The financial services industry is the most targeted sector for cybercriminals globally. Financial institutions and their customers exchange vast volumes of the most valuable data in the digital economy: account credentials, payment information, transaction records, and wire transfer instructions that move millions of dollars daily. For banks, insurance companies, cooperatives, fintech companies, and financial service providers across Honduras, Panama, Costa Rica, El Salvador, Mexico, Miami, and Puerto Rico, securing financial data in transit is a fundamental business and regulatory requirement.

Why Financial Data in Transit Is a Primary Attack Target

Data “in transit” refers to any data moving between systems, applications, or networks. Financial data in transit includes authentication credentials, transaction data, wire transfer instructions, and API calls between fintech platforms and financial institutions. Each flow represents a potential interception point for attackers. Business Email Compromise (BEC) fraud — one of the most financially damaging attacks targeting Honduran financial institutions — specifically targets wire transfer instructions in transit.

The Regulatory Framework for Honduran Financial Institutions

Honduras — CNBS Resolution GRD No.793/2022

The CNBS Resolution GRD No.793/16-12-2022 establishes cybersecurity requirements for Honduran financial institutions that include specific controls around the protection of data in transit. Financial institutions operating in Honduras must implement encryption for all electronic communications containing sensitive customer data, maintain secure communication channels for interbank transactions, and demonstrate compliance through regular security assessments. GLADiiUM’s SOC as a Service Honduras is specifically designed to generate the audit evidence CNBS inspectors require.

Panama — Superintendencia de Bancos (SBP)

Panama’s banking supervisor requires financial institutions to implement comprehensive data security programs including encryption of data in transit, secure API design for digital banking services, and regular penetration testing of internet-facing financial systems.

United States (Miami, Puerto Rico) — GLBA Safeguards Rule

The Gramm-Leach-Bliley Act Safeguards Rule requires US financial institutions to implement specific technical safeguards protecting customer financial information, including encryption of customer information in transit and at rest, and multi-factor authentication for accessing customer data.

Core Technical Controls for Financial Data in Transit

• TLS 1.2 or 1.3 encryption — The current standard for encrypting web-based financial transactions. TLS 1.0 and 1.1 are deprecated.
• Multi-factor authentication (MFA) — Required for all customer access to online banking portals. MFA ensures stolen credentials alone are insufficient for account access.
• Transaction signing — High-value financial transactions should require digital signatures that verify authenticity and prevent man-in-the-middle modification of amounts or beneficiary accounts.
• API gateway security — Financial APIs should be exposed through dedicated API gateways that enforce authentication, rate limiting, input validation and logging.
• Network segmentation — Payment processing systems and core banking platforms should be isolated in dedicated network segments. The same IT/OT segmentation principle applies to financial infrastructure.

Employee Training for Financial Sector Staff

The most sophisticated technical controls can be undermined by untrained employees. Specific training priorities include recognition of BEC attacks targeting wire transfer requests, procedures for verifying unusual payment requests out-of-band, and recognition of phishing attempts impersonating financial regulators or correspondent banks.

GLADiiUM’s Financial Services Security Practice in Honduras

GLADiiUM brings specialized expertise in financial services cybersecurity. For Honduran financial institutions specifically, our services include CNBS 793/2022 compliance programs, 24/7 SOC monitoring, BEC protection implementation, penetration testing of online banking portals, and ISO 27001 certification support.

Contact GLADiiUM Technology Partners for a free financial services security assessment.

Phone: +504-2544-0147
Email: [email protected]