Banks are digitizing at a rapid pace to catch up with upstart fintech providers. Such rapid evolution can run the risk of introducing vulnerabilities, and the financial services industry is no different.
PSD2, the second iteration of the European Union’s Payment Service Directive, is scheduled to go into effect in January.
The directive is designed to create a level playing field for banks and nonbank financial services providers (fintechs) in the European Union by enabling third-party payment service providers to access customers’ account information. This in turn will enable those payment service providers to initiate payments through accounts at another payment service provider.
All of this requires the widespread use of open APIs to facilitate cross-access to account information. It’s great news for end users, but a potential nightmare for information security.
The banking industry is already heavily involved in API development to facilitate mobile banking, but opening up internal customer data directly to third parties introduces a whole other layer of potential vulnerabilities.