Security News > 2021 > November > Financial services need to prioritize API security to protect their customers

Whether pursued as a compliance requirement or a business strategy, open banking has ignited financial services firms to focus on APIs and API security.

Financial services API security issues 54 of the 55 mobile apps that were reverse engineered contained hardcoded API keys and tokens including usernames and passwords to third-party services.

Knight said, "For the last decade, I've been focusing my vulnerability research into evaluating the security of the APIs that are now the bedrock of much of our nation's critical infrastructure. My exploits have transcended APIs in emergency services, transportation, healthcare, financial services to FinTech. APIs have become the plumbing for our entire connected world today."

Knight went on to say, "Unfortunately though, this is not without consequence as my research has proven. Many financial services and FinTech companies have opted to not develop their apps internally - instead they've outsourced their API and mobile app development to third-parties. It's clear based on my findings where authentication and authorization are very much broken, that there is no 'trust but verify' happening with these third-party developers."

The effort to attract new and keep existing customers by delivering additional value has resulted in more application services and the supporting APIs.

"As Knight's research has shown over the last couple of years, no industry is immune to an API attack; however, more and more are occurring especially within the Fintech space due to the sensitive nature of the data the APIs can provide and hackers have realized just how easy they are to exploit as Knight's latest research reflects," said Mark Campbell, Sr. Director at Noname Security.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/30thERpoZUU/