it is usually because of a vulnerability or a successful attack. As always, the many instances when things go as planned are not reported. That’s one of the reasons why Sila’s API hasn’t been in the news in that way.
Still, we thought it’s a good opportunity to reiterate what we do to ensure API security on our platform. Risk mitigation is one of our key efforts. Here are a few common vulnerabilities where other systems sometimes fail. In every single case, we can say that this is not a vulnerability in our system.
- Vulnerability: Access to other end user’s financial records
Remediation: In our system, only the Sila customer (app) that created an entity (e.g. end-user) can access that end user’s transaction history. For added security, SSNs and bank accounts are set to be masked to the last 4 digits.
- Vulnerability: Ability for users to delete other user accounts
Remediation: In our system, only the Sila customer (app) that created an entity (end user) can delete that entity.
- Vulnerability: Any user can take over any account
Remediation: Currently this would require access to both the customer’s (app) private key and the entity’s (end-user) private key. As a next step, this functionality will be tied to the customer (app) access secrets and tokens, and would only allow access to customers that were created by or linked to them.
- Vulnerability: Any user could create a denial-of-service condition that would render entire applications unavailable.
Remediation: The system would have to get attacked by multiple simultaneous requests over a long period of time for performance to degrade. In all practicality, this is not a real danger since we a) limit result sizes and b) would be alerted of any load spikes. We would be able to identify the customer (app) causing the malicious behavior, and we would suspend that app’s access. Prior to reactivating their access, we would reach out to them, notifying them of the incident and looking for ways to resolve it.
If you have any questions or concerns, reach out to email@example.com or directly to your customer experience manager.
6 Advantages of Using Payment APIs
Adding payment APIs into your business model is easy with Sila. Read on to learn how.
Outsource your US Financial Compliance with Sila
Financial compliance is tedious and costly, and it’s even worse if you fail it. Outsource your US financial compliance with Sila.
Sending ACH Payments with Sila
With secure solutions like Sila, you can move ACH payments and money internationally faster (and more affordably) than ever before.
U.S. Know Your Customer (KYC) Regulations and ACH Payments
If you operate as a financial institution or a third party payment processor (TPPP) and wish to send money through the U.S.’s Automated Clearing House (ACH), then you must follow the guidelines for knowing and verifying your customers. Older guidelines were centered around Customer Due Diligence (CDD), but more updated measures look to KYC, or the Know Your Customer rule.
Best Built-In Fraud Monitoring Features to Fight Fraud
The API is a powerful tool for monitoring your fraud. It offers many features that can help you identify and stop fraud before it becomes a problem.