With 2.6 million unique monthly visitors, Finder is Australia’s most visited comparison site and a go-to destination for Aussies to compare the best deals on everything from credit cards and mobile phone plans to health insurance and travel deals. And their reach is expanding with strong growth in the US and UK.

When Joe Waller joined the team as Finder’s first Chief Product and Technology Officer in 2018, one of his first moves was to reinvent Finder’s membership program. While Finder’s existing model wasn’t broken, Waller saw an opportunity to better serve users by leading the development of the Finder app – an Australian-first app that connects users’ bank accounts to track their spending habits and identify where they could save by switching products. To do this, Finder needed a robust security solution that would keep users’ financial data secure.

Using an Identity & Access Management (IAM) Platform to Reduce Attack Surface

The protection of users’ data has always been of utmost importance to Finder and this was a key consideration in the creation of the Finder app. 

Using multiple user systems, including a main website service and credit score service, meant Finder could benefit from a solution that utilized a number of features to improve user data security and to consolidate several stores of user data into one unified system. "We wanted to reduce the potential attack surface, and consolidating our member data into a single, secure system was the best approach." 

Ultimately, Waller wanted to build a fortress around user data by integrating security into all aspects of the platform. “When our users provide us with membership and financial information, they are placing a level of trust in us, and it’s important that we honor that trust.” 

Auth0’s Features Fortify Finder’s Data Stronghold

When Finder began moving towards a microservices architecture and building their app, they sought out an authentication provider that could provide “best-in-class” security. Once the decision to use Auth0 was made, Finder started to migrate hundreds of thousands of user accounts to the new system. 

One of the most important security features Finder uses is anomaly detection. It prevents malicious attempts to access the website or the Mobile application as well as blocks further login attempts. “Anomaly detection has proven to work,” says Waller. Brute force detection identifies potential attacks and blocks the offending IP. “It's good to see the defensive capabilities of Auth0 in the wild." 

Finder further secures their data by fully integrating Auth0 into their membership flow, with tokens refreshing regularly. This continuous authentication strengthens the walls of Finder’s data fortress. “It’s part of a ‘defense in-depth’ security strategy,” says Waller. “If you've somehow gotten through the castle walls, we don’t necessarily assume that just because you’re inside, you’re allowed to be inside. It’s safer to keep running additional checks, and so we continue to re-authenticate users.”

Strong Security is the Bedrock of Finder’s Business Model

The Finder app launched in mid March 2020, with plans to then roll it out in the UK and the US. Outsourcing identity management helped Finder build a better app, faster. “Trying to build out authentication ourselves would divert all of the hundreds of engineers that we have working on key products and features for our members,” says Waller. 

Waller believes that a secure member platform is the foundation for Finder’s future: “For me, it’s a license to innovate safely and securely. Without a solid member platform that’s secure, we wouldn’t be able to innovate as quickly as we do. Any future work that we create, we make from eligibility programs or membership data which Auth0 has made possible.”