As we have heavily stressed in our previous articles, due to the advancements seen by technology there is ease of living and consequently, we also see a rise in digital crimes as well. Its the financial sector that has borne the brunt of the major chunk of cyber-attacks across the world. And now with the introduction of the Revised Payment Service Directive (PSD2) which is commonly known as Open Banking, the dark cloud of cyber threats seems to have grown only darker and more menacing in nature.
Implemented in the month of September this year, the open banking system was designed to replace the 2007 payments directive in the European Union, however, banks in the United States and Asia have also started making comparable adjustments to accommodate their customers as well.
The open banking system aims towards making banking transactions cost-effective, easier and more secure. This entails banking and financial institutions opening their Application Programming Interfaces API’s to fintech companies to accommodate additional services like payment apps and more. Bank customers, however, will have to give their consent to these fintech companies to access their banking data.
With an aim to make banking secure the PSD2 mandates a two-way authentication and dynamic linking system, wherein code for each transaction is specified to the recipient. Additionally, banks are using an extra layer of security in the authentication process between Fintech companies and banks called the Financial Grade API (FGAPI)
Given the fact that due to this development, new Fintech players would also call for their share in the market, which would enable them access to valuable customer data. This would lead to an increase in Cyber Attacks in the financial sector.
A few notable points are
- Due to the publicly accessible APIs of banks and fintech players, hackers will have a wider range of targets in their crosshairs.
- Some old banking techniques are still in use
- Some banking apps and Fintech players are tied up with third partied like advertisers and app performance service companies
- Better security protocols are still under development and hence cant be implemented
Conclusion
While open banking promises a lot, the current network implementations pose a concern from a security standpoint.
We would recommend, Fintech companies to stop using risky and obsolete techniques, while Banks should stop sending customers emails with links since they are prone to playing in the hands of the attackers. App developers should also ensure that their apps are secure in design and can hold their own in a hostile environment.
Additionally, banks can also incorporate a safeguarding protocol within their IT framework which checks for any vulnerabilities and mitigates the risk before it arises.
To read more, please check eScan Blog