Security Flaws in Trading Platforms

2 min read

A recent report on security issues of popular trading platforms has attracted wide audience attention to this important aspect. Thanks to watchdogs such as IOActive, product owners’ platforms have experienced a stress test and problem areas have been rapidly tweaked to prevent much worse security incidents.

Fortunately, that doesn’t mean that the budget to develop a quality trading platform has to be tripled. As with any other types of risks, security risks should be addressed using a thorough risk management methodology: identify and assess the risks, maintain the risk register, plan risk responses and take into account the urgency, probability and impact of each risk. Consider the industry’s best practices and stakeholders’ risk appetite, perform qualitative and quantitative analysis and conclude if a particular risk shall be mitigated, avoided, transferred or… accepted. There are numerous situations where it is not cost-effective to address a risk in any other way.

Let’s consider a risk management scenario. For example, a trading platform supports DLL imports, used by algo traders, who install third-party plugins. The inclusion of this feature creates the risk that a malicious code could be injected together with the DLL, but the import of DLLs is an integral part of any application development. After assessing the risk, the product owner decides to mitigate it by showing warnings about possible consequences, but preserving the product for the target users. Would you rather abandon the broad audience of algo traders instead?

Security is without a question hugely important. It is of course unacceptable to leave sensitive information in plain text, such as personal data or passwords. Brokers should carefully plan for compliance, confidentiality, integrity and availability of the trading platforms, and at the same time pursue a pragmatic approach and think about the overall user experience.

If you want to discuss the development of a secure trading platform, come and talk to us. Devexperts have been developing tailored solutions for the capital markets industry since 2002.