Security Considerations in Open Banking

Cyber security has been a hot topic for years. The more sophisticated that technology becomes, the more innovative are the attacks. With Open Banking making headlines since the EU Payment Services Directive in 2015, security has become a key focus. APIs are just as at risk of bot attacks as websites are. In the first half of 2020 bad bots were responsible for 21.7% of API attacks, which saw a significant increase from 16.6% in 2019. Different types of attacks can lead to data breaches, identity theft or fraud which are costly for financial institutions, both financially and reputation wise.

There are three main ways in which these attacks can lead to problems for consumers and financial institutions:

+ Loss of personally identifiable information (PII) and business data. This means that a user’s transactions, banking history and personal details can be accessed. Law suits, compensation and bad PR are just a few of the issues faced by financial institutions in this situation. In the long-term customers may go elsewhere, meaning not only rising costs, but lost revenue as well.

+Application DDoS attacks. Although well-known for targeting websites, these complex attacks using sophisticated bots are also being aimed at APIs. They are difficult to monitor and prevent and cause a financial institution’s infrastructure to stagnate. During the time it takes to fix it, customers become frustrated at their lack of access to services and panic that their money could be at risk.

+Payment fraud. Open banking makes data accessible and transactions faster, albeit in a secure environment. However, cyber criminals are adept at finding weaknesses in any system, so fraud prevention and detection systems are as important now as ever. 

When a financial institution designs a cyber security strategy, it’s main goals are obviously to avoid financial losses and to meet regulations. But it should also include a public relations plan.  It’s important to communicate to customers in an informative and transparent way, that open banking’s ‘openness’ so to speak, does not put their finances and data at risk. The path to mass adoption is already somewhat hindered by the word ‘open.’ Financial institutions need to be clear on how they are tackling potential cyber threats.