Need of API Security with Rise of Open Banking

Strategic Relevance

The rise of Open Banking paradigms in the BFSI industry has led to the adoption of various use cases, such as aggregation and financial management, credit risk and decisioning, payments, and wealth management. The recent emergence of Business as a Service (BAAS) has further empowered third-party applications to provide native business banking experiences. However, with the increasing reliance on data and APIs, the risks and potential threats associated with Open Banking have also grown, making API security crucial.

Challenges & Opportunities

Open Banking, as a vital component of Digital Banking, relies heavily on Data and APIs, specifically Open APIs that adhere to standardized access management. APIs act as conduits for transferring high-risk financial data among stakeholders, making it crucial to ensure their security and prevent unauthorized access. The dependence on APIs in Open Banking has led to an increase in both the frequency and complexity of cyber attacks in recent years. The valuable customer PII information, financial data, and consent management tokens associated with Open Banking make it an attractive target for cyber attackers, posing significant risks of Day Zero attacks.

Future Trends

  • API Gateways, though effective for monitoring API traffic and hosting APIs, require additional API security tools to strengthen policies.
  • Developers must be cautious of attackers using their apps as weapons to breach Open Banking ecosystems.
  • Traditional web application attacks increase API security risks at the gateway.
  • Implementing sophisticated API security tools on top of the gateway is crucial.
  • API gateways have limited control over product processor applications, web services, and API signatures.
  • Attackers can clone business logic with valid API tokens, highlighting the need for enhanced security.
  • Open APIs introduces the risk of shadow or zombie APIs that attackers can exploit for data control.

Best Practices & Key takeaways

  • Intelligent automation: AI and ML tools for enhanced security in Open Banking. Detect anomalous API behavior to prevent cyberattacks.
  • Identifying Shadow and Zombie APIs: Detect and prevent outdated or unused APIs.
  • Shifting from Legacy Security Measures: Add an extra layer of advanced security.
  • Implementing Zero Trust Policies: Enforce strict access management and API governance.
  • Real-Time Attack Prevention: Monitor API usage in real-time for granular threat identification. Leverage intelligent API security solutions.
Abhijit Dey
Vice President – API Banking Product
Axis Bank

Disclaimer: The views expressed in this feature article are of the author. This is not meant to be an advisory to purchase or invest in products, services or solutions of a particular type or, those promoted and sold by a particular company, their legal subsidiary in India or their channel partners. No warranty or any other liability is either expressed or implied.
Reproduction or Copying in part or whole is not permitted unless approved by author.


Please enter your comment!
Please enter your name here

Latest Articles

Sign Up for CXO Digital Pulse Newsletters

Sign Up for CXO Digital Pulse Newsletters to Download the Research Report

Sign Up for CXO Digital Pulse Newsletters to Download the Coffee Table Book

Sign Up for CXO Digital Pulse Newsletters to Download the Vision 2023 Research Report

Download 8 Key Insights for Manufacturing for 2023 Report

Sign Up for CISO Handbook 2023

Download India’s Cybersecurity Outlook 2023 Report