Connect with us

Banking

THE GROWING DANGERS OF OPEN BANKING APIS

Published

on

Terry Ray, Senior Vice President and Fellow at Imperva

 

The advent of open banking has unlocked a host of new services for banks and fintechs to offer to customers, opening up new revenue streams. These services have attracted more than 2.5m customers in the UK, and have shaken up the industry with traditional banks trying to keep up with innovative digital competitors like Monzo and Revolut.

However, although open banking has ushered in a new era of convenience for consumers, it has also dramatically expanded  financial firms’ attack surface, in part due to the frequency at which data is accessed and shared between the Application Programming Interfaces (APIs) that connect different banks’ applications. While APIs are essential for the communication between apps, containers and services, they also pose a major security headache. For banks, the questions are:

  • Why are APIs such an attractive target for hackers?
  • How are the threats manifesting?
  • What can be done to keep themselves and their customers secure?

 

If you’re API and you know it

APIs are fast becoming one of the most attractive entry points for cyber-criminals for several key reasons. The first is simply that APIs have access to vast amounts of sensitive data. An API is foundational for open banking because fintechs rely on them to gain access to customer data and sensitive financial records. However, if cyber-criminals are able to get access to that data and where it’s stored, APIs can suddenly act as a blueprint, providing insight and guidance on things like internal database structures. This kind of information is a metaphorical goldmine for a motivated attacker.

Secondly, the last few years have seen explosive growth in the volume of APIs managed by businesses. It’s estimated that open banking APIs have increased from 1.9 million monthly interactions in June 2018 to 694.4 million monthly interactions in December 2020, many of which are being created by development teams without any knowledge or oversight from security. The more APIs banks have, the more pathways hackers have to access sensitive data, and the harder it is for businesses to make sure that all their APIs are properly secured – especially when security teams often don’t even know the full extent of the problem.

And finally, the vulnerabilities hackers can use to exploit APIs is also on the rise. Last year, Imperva Research Labs found that the number of API vulnerabilities continued to grow, even as the volume of all other web application vulnerabilities fell. As a result, banks not only have a rapidly increasing number of APIs to manage, they also have more vulnerabilities to manage.

 

Security analyst overload

For fintech security teams, the ever-growing volume of APIs is a headache that they are struggling to manage. Banks and fintechs have thousands of APIs to inventory and manage – with more coming online all the time. And yet, most don’t have the capacity to monitor and defend all these pathways from the external world to their critical customer data and applications.

If cyber-security is a football match between hackers and security analysts, the growth of APIs is like constantly expanding the goalmouth for one side, and security teams are stuck trying to defend a much bigger target with the same eleven players. Already, 83% of security professionals state that they feel overworked and burnt out, yet Open Banking and digital transformation aren’t going anywhere, meaning the goalmouth is only going to get bigger.

 

A positive approach

The situation can feel desperate, but it isn’t an impossible challenge. Firstly, fintechs to ensure they have full visibility and an always up-to-date inventory of all their APIs and their data exchange patterns. Secondly, they should consider adopting a positive security model around their APIs, meaning that all traffic is blocked as default and with exceptions made for traffic known to be legitimate. Think of APIs as exclusive nightclubs – if you’re not on the guest list, you’re not getting in. This approach not only helps filter out huge swathes of bad traffic, it also helps defend against zero-day attacks.

Beyond that, financial institutions should ensure that they understand the data risks for each API so that varying control and monitoring levels can be applied to each, based on their security, business, and regulatory risk profiles. Having this level of insight greatly increases the awareness around APIs and the risks that each one introduces.

Finally, it’s important to have runtime protection that isn’t dependent on rigid rules but is instead predicated on automated, self-adaptive anomaly detection, as well as a well-designed feedback loop that helps developers address vulnerabilities efficiently through enhancing API design and security testing.

Open banking has been a revolution for businesses and consumers. As demand for such services increases, banks and fintechs alike will find themselves ever more reliant on APIs. Already, the volume is threatening to overwhelm security teams stretched to the brink. Putting in place better processes, a positive security model, and automation where needed, will help alleviate a great deal of this pressure while enabling new services and APIs to be brought online safely.

Banking

Cloud technology in banking: Why adoption is on the rise

Published

on

By

Alpesh Tailor, Executive Director at digital transformation specialist GFT

 

The banking sector has never shied away from innovation, whether it is new products to improve customer savings habits or new ways of interacting with people and business, but embracing new technologies such as cloud has, until recently, been relatively slow. However, leading global financial institutions such as Goldman Sachs and Deutsche Bank have accelerated their adoption of cloud, which can provide insights for efficient technology transformation across the sector.

We conducted research to measure 21 medium-size and large banks’ sentiment and operations regarding cloud technology. Examining the relationship between cloud technology and banking professionals, our research provides an insight into the overall finance sector’s perception of cloud technology and how its application can improve banking procedures and efficiency.

 

Scale-up abilities

A significant trend showed that the way people use their finances and banking systems has changed, particularly when it comes to payments and transfers. Our research revealed that 86% of bankers have adopted cloud services to harness its virtually unlimited scalability, citing a definitive change in transaction behaviour as the main reason for moving to the cloud.

In the world of retail banking, buy-now-pay-later, open banking, and contactless payment systems have revolutionised the way people use their bank, making financial management easier and more efficient. However, despite these evolutions, high street banks are playing catch-up to the challenger banks who possess fewer legacy processes and, therefore, an easier migration to new technologies, such as the full utilisation of cloud and artificial intelligence.

The cloud provides a dependable, scalable, and flexible data system that allows traditional banks to modernise quickly and stay abreast of the innovations that ‘born-in-the-cloud’ challenger banks are bringing to the market. An increasingly popular way of doing this is by adopting a hybrid and multicloud approach.

Most organisations are considering diversifying their cloud technology, with 76% of bankers now agreeing with the importance of implementing multicloud systems in order to benefit from resilience and security improvements made by the main cloud providers. These cloud ‘hyperscalers’ also provide regular updates and continue to release exclusive new services and platforms as they continue to innovate.

 

Optimising costs

Our research indicates that cost optimisation is a primary reason that banks are looking toward the cloud for their future storage needs, with 81% of bankers confirming they have adopted cloud technology to save costs.

Installing and maintaining on-premise IT systems is lengthy and costly for financial institutions. When using the cloud, however, purchasing and installing hardware is no longer required as the cloud service provider hosts all the required infrastructure. The management of the hardware is included within this, reducing the overall cost of IT support further.

 

 Organisational inertia

Technological innovations are usually heralded for their ability to streamline operations, making them quicker and more secure. Our research illustrates that 62% of bankers believe organisational culture and inertia to be a key challenge within the sector. Besides being flexible for scalability and cost, adopting cloud technology can bolster organisational efficiency, since banks can spend fewer resources managing the relationship between trading volumes and payment infrastructure. Bankers acknowledge this opportunity, with 95% of organisations understanding that cloud technology can reduce time-to-market.

 

Overcoming misconceptions with cloud technology

Misconceptions usually exist around any emerging technology and our research found that this theme continues with cloud technology.

43% of the bankers we spoke to admitted that security concerns have impeded full cloud migration – a concern that has frequently been confirmed when speaking to financial services institutions. However, cloud providers invest heavily in the security of their cloud infrastructure which, as a result, makes it almost always safer than its on-premise, client-owned counterpart.

One aspect of adopting the cloud that continues to cause concern, is that which is commonly termed the ‘digital skills gap’. More than half of banks claim a lack of cloud-savvy employees internally has slowed down adoption. At GFT, we understand that this is a major issue for the adoption of cloud technology in all sectors, including banking, and have committed to training and encouraging young people to learn the required skills and enter the sector. We recently launched our Manchester Innovation Hub – a dedicated location to support the upskilling and growth of tech roles in the north.

Going forwards, cloud technology is the primary option for banks seeking to evolve and scale their business, whilst minimising risk, time and cost. Bankers recognise these benefits and the overall findings of our research suggest they will continue to grow their investment in cloud technology. Whilst evolving traditional legacy systems is very challenging, cloud technology continues to advance and we believe that over time it will become a powerful mainstay within the financial services industry.

 

Continue Reading

Banking

Bringing Automation to Banking

Published

on

By

Ron Benegbi, Founder & CEO, Uplinq Financial Technologies

 

Automation is everywhere you look these days; from supermarkets to warehouses to automobiles. This prominent trend shows no sign of abating anytime soon. However, some sectors remain behind others when it comes to adopting automated technologies. Banking is one such segment, but there’s now evidence to suggest that this could be about to change.

 

What do we mean by automation?

There are a lot of ways to define automation, but broadly the term applies to any technological application where human input is minimized through design. Over the years, automation has evolved from a basic level, which took simple tasks and automated them, all the way to advanced automation powered by Artificial Intelligence (AI). In general, automated solutions work to increase productivity and efficiency within businesses and often result in a reduction in costs associated with human capital.

 

Ron Benegbi

Why has the banking sector been slow to adopt automation?

The banking sector has been built on a number of long-standing, tried and tested processes and protocols, which have been continually fortified and refined over time. This is one explanation as to why the sector has been so slow in adopting new, automated methods within its operations. Additionally, many major financial institutions have spent decades building their own internal legacy computer systems, which are often incompatible with modern automated solutions.

When combined, these two issues have caused a significant lag in the banking sector with regards to the adoption of automated technologies. This lag has created a market opportunity that a number of fintech providers have been able to exploit in recent years. Offering a more responsive and tech-first user experience, many fintech providers are leveraging the power of automation to better meet the banking needs of their customers. However, there is still time for the banking sector to start bridging this gap.

 

Does automation have a place in the banking sector?

The opportunity for automation to play a role within banking can be transformational.

To achieve this, it’s important that legacy organizations begin to learn from their more tech-savvy, smaller counterparts. If used effectively, automated financial solutions can greatly improve the experience of banking customers, both on a personal and business level. So, what exactly does this change look like, and how far away are we from seeing it become a reality?

A good place to start is the small business credit lending process, where not much has changed since the 1980’s. Over that period, the world has greatly transformed, but the methods used to assess credit worthiness have remained somewhat static. For the most part, banks assess data related to businesses’ accounting and banking records and from credit scores. For many businesses, especially the newer and less established ones, this antiquated approach is having a detrimental effect. In fact, it’s often cited as a contributor to the huge funding gap between SMBs and their larger counterparts.

 

How can automation benefit the banking sector?

By adopting more automated technologies, lenders in the banking sector can begin to assess more comprehensive information when making credit decisions. Notably, new methods exist, which enable additional data sets to be evaluated, in order to build a more accurate financial depiction of a business’ overall position. This data can come from sources like external market attributes, economic indicators, demographic data and exogenous shocks.

By leveraging additional data sets through new methods of financial automation, banks are now in a position to respond more effectively to small businesses, including those in emerging and evolving markets where there is a lack of conventional sources of information.

With more ways to access funding, facilitated by alternative data and automated processes, small business owners can improve their operational efficiencies and accelerate their growth efforts. In doing so, legacy oriented financial institutions can now better equip themselves in protecting against new, nimbler tech-based disruptors.

 

Continue Reading

Magazine

Trending

Business2 days ago

What Every Small Business Should Do

The majority of the difficulties associated with establishing a business stem from failing to accomplish the small things correctly. The...

Business2 days ago

5 Ways That Businesses Can Get the Most Out of Their Digital Marketing

Everyone knows that the world of marketing has been changing for the last two or three decades. The days of...

News2 days ago

Transact365 launches seamless cross border payments in India

Transact365 enables merchants to transact locally in India Merchants can partner directly with Transact365 without needing to source local partners...

Banking2 days ago

Cloud technology in banking: Why adoption is on the rise

Alpesh Tailor, Executive Director at digital transformation specialist GFT   The banking sector has never shied away from innovation, whether...

Technology2 days ago

A Smarter World: What role will electronics play in 2022

There has been a sharp increase in technology and devices designed to make our lives simpler, faster and more productive...

Business2 days ago

Top 4 Electronics Development from 2021

Phil Simmonds, Chief Executive Officer of EC Electronics.   As we embark on a new year of business, it is a good time to...

Top 102 days ago

Investing in workforce intelligence now, leads to an optimised tomorrow

Michael Cupps (Senior VP, Marketing, ActiveOps) discusses four critical ways in which a new world of workforce data improves organisational...

CRACKING THE CRYPTO CODE CRACKING THE CRYPTO CODE
Business2 days ago

The Evolution and Challenges of Crypto Regulation

Cryptocurrency regulations are evolving quickly around the globe with authorities responding to developing risks professed by criminals exploiting the latest payment...

News2 days ago

Europe’s first blockchain neobank, BENKER, opens for pre-registration

BENKER(http://www.benker.io/) is to become the first officially licensed blockchain neobank launched in Europe following approval by the Bank of Lithuania under the Electronic Money Institution...

Technology5 days ago

AI-Powered Fraud Prevention for Digital Transactions

By Martin Rehak, CEO of Resistant AI Fraud is on the rise, thanks to the rapid escalation of digital channels...

Top 105 days ago

The future of retail trading

Joe Jowett, CEO of StrikeX   The 2020s look set to be the decade of the retail trader. As the...

Business5 days ago

Dissecting the expansion of online checkouts

Daniel Kornitzer, Chief Business Development Officer   Card payments have long existed as the preferred payment method for online consumers....

Business5 days ago

How bug bounty programs can help financial institutions be more secure

Rodolphe Harand, Managing Director at YesWeHack   Financial services have been one of the most heavily targeted industries by cybercriminals...

Business5 days ago

Resolving the unintended friction of Web 3.0

Marten Nelson, CEO, M10 Networks   Media is buzzing about Web 3.0 and the metaverse. Companies and investors are scrambling to get...

Wealth Management5 days ago

Predictions for Alternative Data in 2022

Neil Chapman, CEO of Exabel   2021 saw various firsts for alternative data. The $1.6bn flotation of SimilarWeb evidenced the...

News5 days ago

Why Zero Trust and securing the supply chain is key to post-pandemic recovery

Jim Hietala, Vice President, Business Development and Security at The Open Group   Banking and finance have grown to provide...

Finance5 days ago

Five predictions set impact the finance teams in 2022

By Rob Israch, GM Europe at Tipalti   The CFO now has a very different set of responsibilities in comparison...

Finance5 days ago

Three ways to reduce uncertainty in financial services marketing

By Patrick Costello, Senior Product Strategy Director, Optimizely    According to Bain & Company, uncertainty is one of the key factors affecting marketing...

Banking6 days ago

Bringing Automation to Banking

Ron Benegbi, Founder & CEO, Uplinq Financial Technologies   Automation is everywhere you look these days; from supermarkets to warehouses...

Finance6 days ago

Why financial services is stepping into a new era

by James Mingard, Head of Retail & Finance at Maintel   When comparing industries, financial services has arguably fallen behind when...

Trending