Enhancing AppSec Compliance in Banking: A Case Study of Provident Credit Union

Provident Credit Union is a local financial institution that primarily serves the San Francisco Bay Area. Established in 1950, Provident maintains 21 branches and over 3 billion dollars in assets. The credit union has a 5-star Sustained Superiority rating from Bauer Financial for over 100 consecutive quarters. Provident serves the needs of more than 125,000 members, primarily located in the San Francisco Bay Area. The institution focuses on retail consumer banking needs through their 21 location community branch network, ATMs located throughout the country and internationally, and their online web and mobile banking systems. Provident utilizes several third-party vendors to deliver their mobile and web banking applications.

Provident Credit Union, a financial institution serving over 125,000 members in the San Francisco Bay Area, was facing a significant challenge in managing the security of their mobile and web banking applications. These applications were managed by third-party vendors, and while these vendors provided annual audit material and were available for internal and external audits, Provident felt the need to enhance the security measures. Being located in Silicon Valley, Provident's user base comprised some of the most technically-advanced consumers who demanded top-notch security. Provident needed a method to validate the security of their third-party vendor applications and add an additional layer of security with continuous scanning of their mobile and web banking applications. They also wanted to integrate security reviews as part of their application deployment process. Prior to implementing Data Theorem’s solution, Provident relied on the same third-party vendor for security application, maintenance, and ongoing improvement to protect their members' data and personal financial information.

Data Theorem provided the tools needed to tackle any kind of AppSec compliance challenge that Provident was facing. The solution offered continuous scanning of mobile and web banking applications and integrated security reviews as part of the application deployment process. It also provided reporting capabilities to internal and external auditors, tracking the number of issues, the prioritization of alerts, resolution of issues, and the time taken for resolution. This partnership with Data Theorem gave Provident the assurance of having security experts to help mitigate risk, decrease stress on staff, and streamline operations. The solution also provided Slack integration and alerts, along with secure code fixes, making it easier for the data science and development team to handle quickly.

• The implementation of Data Theorem’s solution brought about significant operational results for Provident. Compliance and regulations, which change over time, were no longer issues that the IT team had to spend much time on. The solution provided Slack integration and alerts, along with secure code fixes, which made it easier for the data science and development team to handle quickly. Penetration testing, a critical component in any comprehensive security plan, was continuously carried out, ensuring thorough checking of defense perimeters. This paved the way for Provident's business to keep running and growing. Data Theorem also alerted Provident when there were issues that the third-party vendor may not consider critical, along with citing specific hacks that they may be susceptible to, enabling attacks to be avoided.