Data security and privacy are at the core of the platform design of Fintso given that it is a multi-tenant Fintech platform. This is one of the cornerstones on which we are building out our Pillars of Trust between us and our subscribers — to be the safekeepers of all the data related to the businesses of the ﬁnancial advisors and distributors we serve.
Fintso offers an array of mutual fund distributor software and premium financial planning software in India for the investors and the financial advisors across the country. However, you should know that security is the primary thing that we are always concerned about. Who can access data, how they can access, and what the data can be used for, is considered at the design phase of the platform itself by compartmentalising at the database level.
Information security follows three overarching principles:
Conﬁdentiality: This means that information is only being seen or used by people who are authorized to access it.
Integrity: This means that any changes to the information by an unauthorized user are impossible (or at least detected), and changes by authorized users are tracked.
Availability: This means that the information is accessible when authorized users need it.
These are the principles around which we have constructed Fintso
- Keeping users personal data segregated from any ﬁnancial transaction data
- Financial transaction data anonymized before any analytics allowed
- Linkage between the two sets of data - personal and ﬁnancial - only to people(read: end users)with the authorized “Key”
- A stringent access protocol that gives “Roles” to people which determine access rights
- Method to “purge” personal data and stored in a Data Vault
Fintso is using cloud infrastructure (by AWS) to host the platform (100% of the data is stored in servers located within India). This allows us to utilize a lot of the cutting-edge security features including cryptography and built-in web application ﬁrewalls that allow us to create layer 7 rules for our web application traﬃc. The data itself is stored after compartmentalising and encrypting it.
For instance, we store personal and transactional data in separate buckets with a unique encrypted key linking the two, unlike some tech platforms that use sensitive information like PAN to maintain the linkages.
‘Data Isolation’ is just the ﬁrst level of security. The platform is built with clear data entitlement, which ensures that only data which is supposed to be accessible to any user of Fintso is accessible to him/her, be it a subscriber, a subscriber’s client, or our internal users. It is a matrix that is overlaid on the basic database fabric.
Fintso is a platform from where ﬁnancial advisors can initiate transactions on behalf of their clients, and thus, fraud prevention is taken seriously. Any transaction initiated by an advisor, is sent to the respective client’s mobile app for validation. The app login for clients itself is secured with biometric authentication, which ensures a maker-checker mechanism for each transaction.
Ensuring Data Security across the Life Cycle
As the data stored by us is at the core of our engine empowering ﬁnancial advisors, we have taken the approach of getting an external validation on our processes, backend security components and all our endpoints, to secure against external threats. This is being done by a company specialized in checking end point security and vulnerabilities (mobile as well as web) using both white-hat hackers and the latest available tools. This includes the way data is transferred from the cloud platform to the end users.
No data is stored without the permission of the owner of that data. Any outgoing subscriber can ask us to purge their data, which we then anonymise and store in data vaults.
Data accuracy is ensured at the time data enters our database. We have an extensive set of validations for data feeds received from RTAs and other data providers. With usage, our machine learning algorithms only keep getting better at helping our subscribers import, view and share completely accurate data on their clients’ investments.
Even within our organization, we have implemented very stringent security policies on the devices used by our employees, which means no subscriber or client data can leave their systems.
How we did this
A unique Customer ID is created by the system,which tags each “bucket” of Personal data and Transaction data.
Each user of the system, based on their Role / Persona can only access the data they are entitled to.
Client, Advisor/Employee/Associate and Fintso Employee have different channels of authenticating with the platform. It is not possible to use a different channel without the right credential.
Maintaining Audit Logs and Authorisation
This is done at various levels. From the start,when a user is assigned a role, to when the user logs in, to when someone accesses data, to when someone tries to download data.
An escalated system of authorisation is required based on how much / how sensitive data is to be accessed.
What happens when a User wants to leave Fintso?
When a user requests for their data to be purged from Fintso,we will have to make sure that we store no data in the system that could identify the user or be related to them.
In order to remove all traces of user data from Fintso, we will completely clear user’s data from all sources. It would be moved to the encrypted data store – the Data Vault. Data, once writtento the vault, cannot be updated.
The platform would retain the anonymized transaction data in the analytics database, purely for analytics purpose. This database does not contain any information about the user’s identity or trace back to the user.
So what is this Data Vault ?
The Data Vault is a secure place to store encrypted data which is not accessible to Fintso or any of its users. The access to data vault is provided to a service only for the purpose of answering queries from the regulatory bodies under the data protection regulations.
Fintso will use be using Server-Side Encryption with CMKs (Customer Master Key)
Stored in AWS Key Management Service (SSE-KMS). In addition to encryption and access control, SSE-KMS also provides an audit trail that shows when your CMK was used and by whom.
All of user’s personal data, login and request audit trails and system logs would be bundled into a single ﬁle and moved into the vault. The vault would be encrypted using a rotating AWS managed CMK managed in KMS. The ﬁle name would be a hash of the user’s email and is not human readable. The service, CMKs and the S3 bucket containing the encrypted data would all be in the same region.
Access to Data Vault
It is important to remember that while we have the technological solution, it also involves a manual process. There are stringent guidelines, policies and multi-level approvals required to execute the service.
Fintso is an open architecture fintech ecosystem that brings together financial advisors, financial product manufacturers and vertical aggregators. With the aim of democratizing wealth management through existing unorganized players, Fintso provides a white labelled platform-as-a-service for financial advisors to operate their business of serving their investors and grow their brand and identity. The platform provides multi-product transaction execution capabilities along with proprietary research and advisory to financial advisors. Acting as a demand aggregator for asset managers and a means to become omni-channel and connect to a physical distribution network for online-only vertical fintech aggregators, Fintso is enabling them to reach wider audiences.
Core Member & VP – Technology
Vijay brings to the Fintso table over 24 years of experience in developing and implementing technology in the Banking and Finance domain (Retail/Investment/Private Banking, Asset Management, Cash Management and Risk IT).
Over the years he has defined overall missions, revenue objectives and developed a timebound roadmap to strategically identify and optimize revenue opportunities. He is skilled in leading large-scale technology teams and seamlessly chart out process flows and road maps for organisations; having implemented Systems Integration for Deutsche Bank pan-Asia, and planned and implemented key enterprise digital transformation initiatives in the area of RPA, Cloud migration , Various SaaS/DaaS implementations and Self-service Bots for Unisys.
Vijay is a passionate ultra-marathoner, focused and resilient to see his race through successfully, be it at the office or the track.
Solutions Architect - Technology
Over 17 years, Shilpa has built applications for healthcare, federal, transportation and banking domains. She has designed systems using a wide array of diverse technologies from Microsoft to Java to JS to Php to now Python and AWS. She specialises in finding simple and robust solutions to complex problems by leveraging state-of-the-art technologies.
Follow us on
Contact us on
Phone: 022 4897 1500
The information herein is meant only for general reading purposes and the views being expressed only constitute opinions and therefore cannot be considered as guidelines, recommendations or as a professional guide for the readers. The document has been prepared based on public available information, internally developed data and other sources believed to be reliable. The directors, employees, aﬃliates or representatives (“entities & their aﬃliates”) do not assume any responsibility for, or warrant the accuracy,completeness, adequacy and reliability of such information. Recipients of this information are advised to rely on their own analysis, interpretations & investigations.
Certain statements made in this presentation may not be based on historical information or facts and may be “Forward Looking Statements“ including those relating to general business plans and strategy, future ﬁnancial condition and growth prospects, and future developments in industries and competitive and regulatory environments. Although the Company believes that the expectations reﬂected in such Forward Looking Statements are reasonable, they do involve a number of assumptions, risks and uncertainties.
Readers are also advised to seek independent professional advice to arrive at an informed investment decision. Entities & their aﬃliates including persons involved in the preparation or issuance of this material shall not be liable in any way for direct, indirect, special, incidental, consequential, punitive or exemplary damages,including on account of the lost proﬁts arising from the information contained in this material. Recipient alone shall be fully responsible for any decision taken based on this document.