From Open APIs to Open Banking, Part 2

Create a vendor selection project & run comparison reports
Click to express your interest in this report
Indication of coverage against your requirements
A subscription is required to activate this feature. Contact us for more info.
Celent have reviewed this profile and believe it to be accurate.
27 November 2018
Eiichiro Yanagawa

Open API Threats

Security Measures and User Protection

From a systems perspective, open APIs mean that a new communications path is being established to link the information systems of financial institutions with the outside world. This brings new risks including data leaks, data fraud, and illicit transactions. There is also the possibility that data relating to user account information and settlement instructions will be exposed to the risks of leaks, tampering, and fraud via handling by TPPs.

First and foremost, when financial institutions open up their APIs to TPPs, the fundamental system risk relates to the reliability of information regarding user (bank customer) identity verification and the account as well as account-related instructions. Today, financial institutions face an intractable problem when it comes to their information systems: how to ensure that they can correctly determine that authentication and account instructions are genuine.

Fundamentally, the security risk is that a TPP makes an error, and the bank is held responsible, either by regulators or customers.

In the case of Japan, the Japanese Bankers Association’s Review Committee Report on APIs details the fundamental principles of user protection and security measures. Regarding security measures, the report calls for continuous improvement, review, and advancements in the following areas:

  • API connection suitability and eligibility of third parties.
  • Measures to prevent unauthorized external access.
  • Measures to prevent unauthorized internal access.
  • Measures to handle incidents of unauthorized access.
sign in or register to read more

Insight details

Content Type
Blogs
Focus
Digital, Legacy and Ecosystem Transformation
Location
Asia-Pacific