How Finder protects 300,000 users’ financial data with Identity management

With 5 million unique monthly visitors, Finder is Australia’s most visited comparison site and a go-to destination for Aussies to compare the best deals on everything from credit cards and mobile phone plans to health insurance and travel deals. And their reach is expanding with strong growth in the US and UK.

When Joe Waller joined the team as Finder’s first Chief Technology Officer in 2018, one of his first moves was to reinvent Finder’s membership program. While Finder’s existing model wasn’t broken, Waller saw an opportunity to better serve users by leading the development of the Finder app – an Australian-first app that would connect users’ bank accounts to track their spending habits and identify where they could save by switching products. To do this, Finder needed a robust security solution that would keep users’ financial data secure.

Using an Identity & Access Management (IAM) platform to reduce attack surface

The protection of users’ data has always been of utmost importance to Finder and this was a key consideration in the creation of the Finder app. 

Using multiple user systems, including a main website service and credit score service, meant Finder could benefit from a solution that utilized a number of features to improve user data security and to consolidate several stores of user data into one unified system. "We wanted to reduce the potential attack surface, and consolidating our member data into a single, secure system was the best approach," Waller explains.  

Ultimately, Waller wanted to build a fortress around user data by integrating security into all aspects of the platform. “When our users provide us with membership and financial information, they are placing a level of trust in us, and it’s important that we honor that trust.” 

Identity management fortifies Finder’s data stronghold

When Finder began moving towards a microservices architecture and building their app, they sought out an authentication provider that could provide “best-in-class” security. Once the decision was made to use Okta Customer Identity Cloud, powered by Auth0, Finder started to migrate hundreds of thousands of user accounts to the new system.  

One of the most important security features Finder uses is Anomaly Detection, which prevents malicious attempts to access the website or the mobile application and blocks further login attempts. “Anomaly detection has proven to work,” says Waller. Brute force detection identifies potential attacks and blocks the offending IP. “It's good to see the defensive capabilities of Customer Identity Cloud in the wild."

Finder further secures their data by fully integrating Customer Identity Cloud into their membership flow, with tokens refreshing regularly. This continuous authentication strengthens the walls of Finder’s data fortress. “It’s part of a ‘defense in-depth’ security strategy,” says Waller. “If you've somehow gotten through the castle walls, we don’t necessarily assume that just because you’re inside, you’re allowed to be inside. It’s safer to keep running additional checks, and so we continue to re-authenticate users.”

Strong security is the bedrock of Finder’s business model

The Finder app launched in March 2020, with plans to then roll it out in the UK and the US. Outsourcing Identity management helped Finder build a better app, faster. “Trying to build out authentication ourselves would divert all of the hundreds of engineers that we have working on key products and features for our members,” says Waller.  

Waller believes that a secure member platform is the foundation for Finder’s future: “For me, it’s a licence to innovate safely and securely. Without a solid member platform that’s secure, we wouldn’t be able to innovate as quickly as we do. Any future work that we create, we make from eligibility programs or membership data which Customer Identity Cloud has made possible.”

About Customer

Every month, 5 million unique visitors globally turn to Finder to save money and time, and to make important life choices. We compare virtually everything from credit cards, phone plans, health insurance, travel deals and much more. 

The free service was founded by three Australians: Fred Schebesta, Frank Restuccia and Jeremy Cabral. Since launching in 2006, Finder has helped members find what they need from 1,800+ brands across 100+ categories. 

Finder now has offices in Australia, the United States, the United Kingdom, Canada, Poland and the Philippines. For further information visit www.finder.com.