Menu

Timesdelhi.com

May 23, 2019
Category archive

Wells Fargo

OpenFin raises $17 million for its OS for finance

in Android/app-store/Apple/Apps/bain capital ventures/Banking/Barclays/bloomberg terminal/Cloud/Delhi/Developer/Enterprise/Finance/financial services/funding/Fundings & Exits/India/J.P. Morgan/nyca partners/OpenFin/operating systems/Politics/Private equity/Recent Funding/Startups/truphone/Uber/Wells Fargo by

OpenFin, the company looking to provide the operating system for the financial services industry, has raised $17 million in funding through a Series C round led by Wells Fargo, with participation from Barclays and existing investors including Bain Capital Ventures, J.P. Morgan and Pivot Investment Partners. Previous investors in OpenFin also include DRW Venture Capital, Euclid Opportunities and NYCA Partners.

Likening itself to “the OS of finance”, OpenFin seeks to be the operating layer on which applications used by financial services companies are built and launched, akin to iOS or Android for your smartphone.

OpenFin’s operating system provides three key solutions which, while present on your mobile phone, has previously been absent in the financial services industry: easier deployment of apps to end users, fast security assurances for applications, and interoperability.

Traders, analysts and other financial service employees often find themselves using several separate platforms simultaneously, as they try to source information and quickly execute multiple transactions. Yet historically, the desktop applications used by financial services firms — like trading platforms, data solutions, or risk analytics — haven’t communicated with one another, with functions performed in one application not recognized or reflected in external applications.

“On my phone, I can be in my calendar app and tap an address, which opens up Google Maps. From Google Maps, maybe I book an Uber . From Uber, I’ll share my real-time location on messages with my friends. That’s four different apps working together on my phone,” OpenFin CEO and co-founder Mazy Dar explained to TechCrunch. That cross-functionality has long been missing in financial services.

As a result, employees can find themselves losing precious time — which in the world of financial services can often mean losing money — as they juggle multiple screens and perform repetitive processes across different applications.

Additionally, major banks, institutional investors and other financial firms have traditionally deployed natively installed applications in lengthy processes that can often take months, going through long vendor packaging and security reviews that ultimately don’t prevent the software from actually accessing the local system.

OpenFin CEO and co-founder Mazy Dar. Image via OpenFin

As former analysts and traders at major financial institutions, Dar and his co-founder Chuck Doerr (now President & COO of OpenFin) recognized these major pain points and decided to build a common platform that would enable cross-functionality and instant deployment. And since apps on OpenFin are unable to access local file systems, banks can better ensure security and avoid prolonged yet ineffective security review processes.

And the value proposition offered by OpenFin seems to be quite compelling. Openfin boasts an impressive roster of customers using its platform, including over 1,500 major financial firms, almost 40 leading vendors, and 15 out of the world’s 20 largest banks.

Over 1,000 applications have been built on the OS, with OpenFin now deployed on more than 200,000 desktops — a noteworthy milestone given that the ever popular Bloomberg Terminal, which is ubiquitously used across financial institutions and investment firms, is deployed on roughly 300,000 desktops.

Since raising their Series B in February 2017, OpenFin’s deployments have more than doubled. The company’s headcount has also doubled and its European presence has tripled. Earlier this year, OpenFin also launched it’s OpenFin Cloud Services platform, which allows financial firms to launch their own private local app stores for employees and customers without writing a single line of code.

To date, OpenFin has raised a total of $40 million in venture funding and plans to use the capital from its latest round for additional hiring and to expand its footprint onto more desktops around the world. In the long run, OpenFin hopes to become the vital operating infrastructure upon which all developers of financial applications are innovating.

Apple and Google’s mobile operating systems and app stores have enabled more than a million apps that have fundamentally changed how we live,” said Dar. “OpenFin OS and our new app store services enable the next generation of desktop apps that are transforming how we work in financial services.”

News Source = techcrunch.com

Millions of bank loan and mortgage documents have leaked online

in bank/Banking/capitalone/Delhi/Finance/financial services/India/law enforcement/major/money/ocr/Politics/privacy/Security/spokesperson/texas/United States/Wells Fargo by

A trove of more than 24 million financial and banking documents, representing tens of thousands of loans and mortgages from some of the biggest banks in the U.S., has been found online after a server security lapse.

The server, running an Elasticsearch database, had more than a decade’s worth of data, containing loan and mortgage agreements, repayment schedules and other highly sensitive financial and tax documents that reveal an intimate insight into a person’s financial life.

But it wasn’t protected with a password, allowing anyone to access and read the massive cache of documents.

It’s believed that the database was only exposed for two weeks — but long enough for independent security researcher Bob Diachenko to find the data. At first glance, it wasn’t immediately known who owned the data. After we inquired with several banks whose customers information was found on the server, the database was shut down on January 15.

With help from TechCrunch, the leak was traced back to Ascension, a data and analytics company for the financial industry, based in Fort Worth, Texas. The company provides data analysis and portfolio valuations. Among its services, the Ascension converts paper documents and handwritten notes into computer-readable files — known as OCR.

It’s that bank of converted documents that was exposed, Diachenko said in his own write-up.

Sandy Campbell, general counsel at Ascension’s parent company, Rocktop Partners, which owns more than 46,000 loans worth $4.4 billion, confirmed the security incident to TechCrunch.

“On January 15, this vendor learned of a server configuration error that may have led to exposure of some mortgage-related documents,” he said in a statement. “The vendor immediately shut down the server in question, and we are working with third-party forensics experts to investigate the situation. We are also in regular contact with law enforcement investigators and technology partners as this investigation proceeds.”

An unspecified portion of the loans were shared with the contractor for analysis, the statement added, but couldn’t immediately confirm how many loan documents were exposed.

In a phone call, Campbell confirmed that the company will inform all affected customers, and report the incident to state regulators under data breach notification laws.

From our review, it was clear that the documents pertain to loans and mortgages and other correspondence from several of the major financial and lending institutions dating as far back as 2008, if not longer, including CitiFinancial, a now-defunct lending finance arm of Citigroup, files from HSBC Life Insurance, Wells Fargo, CapitalOne and some U.S. federal departments, including the Department of Housing and Urban Development.

Some of the companies have long been defunct, after selling their mortgage divisions and assets to other companies.

Though not all files contained the highly sensitive and personal data points, we found: names, addresses, birth dates, Social Security numbers and bank and checking account numbers, as well as details of loan agreements that include sensitive financial information, such as why the person is requesting the loan.

Some of the documents also note if a person has filed for bankruptcy and tax documents, including annual W-2 tax forms, which are targets for scammers to claim false refunds.

One record, picked at random and redacted, reveals a loan agreement for an individual, including personal information such as the loan amount, name, address and Social Security number (Image: TechCrunch)

But the database stored documents in a random order, and were not easily followable or presented in an easy to read or formatted way, making it difficult to follow from one document to another, said Diachenko.

We verified the authenticity of data by checking a portion of names in the database with public records.

“These documents contained highly sensitive data, such as Social Security numbers, names, phones, addresses, credit history and other details which are usually part of a mortgage or credit report,” Diachenko told TechCrunch. “This information would be a gold mine for cyber criminals who would have everything they need to steal identities, file false tax returns, get loans or credit cards.”

Although the documents originate from these financiers, one bank — Citi, which helped to secure the data — said it had no current relationship with the company.

“Citi recently became aware that a third party, with no connection to Citi, was storing certain mortgage origination and modification documents in an unsecure online environment,” said a Citi spokesperson. “These documents contained information about current or former Citi customers, as well as customers from other financial institutions. Citi notified law enforcement, initiated a thorough forensic investigation and worked quickly to ensure the information could no longer be publicly accessed.”

Citi confirmed that “third party is a vendor to a company that had purchased the loans and we have found no evidence that Citi’s systems were compromised.”

The bank added that it’s working to identify potentially affected customers.

Dozens of other companies are affected, including smaller regional banks and larger multinationals.

A Wells Fargo spokesperson said the data was obtained by Ascension from other entities that purchased Wells Fargo mortgages. When reached, neither HSBC nor CapitalOne had comment at the time of publication. A Housing and Urban Development spokesperson did not respond to a request for comment. The department is currently affected by the ongoing government shutdown. If anything changes, we’ll update.

It’s the latest in a series of security lapses involving Elasticsearch databases.

A massive database leaking millions of real-time SMS text message data was found and secured last year, as well as a popular massage service and, most recently, AIESEC, the largest youth-run nonprofit for working opportunities.


Got a tip? You can send tips securely over Signal and WhatsApp to +1 646-755–8849. You can also send PGP email with the fingerprint: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

News Source = techcrunch.com

Metacert’ Cryptonite can catch phishing links in your email

in api/apple inc/Artificial Intelligence/Bank of America/ceo/chat room/cryptocurrencies/cybersecurity startup/Delhi/digital audio/e-commerce/Economy/email/ethereum/Federal Bureau of Investigation/Finance/gmail/India/internet culture/iPhone/iTunes/itunes ping/Mac Mail/mobile device/mobile devices/money/Outlook/Paul Walsh/PayPal/Politics/Samsung/slack/social media/TC/Wells Fargo by

Metacert, founded by Paul Walsh, originally began as a way to watch chat rooms for fake Ethereum scams. Walsh, who was an early experimenter in cryptocurrencies, grew frustrated when he saw hackers dumping fake links into chat rooms, resulting in users regularly losing cash to scammers.

Now Walsh has expanded his software to email. A new product built for email will show little green or red shields next to links, confirming that a link is what it appears to be. A fake link would appear red while a real PayPal link, say, would appear green. The plugin works with Apple’s Mail app on the iPhone and is called Cryptonite.

“The system utilizes the MetaCert Protocol infrastructure/registry,” said Walsh. “It contains 10 billion classified URLs. This is at the core of all of MetaCert’s products and services. It’s a single API that’s used to protect over 1 million crypto people on Telegram via a security bot and it’s the same API that powers the integration that turned off phishing for the crypto world in 2017. Even when links are shortened? MetaCert unfurls them until it finds the real destination site, and then checks the Protocol to see if it’s verified, unknown or classified as phishing. It does all this in less that 300ms.”

Walsh is also working on a system to scan for Fake News in the wild using a similar technology to his anti-phishing solution. The company is raising currently and is working on a utility token.

Walsh sees his first customers as enterprise and expects IT shops to implement the software to show employees which links are allowed, i.e. company or partner links, and which ones are bad.

“It’s likely we will approach this top down and bottom up, which is unusual for enterprise security solutions. But ours is an enterprise service that anyone can install on their phone in less than a minute,” he said. “SMEs isn’t typically a target market for email security companies but we believe we can address this massive market with a solution that’s not scary to setup and expensive to support. More research is required though, to see if our hypothesis is right.”

“With MetaCert’s security, training is reduced to a single sentence ‘if it doesn’t have a green shield, assume it’s not safe,” said Walsh.

News Source = techcrunch.com

Go to Top