Account
Please wait, authorizing ...

Don't have an account? Register here today.

×

Five Reasons Why Banking APIs Attract Cybercrime

Cinco motivos por lo que las APIs bancarias atraen a la ciberdelincuencia

International. Application Programming Interfaces are the bridge that connects banks with a digital ecosystem, allowing the integration of services and the creation of user experiences that make banking more efficient and customizable.

Without APIs, each company would have to build its own communication system with each bank, which would be expensive, time-consuming, and complex. Thanks to banking APIs, this process is simplified, however, they also become one of the most attractive vectors for cyber attackers.

The number of Open Banking API calls is projected to grow from 102 billion in 2023 to 580 billion in 2027, highlighting the critical importance of APIs in the banking infrastructure of the future. On the other hand, the value of open banking transactions is also expected to rise considerably and reach $330 billion by 2027.

Oswaldo Palacios, Latam Senior Account Executive at Akamai, explained that a banking API acts as a bridge between different software and applications. When a user makes, for example, a bank transfer in an application, the API is responsible for transmitting the request to the bank and then transmitting the response back to the application. "A banking API is capable of offering a series of benefits in terms of adaptability and speed in a business context determined by immediacy," said the executive.

APIs are pillars of digital transformation, allowing banks to evolve and stay competitive in the face of the emergence of Fintech and Techfins. As with any aspect of computing, API security is a critical concern for businesses and organizations that rely on APIs to provide access to their services and data. "APIs can be vulnerable to a wide range of security risks, which can lead to data breaches, unauthorized access, and other forms of abuse," he said.

Akamai's study Digital Fortresses Under Siege: Threats to Modern Application Architectures, highlights that the main vertical sectors affected by attacks on web applications and APIs from January 2023 to June 2024 were: Commerce, High Tech, and Financial Services. The latter sector recorded 55 billion attacks, which were particularly problematic for both organizations and customers because they can compromise user account information. This opens up opportunities for credential theft and other forms of abuse across an organization's application landscape.

APIs that lack an effective security posture could be more exposed to attackers who have a keen eye for weaknesses and are quick to exploit them. In this regard, Oswaldo Palacios mentioned the five reasons why banking APIs are an attraction for cybercrime, and also alerted the financial sector to take appropriate security measures:

1) Cybercriminals love APIs because they usually contain the keys to a large amount of valuable information. If not properly secured, APIs can expose sensitive data.

2) Hackers look for APIs created and implemented without sufficient security measures, which offer an easy entry point. While legacy APIs, if not updated regularly, also become the target of attackers, as they often offer several entry points that have been ignored or overlooked.

3) An attacker can inject malicious code or commands into an API request to exploit a vulnerability and gain unauthorized access to sensitive data. Behavioral analysis can help detect these types of attacks by identifying anomalous patterns that could indicate that someone is trying to exploit an API weakness.

4) Unauthorized users can exploit vulnerabilities in an API to disrupt services or hijack the system for use. Common threats include injection attacks, intermediary machine attacks (MITMs), and DDoS attacks aimed at overwhelming an API with traffic.

5) Security teams face unique challenges given the volume, speed, and complexity of the API environment in many organizations. A significant number of companies lack visibility into their API footprint, leading to an incomplete picture of the overall security landscape. Knowing both the full inventory of an attack surface and having security controls in place to protect that surface is crucial to keeping intruders out of a network.

That is why Oswaldo Palacios advised implementing strong authentication and authorization protocols, using encryption to protect data during transit, limiting the exposure of API terminals to reduce potential attack vectors, carrying out security audits and periodic vulnerability assessments, and following a Zero Trust model: Do not trust any requests by default.

"Securing APIs can be a difficult task that goes beyond access restrictions. The goal is to create a security environment around APIs that can resist intrusion or misuse attempts. Organizations must invest time, resources and maintain a continuous strategy to protect their APIs against the numerous security risks they face," concluded Oswaldo Palacios.

Álvaro León Pérez Sepúlveda
Author: Álvaro León Pérez Sepúlveda
Editor - Latin Press, Inc.
Comunicador Social Periodista egresado de la Universidad de Antioquia, con más de 14 años de experiencia en medios periodísticos y proyectos de comunicación digital. [email protected]

No thoughts on “Five Reasons Why Banking APIs Attract Cybercrime”

• If you're already registered, please log in first. Your email will not be published.

Leave your comment

In reply to Some User
Suscribase Gratis
SUBSCRIBE TO OUR ENGLISH NEWSLETTER
DO YOU NEED A SERVICE OR PRODUCT QUOTE?
LATEST INTERVIEWS

Webinar: Para todas sus necesidades de seguridad

https://www.ventasdeseguridad.com/2... Para todas sus necesidades de seguridad Por: Eduardo Cortés Coronado, Representante Comercial en México - SECO-LARM USA INC Conozca la gama de productos más vendidos y de alta calidad de SECO-LARM que utilizan las empresas profesionales de seguridad, para así garantizar soluciones confiables y duraderas.

Webinar: Seguridad y transporte conectado: Sistemas predictivos para proteger y optimizar las rutas

https://www.ventasdeseguridad.com/2... Modera: Héctor Romero, Presidente de Círculo Logístico y Director General de TLR Logística Ponentes: Rafael Escobar, Channel Manager IoT/M2M Alai Secure León Rojas Madrid, CEO Lemad Logistics Jorge González, Commercial manager Telemetría de México Introducción y datos globales del mercado del transporte y la logística (México, Latam y Europa). Las nuevas tecnologías, con el objetivo de contribuir a la mejora de procesos y toma de decisiones, se abren paso para garantizar la seguridad de vehículos del transporte y la logística (telemetría y telemática vehicular, diseño y optimización de rutas…) Ir de la mano de un operador especializado en comunicaciones M2M/IoT como Alai Secure es clave para asegurar la estabilidad y disponibilidad del servicio y garantizar la conectividad durante toda la ruta.

Top 3 noticias más importantes de la industria de la seguridad electrónica

Entre los hechos destacados de esta semana se encuentra la realización de IntegraTEC México, el evento para integradores de tecnologías; así como la fusión empresarial de Milestone Systems con Arcules y la convocatoria para aspirar a las becas ofrecidas por el Foro SIA Mujeres en Seguridad. #Seguridad #SeguridadElectrónica #Videovigilancia #VentasDeSeguridad

Webinar: Inteligencia Artificial en NVR & Cámaras Enforcer

https://www.ventasdeseguridad.com/2... Tema: Inteligencia Artificial en NVR & Cámaras Enforcer Por: Eduardo Cortés Coronado, Representante Comercial en México - SECO-LARM USA INC Fecha: Martes 28 de mayo, 2024 Hora: 10.00H (Colombia) 09:00H (México) Conozca cómo sacar ventaja de las funciones de inteligencia artificial en NVR´S 4K & cámaras IP enforcer, disuación activa, reconocimiento facial, reconocimiento de matriculas vehiculares, salidas alarma etc.

Webinar: NxWitness el VMS rápido fácil y ultra ligero

Load more...
SITE SPONSORS










LATEST NEWSLETTER
Latest Newsletter