ARE YOU PREPARED FOR THE BANKING REVOLUTION?
Europe through the Revised Directive on Payment Services (PSD2) as well as the Competition and Markets Authority (CMA) in the UK are imposing measures on retail banks to open access to customer’s account information.
In order to comply with those directives, banks will expose a set of public APIs, giving access to customer accounts, bank details, credit cards and loans to other banks and fintech actors.
While we can all agree OpenBanking will greatly benefit consumers, one question is left open: how secure will be the access to this very personal and sensitive data? As The Register points out, “APIs can provide an easy route for attackers if not properly secure”. The N26 bank experienced this first-hand late 2016: the attacker demonstrated how he could advantage of badly secured APIs to hijack accounts.
Our solution supports the latest standards such as OAuth2, OpenID Connect or PKCE. We are also working with the Financial APIs standard (FAPI) working group. which defines specific financial profiles for OAuth2, allowing data access in read-only and read-write modes. FAPI relies on other companion standards such as OAuth token binding, to prevent OAuth tokens theft.
FINANCIAL SECURITY STANDARDS
BE THE FIRST TO TEST OUR PLATFORM
BROUGHT TO YOU BY A TEAM OF WORLDWIDE SECURITY EXPERTS
Our technical team has a long history in corporate security, integration and APIs. They have been designing, developing and deploying best of breed Web application firewalls, IAM and Web SSO solutions, XML/SOA gateways as well as API Management solutions for the last 15 years. Together, they bring a wealth of expertise to the 42Crunch platform.