Auditing Your Electronic Banking and Payment Applications: FinTech Application Audit Program

This book will assist IT Auditors or anyone saddle with the responsibility of security of financial technology applications such as Online Banking app, Mobile Banking app, e-Wallet app, Bill Payment, Money Transfer app and other E-Payment applications to evaluates the effectiveness and efficiency of controls in place to minimize the risk of confidentiality, integrity and availability of the applications.
The following areas will be covered.

• Getting the policies, procedures and guidelines rights for electronic banking and payment products and services.

• Services relating to vendors or third party service providers and their corresponding service level agreements (SLAs).

• Logical access controls.

• User management and administration.

• Application security.

• Business logic and functionality validation.

• Database security.

• Operating system security.

• Compliance with relevant standards such as PCI-DSS, ISO27001, ISO22301, ISO20000.

• Separation of duties (dual controls).

• Payment card personalization, production and distribution.

• PIN generation and security.

• Front-end processor.

• ATM, POS and Web payment security.

• Data Backup and recovery.

• Application development process and life-cycle.

• Software acquisition management.

• Change management, configuration management and release management.

• Data security.

• Encryption and key management.

• Business continuity and disaster recovery.