What’s happening? Banks are coming under fire for weak security controls which are leaving consumers more vulnerable to spoofs, scams, and hackers.
The State of the Internet report from cloud service and security provider Akamai Technologies warned financial institutions (FIs) that as open banking begins to proliferate in the US, they must take application programming interface (API) security more seriously.
Elsewhere, UK banks aren’t taking full advantage of resources that can prevent their customers from falling victim to authorized push payment (APP) fraud, per FinExtra.
Fraud in the US: According to the Akamai report, as US banks increasingly work with third-party fintech providers via API connections, their API security is weakening or not keeping up with scammers’ tactics.
- Within the past year, attacks on financial-services-related APIs and closely related web applications grew 257%.
- In North America, the growth in attacks was even higher, at 449%.
- The methods by which hackers use APIs to access personal financial data are becoming more complex, too. If an API is misconfigured, bad actors don’t even need a password or login information to access consumer data. Hackers can also gain access directly to files on a bank server through an improperly secured vendor that works with the bank.
APIs power open banking: In partnering with fintechs, banks rely heavily on APIs to create quick and easy connections with third-party providers. The practice is common in the UK, where open banking is part of a national mandate. US banks aren’t yet required to implement open banking solutions, though requirements are likely coming.
But many US banks have already felt the pressure from consumers to engage in these partnerships.