Whitepaper by Netacea | PSD2 and API Security

Page 7

PSD2 AND API SECURITY WHITE PAPER

4. HOW SECURE ARE APIS? In the open banking infrastructure, APIs sit between the PSP and the TPP to make sure data can be shared between the two. To ensure banks implement secure API infrastructure by design, account scraping is a banned practice under PSD2. Account scraping is often used by fintechs to gather user data as well as by bots with malicious intent. It’s therefore vital to work with your eyes wide open here. APIs are becoming an increasingly attractive target for cyber-attacks alongside websites and applications. Establishing a resilient API environment is absolutely crucial to maintaining a truly secure and high-functioning ecosystem in which both interconnected parties are protected. If an API is exposed, bots can be used to takeover accounts, scrape data and prevent the API servicing users. API’s have three points of vulnerability – browser, mobile app and the API server – and each must be secured with appropriate mitigation methods.

NETACEA.COM

/ 6

Turn static files into dynamic content formats.

Create a flipbook

Articles inside

1. If PSD2 is a European Law, will the UK need to comply after brexit?

1min
page 4

How Netacea supports PSD2 compliance

1min
page 9

5. Secure your APIs to secure your business

1min
page 8

2. PSD2 puts change and opportunity in the hands of PSPs

1min
page 5

4. How secure are APIs?

0
page 7

3. What role do AISPs & APIs play in open banking?

0
page 6

What is PSD2 & how is it disrupting the financial landscape?

1min
page 3
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.