Open Banking forcing API protection prioritization

Open banking growth

Open Banking Project is an open source system that makes it easier for financial service providers to manage and access consumer banking and financial data through application programming interfaces (APIs). For large enterprises, open banking offers commercial licenses, giving teams access to security patches, proprietary connectors, and dedicated support when adopting these third-party APIs into their own banking apps.

Open banking should stimulate power dynamics in the banking sector. Established banks are likely to cut costs and improve services due to competition with smaller banks that can now offer dynamic services through open banking. It may also mean that established banks will find more sophisticated ways to connect with their customers and increase customer loyalty.

Open banking allows flexibility in money management, for example:

  • Banks can show their customers the best financial products and services for individual needs, offer a savings account with a higher interest rate or a credit card with a lower interest rate.
  • Lenders can get a more accurate picture of an applicant’s financial situation and potential risks, which can help offer more appropriate loan terms.
  • Customers can better understand their own financial situation and gain more control over their finances.

Open banking creates new opportunities for:

  • Scalability when sharing revenue with partners
  • Reduced data license fees
  • Reduced API call charges
  • Reduced transaction fees
  • Data analysis and expert reports
  • Data-driven products and services for loyalty programs with credit cards, bank accounts and financial services platforms

The trend

A combination of government regulation and market forces has triggered a rapid expansion of open banking among financial and non-financial institutions.

  • In the European Union, the United Kingdom, South Korea, Australia and India, governments have mandated by major banks to open up their vast troves of customer accounts to other companies, in an effort to stimulate competition.
  • In the United States and China, it is a market-led movement, with companies establishing open banking relationships between them.
  • In the United States, nearly one in two consumers now use a fintech solutionsmainly peer-to-peer payment solutions and non-bank money transfers.

With more of our lives handled online, consumers and small and medium businesses have turned to fintech apps. In the first six months of 2020 alone, the number of users of open banking-enabled apps or products in the UK doubled from 1 million to 2 million and grew to over 3 million in February 2021. This new wave of open banking has led global financial firms to rely on the use of APIs more than ever.

The bank and FinServ are the main targets of API attacks

Many financial services institutions are struggling to keep pace with their growing use of APIs and API-based microservices, such as open banking. As the number of APIs increases for financial services organizations, so does their attack surface and risk exposure. This reliance on various APIs complicates an organization’s ability to secure dynamic environments and ensure they comply with industry regulations. The use of third-party and open-source API services introduces complex vulnerabilities that attackers can use to gain access to customer account information, payment information, and personally identifiable data. All in all, this creates a perfect storm for security professionals within financial services, many of whom are already struggling to protect their customers’ sensitive data.

Financial privacy and the protection of sensitive consumer data remain top concerns for financial institutions when considering adopting open banking. Research shows that 48% of consumers worry about open banking data and cybersecurity. The need for API security is growing rapidly as attacker strategies have evolved to use APIs as a key attack vector to exploit sensitive data. And it works. Financial services applications are a prime target for attacks due to the type of data they contain, both PII and PCI. Why would an attacker waste their time trying to mine PII and then sell on the dark web when they could cut some corners and get paid right away?

Prioritize protection for open banking and finance APIs

API protection is difficult – and important. That’s why it’s crucial to know which requirements are high on your list when evaluating an API protection solution. Taking a protection-first approach means focusing on finding a solution that can block attacks in real time, and that can only be done with a solution deployed online, not with offline solutions or parallel deployments that require configurations with a WAF, API gateway, cloud providers, code repository, and other technologies that must be constantly maintained to ensure protection. Moreover, APIs are not the only targeted attack vector. This is why solutions that only provide API protection are not enough. Look for vendors that cover the full spectrum of visibility into API, web application, and bot attacks. Finally, having visibility across your organization’s entire attack surface is just as important because it’s constantly changing. Don’t be left in the dark by ensuring your API and web application protection solution can provide the visibility needed to secure your organization’s entire attack surface.

How ThreatX Helps Financial Services Organizations Protect APIs

Protect APIs from malicious bots

The combination of bot detection techniques and behavior-based analytics means ThreatX can detect and block a wide range of automated attacks, such as account takeover, credential stuffing, DDoS attacks, etc. Attacks will often grow over time, as attackers regularly seek out weak endpoints while staying below rate-based rule thresholds. ThreatX continuously monitors API behavior over time to produce a unified risk score, which is used to block attacker behavior with significantly lower false positives and false negatives.

Detect and block attacks in real time

ThreatX analyzes all incoming API traffic in real time, identifying and blocking attacks. This real-time monitoring allows ThreatX to perform advanced threat engagement techniques, such as IP fingerprinting, polling, and tarpitting. These capabilities allow ThreatX to identify and stop the most complex attacks, including large-scale bots and DDoS-level threats.

Discover and visualize the attack surface of APIs

Since ThreatX examines all live traffic, the platform can identify APIs that you may not be aware of, such as zombie and untrusted APIs. Additionally, ThreatX’s API discovery capabilities allow customers to view the entire API attack surface. ThreatX’s API Attack Dashboard provides a central view of how and where APIs can be deployed beyond those known to the organization.

Take advantage of Open Banking Whi Limit the risks

While open banking increases flexibility in how consumers, banks and lenders handle money, it also introduces new risks to sensitive customer data and financial transactions. This is where ThreatX can deliver on its promise to protect the financial services applications and APIs that run the world against API abuse, SQL injections, and botnet attacks while providing zero-day coverage with our SOC. 24×7.

Learn more by chatting with a member of the ThreatX team and request a demo.

Open Banking Forcing Prioritization of API Protection post appeared first on ThreatX.

*** This is a syndicated blog from The Web Application and API Protection Blog Security Bloggers Network written by Sydney Coffaro. Read the original post at:

About Sandra A. Powell

Check Also

Data Security – The Growing Danger of Vishing Attacks – Data Protection

If you own a phone, you’ve probably received a suspicious call from an unknown number …