PSD2's API Wave Will Pump Up the Security Risk

September 13, 2017

Banks are digitizing at a rapid pace to catch up with upstart fintech providers. Such rapid evolution can run the risk of introducing vulnerabilities, and the financial services industry is no different.

PSD2, the second iteration of the European Union’s Payment Service Directive, is scheduled to go into effect in January.

The directive is designed to create a level playing field for banks and nonbank financial services providers (fintechs) in the European Union by enabling third-party payment service providers to access customers’ account information. This in turn will enable those payment service providers to initiate payments through accounts at another payment service provider.

All of this requires the widespread use of open APIs to facilitate cross-access to account information. It’s great news for end users, but a potential nightmare for information security.

The banking industry is already heavily involved in API development to facilitate mobile banking, but opening up internal customer data directly to third parties introduces a whole other layer of potential vulnerabilities.

Previous Flipbook
Protect Your Financial Service Website | Distil Networks
Protect Your Financial Service Website | Distil Networks

Protect your financial service website against account takeover, fraud, data theft and API abuse. Download ...

Next Flipbook
Distil Solves Account Takeover Attacks For Entropay | Entropay Case Study
Distil Solves Account Takeover Attacks For Entropay | Entropay Case Study

Entropay blocks account takeover attempts, and accelerates the performance of its online payment services w...