ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
Home Compliance and Risk

Open banking and API security: Best practices

October 27, 2022
Reading Time: 4 mins read
Open banking and API security: Best practices

Adopters of open banking can more effectively harden their security stance against future attacks, protect their data and customers with a holistic approach to API.

By Yaniv Balmas

Open banking is here to stay. Since its inception in 2018, usage has skyrocketed. Research from Simon Torrance and Bain Capital projects that new markets enabled by open banking will comprise $3.6 trillion market share by 2030. Open banking provides a multitude of opportunities for financial institutions to innovate while simultaneously providing customers with improved access to their money and financial data. Its rapid adoption shines a light on consumers’ desire for better control over their finances and an improved digital customer experience through differentiated service offerings.

Through open banking, consumers have the ability to evaluate competing banking services at their fingertips and ultimately, more control over their financial lives. At the core of this new way of banking are application programming interfaces (APIs), which connect, enable and streamline the flow of financial data between financial institutions.

APIs: the core of open banking’s functionality

APIs enable financial institutions to standardize how they create and connect to an ecosystem of providers to exchange financial data, making them critical to open banking. In open banking systems, banks provide access to their proprietary APIs so that fintech providers and third-party developers have access to their financial data. The data is then in turn used to build and refine additional applications and services, creating partnerships rather than competition between these stakeholders. However, this is not without its challenges. Open banking still enables a relatively low bar when it comes to security requirements.

rightwards arrow
View more
risk and compliance articles

Encryption, authentication and authorization are the main parameters addressed in open banking. To standardize initiatives, all open banking APIs have been designed and documented to support open banking regulations. Authentication and authorization protocols like OpenID Connect (OIDC) and OAuth 2.0 help drive a more collaborative and connected approach to the exchange of data between financial institutions.

However, they only scratch the surface when it comes to the complex security challenges created by APIs. With the combination of different services under the open banking umbrella, numerous APIs must interact together. All of these APIs have their own unique logic. A single financial institution could have hundreds, if not thousands, of APIs—all unique—making it nearly impossible to standardize parameters for the implementation of authorization.

Increasing API attacks and heightened risk

Open banking’s reliance on APIs has made APIs prime targets for cyberattacks. Gartner has predicted that it expects API attacks and related breaches to double by 2024; meanwhile, API security threats have increased in frequency and complexity. The Salt Labs State of API Security Report Q1 2022 found that API attack traffic has increased 681 percent in the past 12 months—more than double the amount of overall API traffic. Because of the tremendous amount of valuable data held by financial institutions and fintech firms, they are the perfect prey for criminal actors.

Additionally, APIs often implement complex business logic. This, combined with multiple external and internal APIs, often developed by different teams with different design approaches, creates a complex and vulnerable environment.

Best practices for protecting banking APIs

Adopters of open banking can more effectively harden their security stance against future attacks, protect their data and customers with a holistic approach to API security that is better suited to protect modern architectures. Financial services providers must consider newer architectures that emphasize big data, artificial intelligence and machine learning ML approaches to capture and analyze large amounts of API traffic in order to detect and stop API attacks throughout the entire lifecycle.

These enhanced security capabilities will continuously work towards uncovering various threats and can enable security teams to have tailored feedback and visibility into all APIs, including shadow and zombie APIs that run without their knowledge and can be susceptible to overlooked vulnerabilities and flaws. This would ultimately allow API teams to have the necessary guidance on how to remediate any detected API issues.

Organizations can’t afford to look at transactions in isolation with traditional technologies like API gateways or WAFs, nor can they rely on authentication, authorization, and encryption alone. Gaps in API security posture leave customer credentials exposed and potentially enable fraudulent activity.

Closing the security gaps in open banking

The safety of critical information should be front of mind when it comes to open banking. Until requirements can be standardized, organizations must be conscientious of best practices to address the unique security needs of APIs.

With a dedicated API security solution leveraging AI and ML, institutions can begin to close security gaps, correctly identify attacks and safeguard the new opportunities being driven by open banking. A purpose-built API security solution gives instant insights into what normal API usage looks like versus abnormal behaviors. Organizations can quickly spot vulnerabilities before an attacker has the opportunity to find, exploit and abuse them, ultimately providing a more protected approach to open banking.

Yaniv Balmas is the VP for research at Salt Security, leading the company’s research division, Salt Labs.

Tags: APIsArtificial intelligenceData securityMachine learningOpen bankingTechnology
ShareTweetPin

Related Posts

ABA, BPI support proposed process to create drone no-fly zones

ABA, BPI support proposed process to create drone no-fly zones

Cybersecurity
July 7, 2026

In a joint letter to the FAA, ABA and BPI said that unauthorized unmanned aircraft activity near financial institution sites can create “obvious and legitimate risk” to physical security as well as cybersecurity, as the technology can be...

How to Talk About Your Bank’s Fintech Collaborations

The trust dividend

Technology
July 7, 2026

How regulatory and consumer expectations are shifting how partner banks compete for fintech deposits.

FCC grants ABA-requested extension of ‘revoke all’ rule’s effective date

ABA joins with consumer rights group to protect fraud alerts

Compliance and Risk
July 1, 2026

ABA joined with the National Consumer Law Center and ACA International in proposing to the FCC a rewrite of the “revoke all” rule. The rule is set to take effect on January 31, 2027, but the FCC is...

A close call with fraud

ABA Fraudcast: Defending customers from wire fraud

Compliance and Risk
July 1, 2026

'It's asking questions like: Have you been coached? Is someone telling you to do this? Is this going into an account that you opened or authorized to be opened?'

Republican lawmakers urge Trump officials to preserve CDFI Fund

House committee advances ABA-backed bills on fair credit liability, check fraud

Compliance and Risk
June 30, 2026

The House Financial Services Committee advanced legislation that would align Fair Credit Reporting Act liability with other financial consumer protection laws, reform the Securities and Exchange Commission and give banks more time to verify suspicious checks. The three...

FinCEN issues alert on oil smuggling schemes along southwest border

FinCEN issues alert on fuel smuggling schemes linked to Mexican cartels

Compliance and Risk
June 30, 2026

FinCEN issued a supplemental alert for financial institutions on suspicious activity connected to Cartel de Jalisco Nueva Generacion and other Mexico-based transnational criminal organizations smuggling fuel from the U.S. into Mexico in schemes involving Mexican tax evasion known...

NEWSBYTES

Fed seeks comments on changes to AML program rules, aligns with other agencies

July 8, 2026

CFPB releases its Fall 2025 Unified Agenda of Regulatory and Deregulatory Actions

July 7, 2026

ABA, BPI support proposed process to create drone no-fly zones

July 7, 2026

SPONSORED CONTENT

Why Your Systems Keep Slowing Down — and What to Do About It

Examiners Are Now Looking at Your Non-Core Systems

June 11, 2026
Your Floorplan Audit and Your Credit Decision Are Weeks Apart. That Gap Has a Price.

Your Floorplan Audit and Your Credit Decision Are Weeks Apart. That Gap Has a Price.

June 1, 2026
A Modern Blueprint for Serving High-Net-Worth Families

A Modern Blueprint for Serving High-Net-Worth Families

May 28, 2026
Why Your Systems Keep Slowing Down — and What to Do About It

AI Is in Your Bank. Is Your Cloud Contract Governing It?

May 20, 2026

PODCASTS

Podcast: Financing America’s independence

June 29, 2026

Podcast: Talent and innovation in community banking

June 18, 2026

Podcast: Understanding bank regulators’ guidance on illegal immigration

June 11, 2026

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2026 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2026 American Bankers Association. All rights reserved.