Connect with us

Banking

THE GROWING DANGERS OF OPEN BANKING APIS

Published

on

Terry Ray, Senior Vice President and Fellow at Imperva

 

The advent of open banking has unlocked a host of new services for banks and fintechs to offer to customers, opening up new revenue streams. These services have attracted more than 2.5m customers in the UK, and have shaken up the industry with traditional banks trying to keep up with innovative digital competitors like Monzo and Revolut.

However, although open banking has ushered in a new era of convenience for consumers, it has also dramatically expanded  financial firms’ attack surface, in part due to the frequency at which data is accessed and shared between the Application Programming Interfaces (APIs) that connect different banks’ applications. While APIs are essential for the communication between apps, containers and services, they also pose a major security headache. For banks, the questions are:

  • Why are APIs such an attractive target for hackers?
  • How are the threats manifesting?
  • What can be done to keep themselves and their customers secure?

 

If you’re API and you know it

APIs are fast becoming one of the most attractive entry points for cyber-criminals for several key reasons. The first is simply that APIs have access to vast amounts of sensitive data. An API is foundational for open banking because fintechs rely on them to gain access to customer data and sensitive financial records. However, if cyber-criminals are able to get access to that data and where it’s stored, APIs can suddenly act as a blueprint, providing insight and guidance on things like internal database structures. This kind of information is a metaphorical goldmine for a motivated attacker.

Secondly, the last few years have seen explosive growth in the volume of APIs managed by businesses. It’s estimated that open banking APIs have increased from 1.9 million monthly interactions in June 2018 to 694.4 million monthly interactions in December 2020, many of which are being created by development teams without any knowledge or oversight from security. The more APIs banks have, the more pathways hackers have to access sensitive data, and the harder it is for businesses to make sure that all their APIs are properly secured – especially when security teams often don’t even know the full extent of the problem.

And finally, the vulnerabilities hackers can use to exploit APIs is also on the rise. Last year, Imperva Research Labs found that the number of API vulnerabilities continued to grow, even as the volume of all other web application vulnerabilities fell. As a result, banks not only have a rapidly increasing number of APIs to manage, they also have more vulnerabilities to manage.

 

Security analyst overload

For fintech security teams, the ever-growing volume of APIs is a headache that they are struggling to manage. Banks and fintechs have thousands of APIs to inventory and manage – with more coming online all the time. And yet, most don’t have the capacity to monitor and defend all these pathways from the external world to their critical customer data and applications.

If cyber-security is a football match between hackers and security analysts, the growth of APIs is like constantly expanding the goalmouth for one side, and security teams are stuck trying to defend a much bigger target with the same eleven players. Already, 83% of security professionals state that they feel overworked and burnt out, yet Open Banking and digital transformation aren’t going anywhere, meaning the goalmouth is only going to get bigger.

 

A positive approach

The situation can feel desperate, but it isn’t an impossible challenge. Firstly, fintechs to ensure they have full visibility and an always up-to-date inventory of all their APIs and their data exchange patterns. Secondly, they should consider adopting a positive security model around their APIs, meaning that all traffic is blocked as default and with exceptions made for traffic known to be legitimate. Think of APIs as exclusive nightclubs – if you’re not on the guest list, you’re not getting in. This approach not only helps filter out huge swathes of bad traffic, it also helps defend against zero-day attacks.

Beyond that, financial institutions should ensure that they understand the data risks for each API so that varying control and monitoring levels can be applied to each, based on their security, business, and regulatory risk profiles. Having this level of insight greatly increases the awareness around APIs and the risks that each one introduces.

Finally, it’s important to have runtime protection that isn’t dependent on rigid rules but is instead predicated on automated, self-adaptive anomaly detection, as well as a well-designed feedback loop that helps developers address vulnerabilities efficiently through enhancing API design and security testing.

Open banking has been a revolution for businesses and consumers. As demand for such services increases, banks and fintechs alike will find themselves ever more reliant on APIs. Already, the volume is threatening to overwhelm security teams stretched to the brink. Putting in place better processes, a positive security model, and automation where needed, will help alleviate a great deal of this pressure while enabling new services and APIs to be brought online safely.

Banking

WHY THE TIME IS NOW TO BANK BEYOND BORDERS

Published

on

By

by Lili Metodieva, MD of Monneo

 

As our world becomes more interconnected, so too does the need for banking systems to follow suit. In the past, businesses and individuals were often restricted to banking in a single country, but the rise of borderless banking is enabling both to benefit from greater financial freedoms. In this article, we will examine why this trend is so important and explain how Fintech companies are helping to make it possible.

 

What is borderless banking?

Simply put, borderless banking refers to any bank account, which allows users to spend, send and receive money across different countries and currencies, without incurring heavy fees. The concept has become increasingly popular in recent years, with more people now working in cross-border job roles and with many businesses requiring capital in a different currency than that of their country of origin.

For customers, borderless banking is making cross-border financial transactions more efficient and cost-effective. Through its rise, businesses and individuals can gain easier access to international streams of capital, which is crucial in this current moment of economic uncertainty. In fact, 74% of companies say cross-border payments have helped their business to survive [1].

 

Where do IBANs come in?

International Banking Account Numbers (IBAN) play a crucial role in facilitating borderless banking. The globally recognised system enables cross-border transactions to happen safely, by providing each international bank account with its own unique 36-digit alphanumerical code. On account of this code, financial institutions can quickly identify where funds are coming from, as well as where they’re going to.

More recently, providers such as us have been able to deliver Virtual IBANs (vIBAN). Working alongside a network of well-established European and International banks, we’re able to offer businesses a single platform interface that consolidates the management of all IBAN accounts. In turn, our multi-currency service makes conducting global financial transactions incredibly straightforward.

 

How has Brexit affected borderless banking?

The COVID-19 pandemic has accelerated the growth of borderless banking and services related to it, but other developments, such as Brexit are beginning to stand in its way. Most notably, the drawn-out withdrawal process has seeded a growing reluctance amongst risk averse, larger organisations to settle transactions using UK bank accounts or IBANs, due to unfounded concerns around regulatory complexity.

Despite leaving the EU, the UK remains a member of the Single Euro Payments Area (SEPA), so it’s unclear why these concerns around British IBAN accounts exist. Regardless, this unfortunate development must be addressed quickly as it has the potential to adversely affect the livelihood of businesses and individuals at a time of critical need.

 

What does the future hold for borderless banking?

There’s clear demand for borderless banking and borderless payments, but the discrimination of certain IBAN accounts represents a major obstacle, which could stand in the way of their widescale adoption. Moving forward, there needs to be a push towards borderless IBANs, which will make international financial transactions more reliable. At the end of the day, this is what IBANs were originally created for, so it’s important the current problems are rectified quickly.

To ensure this can happen, the industry needs protection and clarity from regulators. Likewise, it’s now time for membership organisations to stand up on behalf of the sector and lobby for the financial inclusion of businesses.

If the confusion regarding UK IBAN accounts can be sorted in a timely manner, businesses across the nation, as well as those further afield can look forward to a future of more streamlined and effective financial services. With this support, the diverse sector can deliver further access to innovative financial services and products, which improve outcomes for businesses and consumers alike.

As a sector, Fintech has the potential to provide vital assistance to the wider economy, particularly in an era of increased cross-border business. At Monneo, we’re committed to being part of that change and as a part of organisations like ‘Accept my IBAN’, are working towards reporting and ending IBAN discrimination.

[1] – https://www.mastercard.com/news/research-reports/2021/borderless-payments-report/

 

Continue Reading

Banking

IT’S TIME FOR BANKS TO SIT THEIR CUSTOMERS DOWN AND TALK OPEN BANKING

Published

on

By

Eugene Danilkis, CEO at Mambu

 

We are living in an experience economy, and banking is no different. Customers need innovative payment and finance management solutions. New entrants are edging into the landscape and challenging existing players. This should mean users have a better view of their finances and the tools they need to manage their money – but banks are failing to deliver.

Personal finances are a complex beast, emotional pulls are strong, and the worry of financial security is always on the mind. It’s the job of banks to be the shoulders customers can lean on and trust.

Open banking was supposed to take this to the next level, enabling banks to deliver personalised products and services based on improved data sharing and customer insights. But three years on, adoption remains sluggish. So, why is open banking failing to live up to its promise?

 

A missed opportunity

Open banking was introduced to the UK in 2018, but consumers are still mired in confusion as to what it means and how it helps them. According to Mambu’s global open banking survey, 61% of consumers say they’ve never used open banking, despite more than 8 in 10 using one or more mobile banking apps.

Eugene Danilkis

This is a problem for banks and consumers alike. Lack of understanding around the technology is hindering its adoption, despite this being in the best interests of both. By enabling the secure sharing of financial information, open banking creates an improved customer experience. Not only does this minimise friction and make online payments faster and easier, but allows for personalised services and greater automation, enabling customers to take advantage of tools like budgeting apps.

For banks, open banking is an opportunity to build innovative new products that will improve the customer journey, helping them retain accounts and acquire new ones. By collaborating with third parties, banks can hyper-target customers and build services that address specific user needs, increasing customer satisfaction and in turn brand loyalty.

It’s true there’s been a recent spike in open banking users. According to Juniper Research global, open banking users rose from 18 million in 2018 to 40 million in 2021. But this can be traced to the necessities of a pandemic rather than any sudden clarity in communications.

 

Putting customers at the heart of communication

Mambu’s research shows more than half of consumers (52%) have never heard of open banking. COVID-19 may have increased the uptake of the technology, but it hasn’t increased understanding among users.

So, what can banks do to encourage consumers to embrace open banking? Fundamentally, they must better educate their customers in terms they understand. This means talking to them like human beings, using clear and transparent language to simply explain the personal benefits open banking brings and why it’s really just smart banking.

The understanding gap between technology and terminology shows that consumer demand is there, but better communication is needed. Making sure consumers truly understand the tools they’re using, the control they now have over their finances and how open banking improves the customer experience is vital to dispersing the current fog of confusion. It’s the benefits of this technology that banks need to hone in on: customers ultimately care about what open banking can do for them and how it’s going to make their lives easier.

Centering the customer and their needs in this way will allow banks to fully realise open banking’s potential. The technology has already given them the opportunity to develop valuable services for customers that help build brand loyalty. But the industry has failed to put the customer at the heart of their communications and processes, and show them how much better banking can be.

 

Building trust

Key to reversing this trend is addressing consumer concerns around data privacy and financial safety. Yes, banks need to prioritise simplicity and clarity in messaging, but this isn’t an excuse to shy away from important conversations. Just because there’s an understanding gap around open banking doesn’t mean consumers aren’t switched on about tech and financial issues.

Mambu’s survey found nearly three in five customers have concerns about privacy and security in relation to open banking. So, it’s vital that banks provide reassurance and relevant information about data sharing from the outset if they’re to assuage these fears.

The industry can also encourage greater adoption by developing and improving open banking interfaces. Banks are the gatekeepers to how easily end-users can authorise certain actions, manage third-party access and navigate different open banking functions. If the interface is user-friendly, customers will have a better experience of the technology and be more likely to use and recommend these services.

 

Time to get talking

Customer communication is holding the industry back.. The ability of open banking to transform financial services is a concept that industry players are well-versed in. But the feeling isn’t mutual for customers.

Banks are failing to capitalise on the open banking opportunity by engaging with new and existing customers about what the technology can do for them. Debunking  common myths can open the door to increased growth and trust for banks, as they seek to open up new revenue streams post pandemic..

Make no mistake, open banking isn’t going away. But customers will if banks don’t get talking.

 

Continue Reading

Magazine

Trending

SET YOUR BUSINESS UP FOR SALES SUCCESS IN A POST-PANDEMIC WORLD SET YOUR BUSINESS UP FOR SALES SUCCESS IN A POST-PANDEMIC WORLD
Business2 days ago

SET YOUR BUSINESS UP FOR SALES SUCCESS IN A POST-PANDEMIC WORLD

Dean Fiveash, Head of FinTech Sales, IFX Without doubt the Coronavirus pandemic impacted every aspect of our lives and fundamentally...

THE EVOLVING TECHNOLOGY NEEDS OF THE FINANCE DEPARTMENT THE EVOLVING TECHNOLOGY NEEDS OF THE FINANCE DEPARTMENT
Business2 days ago

THE EVOLVING TECHNOLOGY NEEDS OF THE FINANCE DEPARTMENT

Jennifer Sims, Senior Consultant at Xledger   The world of finance software is evolving quickly, but with many new software...

HOW RETURNS ABUSE AFFECTS RETAILERS HOW RETURNS ABUSE AFFECTS RETAILERS
Business2 days ago

HOW RETURNS ABUSE AFFECTS RETAILERS

By Aaron Begner, EMEA GM at Forter   Accompanying the significant growth in ecommerce over the past 12 months, is the...

TINTRA PLC FINALISES JOINT VENTURE WITH ARTIFICIAL INTELLIGENCE PARTNER TINTRA PLC FINALISES JOINT VENTURE WITH ARTIFICIAL INTELLIGENCE PARTNER
News2 days ago

TINTRA PLC FINALISES JOINT VENTURE WITH ARTIFICIAL INTELLIGENCE PARTNER TO BUILD INDUSTRY CHANGING REGULATORY TECHNOLOGY

Innovative fintech company, Tintra PLC(https://tintra.com/), has formed a joint venture with award-winning Artificial Intelligence and Machine Learning business, TMC2, via...

CELLPOINT DIGITAL PARTNERS WITH VYNE TO ENABLE INSTANT OPEN BANKING PAYMENTS FOR MERCHANTS CELLPOINT DIGITAL PARTNERS WITH VYNE TO ENABLE INSTANT OPEN BANKING PAYMENTS FOR MERCHANTS
News2 days ago

CELLPOINT DIGITAL PARTNERS WITH VYNE TO ENABLE INSTANT OPEN BANKING PAYMENTS FOR MERCHANTS

The partnership will allow CellPoint Digital customers to incorporate Vyne into its payment ecosystem and access instant payments without a...

WHY A MULTI-ACQUIRER STRATEGY IS KEY TO GLOBAL GROWTH WHY A MULTI-ACQUIRER STRATEGY IS KEY TO GLOBAL GROWTH
Business5 days ago

WHY A MULTI-ACQUIRER STRATEGY IS KEY TO GLOBAL GROWTH

As online business grows exponentially, finally fulfilling the internet’s promise of a ‘global village’ in which anyone can buy and...

Business5 days ago

TAKE THE NO-CODE LEAP TO DIGITAL INNOVATION WITH A FUSION TEAM

Chris Obdam, CEO, Betty Blocks   In the last couple of years, a new sector has emerged alongside enterprise financial...

Finance5 days ago

HOW FINANCIAL ORGANIZATIONS CAN PROTECT THEIR DATA

Yuval Wollman, President, CyberProof and Chief Cyber Officer, UST   Top executives from Wall Street’s largest banks pinpointed cybersecurity as the...

Top 105 days ago

IF IT’S A LOSS, YOU’RE TOO LATE – WHY THE INSURANCE INDUSTRY NEEDS TO FOCUS ON FIRST NOTIFICATION OF RISK

Simon Dicks, Insurance Channel Manager EMEA, Lytx   Insuring commercial fleets can be an expensive business. Average repair costs have...

Business5 days ago

IDENTITY SECURITY IN THE ERA OF SOX

By Steve Bradford, Senior Vice President, EMEA, SailPoint   The Sarbanes-Oxley Act (SOX) is a federal law that mandates practices...

News5 days ago

EXPERIAN LAUNCHES VERIFICATION SERVICE TO SUPPORT FASTER, MORE ACCURATE LENDING DECISIONS

Work Report™ is the UK’s first service that automates the digital sharing of payroll information on behalf of the consumer...

News6 days ago

TENUREX AND ELUCIDATE PARTNER TO INCREASE FINANCIAL INCLUSION WORLDWIDE

TenureX and Elucidate have announced a strategic partnership with a mission to increase financial inclusion worldwide and tackle the laborious...

Banking6 days ago

WHY THE TIME IS NOW TO BANK BEYOND BORDERS

by Lili Metodieva, MD of Monneo   As our world becomes more interconnected, so too does the need for banking...

News6 days ago

PAYCAST PARTNERS WITH MARQETA AND MASTERCARD FOR NEW MARKETPLACE PAYMENT SOLUTION

Paycast will leverage Marqeta’s modern card issuing platform and the Mastercard network to empower marketplaces with payment solutions that help...

Finance1 week ago

HOW FS ORGANISATIONS CAN USE API-DRIVEN DATA AUTOMATION TO JOIN THE OPEN BANKING REVOLUTION

By Steve Barrett, Senior Vice President, International Operations at Delphix    Technology is rapidly transforming all industries across the world. However, for the...

Banking1 week ago

IT’S TIME FOR BANKS TO SIT THEIR CUSTOMERS DOWN AND TALK OPEN BANKING

Eugene Danilkis, CEO at Mambu   We are living in an experience economy, and banking is no different. Customers need...

Banking1 week ago

WILL CHALLENGER OR TRADITIONAL BANKS WIN THE SECURE CARD PAYMENTS BATTLE?

By Vince Graziani, CEO, IDEX Biometrics ASA   Challenger banks have shaken up the payment ecosystem in the last decade....

Banking1 week ago

TOP ITALIAN BANK ROLLS OUT FIRST OF ITS FULLY DIGITAL BRANCHES WITH AURIGA

Banca Carige Smart, the new intelligent branch model enabled by Auriga #NextGenBranch solutions , combines digitalisation with a human touch...

Banking1 week ago

HOW BANKS CAN PROTECT THEMSELVES AGAINST RANSOMWARE

Jay Ralph, Managed Cloud Global Sales Lead at SoftwareONE   We’ve seen a slew of high-profile ransomware attacks in 2021. From hackers...

News1 week ago

BLOCKERS TO BLOCKCHAIN ADOPTION LIFT FOR 65% OF FINANCIAL ORGANISATIONS

Four years of data from Visma | Onguard’s Fintech Barometer finds growing confidence in blockchain technology   65% of organisations...

Trending