Experience

Threat modelling token gated commerce

Project to allow platform users to provide bespoke experiences and products to a subset of consumers that held a specific NFT in their connected wallet.

Challenges:

• Green field project requiring web3 3rd party solutions provider integration
• Wallet provisioning cryptographic scheme integrity
• Potential privacy implications

Actions:

• Technical RFP assessment to select for appropriate cryptographic technical solutions

Result: Provider chosen and integrated as well internal policy and standards created around implications of web3 user privacy.

Application security assessments for consumer facing credit card mobile applications

Assisted the security organisation migrate to an agile delivery framework with a relatively unsophisticated application security strategy.

Challenges:

• Adapting current security practices to scale
• Limited resources to execute vision
• Separate phyiscal campuses for engineers

Actions:

• Technical security assessment delivery
• Internal process re-engineering
• Reconfiguring issue reporting documentation

Result: Measurable increase in the security posture of a very widely used mobile app due to shorter assessment and remediation cycles.

Regulatory and compliance requirements translation for the integration of a blockchain-based payment system

Proposed project to integrate a cryptographic payments option into an eCommerce checkout.

Challenges:

• A new 3rd party provider being onboarded
• Potential to undermine current risk posture
• Introduction of new regulatory requirements

Actions:

• Technical regulatory risk assessment performed against the proposed integration with a view to ensure that the business will be able to meet any new requirements that are in scope

Result: Cryptographic payments options integrated without any undue risk and a clear identification of regulatory responsibility between the business and the 3rd party supplier.

Analysis of privacy requirements and how they impact decentralised applications

Plan to implement wallets into user onboarding flow.

Challenges:

• User wallets are public by default
• Risk around wallet integration associated data
• High public visibility and reputational risk

Actions:

• Analysis of the onboarding flow, the wallet and the relevant privacy legislation.
• Recommendations made about product scope and accessibility in terms of geo-location

Result: Wallet integration experiment was run successfully, new technical internal guidelines created regarding privacy and the treatment of data associated with consumer facing wallets.