ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
ADVERTISEMENT
Home Compliance and Risk

Open banking and API security: Best practices

October 27, 2022
Reading Time: 4 mins read
Open banking and API security: Best practices

Adopters of open banking can more effectively harden their security stance against future attacks, protect their data and customers with a holistic approach to API.

By Yaniv Balmas

Open banking is here to stay. Since its inception in 2018, usage has skyrocketed. Research from Simon Torrance and Bain Capital projects that new markets enabled by open banking will comprise $3.6 trillion market share by 2030. Open banking provides a multitude of opportunities for financial institutions to innovate while simultaneously providing customers with improved access to their money and financial data. Its rapid adoption shines a light on consumers’ desire for better control over their finances and an improved digital customer experience through differentiated service offerings.

Through open banking, consumers have the ability to evaluate competing banking services at their fingertips and ultimately, more control over their financial lives. At the core of this new way of banking are application programming interfaces (APIs), which connect, enable and streamline the flow of financial data between financial institutions.

APIs: the core of open banking’s functionality

APIs enable financial institutions to standardize how they create and connect to an ecosystem of providers to exchange financial data, making them critical to open banking. In open banking systems, banks provide access to their proprietary APIs so that fintech providers and third-party developers have access to their financial data. The data is then in turn used to build and refine additional applications and services, creating partnerships rather than competition between these stakeholders. However, this is not without its challenges. Open banking still enables a relatively low bar when it comes to security requirements.

rightwards arrow
View more
risk and compliance articles

Encryption, authentication and authorization are the main parameters addressed in open banking. To standardize initiatives, all open banking APIs have been designed and documented to support open banking regulations. Authentication and authorization protocols like OpenID Connect (OIDC) and OAuth 2.0 help drive a more collaborative and connected approach to the exchange of data between financial institutions.

However, they only scratch the surface when it comes to the complex security challenges created by APIs. With the combination of different services under the open banking umbrella, numerous APIs must interact together. All of these APIs have their own unique logic. A single financial institution could have hundreds, if not thousands, of APIs—all unique—making it nearly impossible to standardize parameters for the implementation of authorization.

Increasing API attacks and heightened risk

Open banking’s reliance on APIs has made APIs prime targets for cyberattacks. Gartner has predicted that it expects API attacks and related breaches to double by 2024; meanwhile, API security threats have increased in frequency and complexity. The Salt Labs State of API Security Report Q1 2022 found that API attack traffic has increased 681 percent in the past 12 months—more than double the amount of overall API traffic. Because of the tremendous amount of valuable data held by financial institutions and fintech firms, they are the perfect prey for criminal actors.

Additionally, APIs often implement complex business logic. This, combined with multiple external and internal APIs, often developed by different teams with different design approaches, creates a complex and vulnerable environment.

Best practices for protecting banking APIs

Adopters of open banking can more effectively harden their security stance against future attacks, protect their data and customers with a holistic approach to API security that is better suited to protect modern architectures. Financial services providers must consider newer architectures that emphasize big data, artificial intelligence and machine learning ML approaches to capture and analyze large amounts of API traffic in order to detect and stop API attacks throughout the entire lifecycle.

These enhanced security capabilities will continuously work towards uncovering various threats and can enable security teams to have tailored feedback and visibility into all APIs, including shadow and zombie APIs that run without their knowledge and can be susceptible to overlooked vulnerabilities and flaws. This would ultimately allow API teams to have the necessary guidance on how to remediate any detected API issues.

Organizations can’t afford to look at transactions in isolation with traditional technologies like API gateways or WAFs, nor can they rely on authentication, authorization, and encryption alone. Gaps in API security posture leave customer credentials exposed and potentially enable fraudulent activity.

Closing the security gaps in open banking

The safety of critical information should be front of mind when it comes to open banking. Until requirements can be standardized, organizations must be conscientious of best practices to address the unique security needs of APIs.

With a dedicated API security solution leveraging AI and ML, institutions can begin to close security gaps, correctly identify attacks and safeguard the new opportunities being driven by open banking. A purpose-built API security solution gives instant insights into what normal API usage looks like versus abnormal behaviors. Organizations can quickly spot vulnerabilities before an attacker has the opportunity to find, exploit and abuse them, ultimately providing a more protected approach to open banking.

Yaniv Balmas is the VP for research at Salt Security, leading the company’s research division, Salt Labs.

ADVERTISEMENT
Tags: APIsArtificial intelligenceData securityMachine learningOpen bankingTechnology
ShareTweetPin

Related Posts

FBI: Crypto-related fraud losses increased 45% in 2023

Justice Department seizes millions of dollars linked to alleged crypto investment scams

Compliance and Risk
June 20, 2025

The Department of Justice announced it has seized $225.3 million in funds linked to cryptocurrency investment scams. The action marks the largest cryptocurrency seizure in Secret Service history.

ABA urges FinCEN to reevaluate BOI collection burden on banks

FinCEN releases figures on BSA filings

Compliance and Risk
June 20, 2025

Financial institutions filed 4.7 million suspicious activity reports in fiscal year 2024. They filed 20.5 million currency transaction reports during the same time frame.

FinCEN to propose new rules on money laundering, whistleblower program

Treasury official outlines principles for Bank Secrecy Act modernization

Compliance and Risk
June 18, 2025

The Treasury Department is exploring ways to streamline the filing process for suspicious activity reports and currency transaction reports as part of a broader effort to modernize BSA enforcement, Deputy Secretary of the Treasury Michael Faulkender said.

ABA suggests splitting proposal to expand Fedwire, NSS operating hours

FATF releases revisions to international standard for payment transparency

Compliance and Risk
June 18, 2025

FAFT announced several revisions to its recommendation on payments transparency, which it said will enhance the safety and security of cross-border payments to better detect financial crime.

Senate Democrats seek proposals for regulatory changes following recent bank closures

Stablecoin bill clears Senate

Newsbytes
June 17, 2025

The Senate voted in favor of legislation to establish a regulatory framework for payment stablecoins, with proposed amendments to establish routing mandates and interest rate caps for credit cards left out of the final bill.

BAFT releases report on best practices, guidance for ISO 20022 migration

CFPB to delay small-business lending data collection compliance dates

Compliance and Risk
June 17, 2025

The CFPB will issue an interim final rule today to push back by roughly a year the compliance dates for its small-business data collection requirements, according to a filing in the Federal Register.

NEWSBYTES

ABA DataBank: Planned/announced office conversions spike

June 20, 2025

OCC releases mortgage performance report for Q1 2025

June 20, 2025

Justice Department seizes millions of dollars linked to alleged crypto investment scams

June 20, 2025

SPONSORED CONTENT

AI Compliance and Regulation: What Financial Institutions Need to Know

Unlocking Deposit Growth: How Financial Institutions Can Activate Data for Precision Cross-Sell

June 1, 2025
Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

April 25, 2025
Outsourcing: Getting to Go/No-Go

Outsourcing: Getting to Go/No-Go

April 5, 2025
Six Payments Trends Driving the Future of Transactions

Six Payments Trends Driving the Future of Transactions

March 15, 2025

PODCASTS

Podcast: Staying close to clients amid tariff-driven volatility

June 18, 2025

Podcast: Old National’s Jim Ryan on the things that really matter

June 12, 2025

Podcast: What bankers need to know about ‘First Amendment audits’

June 5, 2025
ADVERTISEMENT

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2025 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2025 American Bankers Association. All rights reserved.