PUBLICATION




21 July 2015

21st July 2015 - Against the backdrop of an increased reliance on complex IT systems and operations in the financial sector is the heightened risk of cyber attacks, data theft and system disruptions, financial institutions are expected to continue to deepen their technology risk management capabilities and be ready to handle IT security incidents and system failures. In this regard, ONEPIP had engaged KPMG, one of the “Big Four” largest professional services organisations in the world, to undertake and complete a holistic vulnerability assessment of ONEPIPnet Personal Direct and Business Direct, ONEPIP’s flagship online platform for FX, payments and money transfer. A vulnerability assessment is the process of identifying, quantifying, and prioritizing the vulnerabilities in a system.

During this engagement, ONEPIPnet was subjected to a comprehensive assessment of its online application platform, network infrastructure as well as its data hosting centre. This includes penetration tests designed to replicate common targeted scenarios like DDoS (Distributed Denial of Service), cross-site scripting, cross-site request forgery, and SQL injection testing. Specifically, this is done by intentionally simulating an attack that would cause a breach in the system and to test for possible vulnerabilities.

“From it’s inception, ONEPIP has taken a very serious view to platform security. Conducting a third-party penetration test is fundamental when operating an online platform as it will equip ONEPIP’s technical team with the proper knowledge and experience in the event when there is a real intrusion. It will also allow us to test whether our existing security measures are adequate and effective, and where necessary, apply further platform hardening,” says Mr. Jazz Peh, Head of Projects and Technology. “As a licensed financial institution, we deal with confidential data and records. Hence, it is imperative that we make sure this information is safe and secured. It is without a doubt that working with a partner like KPMG ensures that the highest and most stringent assessment possible can be subjected to our platform, so as to guarantee the highest level of security and performance.”