Skip to main content
About Us

IT Vulnerabilities with Open Banking

February 9, 2023

Contributors: Jessica R. Dore, CISA

More than 80% of internet traffic relies on application programming interfaces (APIs), software that permits two or more computers to talk with each other. APIs fuel open banking and the growth of online banking services by connecting, aggregating, and streamlining the exchange of data between financial institutions and third parties that leverage the data to give customers better access to and control over their finances by creating applications that support transactions like account transfers, online payments, and more. Complex open banking services require the interaction of hundreds, if not thousands, of individual APIs, each with their own unique logic, making them prime targets for cyberattacks and data breaches.

Encryption, authentication, and authorization are tools to address the complex security issues created by APIs; however, they are not enough. Web applications are designed for human use, while APIs are built for machines, creating an automated vulnerability that hackers can exploit to access data in a variety of ways.

For instance, multiple layers of APIs may be needed to pass customer information from the financial institution to a data aggregator, then finally to the application the customer is using to access their account information. Plus, API attack activity looks like normal API traffic to traditional security tools that typically can only inspect one transaction at a time and are dependent on signatures to detect known attack patterns.

According to the 2022 State of the Internet report released by Akami, security vulnerabilities of APIs grew substantially in the last year — attacks on financial service APIs and web applications rose by 257% globally and by more than 449% in North America. The use of botnets, computers infected with and connected via malware, to conduct API and other cyberattacks increased by 81%, and distributed denial-of-service (DoS) attack targets also grew by 22%, according to the report. When these incidents occur, financial organizations not only lose competitive edge, they also can suffer from severely damaged reputations and lack of customer trust and loyalty that have long-term implications on growth and revenue.

Leadership at financial institutions that embrace open banking and are undergoing their own digital transformation should take a holistic approach to API security. Building highly experienced IT teams, processes and technologies that deliver continuous AI (artificial intelligence), and ML (machine learning) analysis of volumes of API traffic data and activity patterns are critical to understanding normal patterns and detecting and stopping API attacks in real-time.


To learn more about API challenges and opportunities, and how Rehmann can help your financial institution maximize their benefits while mitigating risk, contact [email protected] or call 989.797.8391.