The customer is a leading global provider of payments and financial services technology solutions for banks, credit unions, retailers and government institutions. They help their clients through innovation in account processing, digital banking solutions, card issuing, merchant acquiring, payment gateways and cloud-based point of sale solutions.
The client offers retail banking functionality on mobile devices to customers on behalf of financial institutions (2,800+). The platform exposes web services for mobile apps as a hosted solution integrated with various online banking systems and core banking processors. The retail banking mobile platform is a white-label solution that can be offered with customer branding.
The adoption of digital banking has grown exponentially during the COVID-19 pandemic. As the user base has grown and digital banking solutions expanded with new features, cyber security risks have become more complex, requiring threats to be effectively managed.
The client sought a technology partner with both banking expertise and a deep understanding of complex cyber security vulnerabilities to address the cyber security risks with effective programs to avoid financial loss and a negative impact on reputation.
Orion was engaged to assist the client in accelerating a remediation program. The banking platform includes a core processor, as well as mobile banking and virtual banks. Orion set up multiple pod teams with various skill sets that matched the needs of the banking solution. The pod teams operated in a co-location model that spanned three time zones, thus ensuring that business, product and technology teams were well-coordinated.
Orion established a risk prioritization process, which categorized the vulnerabilities as high, medium, and low based on various technology and business parameters. The remediation program was executed in Kanban style and program metrics were created to measure the program success. The Solution used key mobile frameworks like Android and IOS as well as NET and Selenium.
As a result of its structured program, governance, and deep knowledge of cyber remediation, Orion remediated more than 25,000 vulnerabilities in an eight-month engagement period.