Solution Overviews

Datasheet: API Protection for banks

Issue link:

Contents of this Issue


Page 0 of 2

Last modification: 31-03-2017 / 08:35 AM GMT+01:00 1 © 2017 Irdeto. All Rights Reserved. for payments & banking Product Datasheet API PROTECTION FOR BANKS for web & mobile applications The goal of PSD2, and similar regulations coming into effect around the globe, is to increase innovation and security in the banking industry. Ironically, the innovation mandate will also increase the potential threat of cybercrime. To mitigate this threat, regulatory bodies such as the European Banking Authority (EBA) have outlined tough new security guidelines. Unfortunately, satisfying these guidelines requires advanced security technologies and techniques you probably aren't using. The problem with (open) APIs Until now, banks have enjoyed relative control over what happens to sensitive customer data. But with APIs opening up to third-party providers (TPPs), this data will be exposed to the hostility of the internet via third-party web and mobile applications. And this exposure will greatly increase the attack surface for hackers. Of course, not only third-party apps are vulnerable. Every time a consumer accesses their bank account from a web-based interface, they are opening themselves up to cyberattack. This type of attack, known as MitM (man-in-the-middle), exploits vulnerabilities in the code that carries data between the user interface and the bank's web server/API. An attacker can secretly position himself in the middle of this client-to-server connection and steal data or gain access to the bank's back end systems, inject malware, steal money, or commit all sorts of nefarious acts. Your current security isn't enough In PSD2, the EBA has mandated that financial services providers must use advanced security technology to safeguard all client-to-server communications against interception by hackers (MitM attacks). And research has shown that a significant percentage of internet connections protected by standard encryption protocols are vulnerable to MitM. In financial services, 82% of all hacking-related data breaches occur via web apps.

Articles in this issue

Links on this page

view archives of Solution Overviews - Datasheet: API Protection for banks