A Clarifying Word About API Security

June 30, 2022
Compliance
Regulatory Compliance
ACH API
Sandbox Sign Up

Back to all articles

Most Popular Articles

March 1, 2024
A Closer Look at ACHNow: Transforming Traditional Payments into Instant Solutions
August 1, 2022
Understanding the 9 Major Types of Financial Institutions
June 30, 2022
Stablecoins Come With New Callenges, Market Potentials, and Embedded Regulation

Article Table of Contents

 
Example H3
Example H4
Example H5
Example H6
 
Example H3
Example H4
Example H5
Example H6

What will you build?

Build out your first ACH API in our sandbox for free. You’ll always have direct access to our engineering support team via chat.

Sandbox Sign Up

Every so often, the issue of API security makes it into the headlines. When it does, it is usually because of a vulnerability or a successful attack. As always, the many instances when things go as planned are not reported. That’s one of the reasons why Sila’s API hasn’t been in the news in that way.

Still, we thought it’s a good opportunity to reiterate what we do to ensure API security on our platform. Risk mitigation is one of our key efforts. Here are a few common vulnerabilities where other systems sometimes fail. In every single case, we can say that this is not a vulnerability in our system.

  1. Vulnerability: Access to other end user’s financial records
    Remediation: In our system, only the Sila customer (app) that created an entity (e.g. end-user) can access that end user’s transaction history. For added security, SSNs and bank accounts are set to be masked to the last 4 digits.
  1. Vulnerability: Ability for users to delete other user accounts
    Remediation: In our system, only the Sila customer (app) that created an entity (end user) can delete that entity.
  1. Vulnerability: Any user can take over any account
    Remediation: Currently this would require access to both the customer’s (app) private key and the entity’s (end-user) private key. As a next step, this functionality will be tied to the customer (app) access secrets and tokens, and would only allow access to customers that were created by or linked to them.
  1. Vulnerability: Any user could create a denial-of-service condition that would render entire applications unavailable.
    Remediation: The system would have to get attacked by multiple simultaneous requests over a long period of time for performance to degrade. In all practicality, this is not a real danger since we a) limit result sizes and b) would be alerted of any load spikes. We would be able to identify the customer (app) causing the malicious behavior, and we would suspend that app’s access. Prior to reactivating their access, we would reach out to them, notifying them of the incident and looking for ways to resolve it.

If you have any questions or concerns, reach out to hello@silamoney.com or directly to your customer experience manager.

Related Articles

June 29, 2022
ACH

Sending ACH Payments with Sila

With secure solutions like Sila, you can move ACH payments and money internationally faster (and more affordably) than ever before.

June 29, 2022
KYC/KYB

U.S. Know Your Customer (KYC) Regulations and ACH Payments

If you operate as a financial institution or a third party payment processor (TPPP) and wish to send money through the U.S.’s Automated Clearing House (ACH), then you must follow the guidelines for knowing and verifying your customers. Older guidelines were centered around Customer Due Diligence (CDD), but more updated measures look to KYC, or the Know Your Customer rule.

November 2, 2022
Compliance

Best Built-In Fraud Monitoring Features to Fight Fraud

The API is a powerful tool for monitoring your fraud. It offers many features that can help you identify and stop fraud before it becomes a problem.

June 29, 2022
ACH

Estimating ACH Transfer Times

Some ACH transfers can take up to four business days. Estimate appropriately and inform your users ACH transfer times for optimal customer experience!

January 19, 2023
ACH

Real-time payments vs. ACH payments: What's the Difference?

Learn about real-time payments and how they work with ACH payments.

June 29, 2022
ACH API

Using Sila API to Create Digital Wallets

Sila’s SDK can allow software teams the ability to create a fully secure and compliant digital wallet. Quickly enable secure digital wallets with Sila’s SDK.