Banks and FinTechs cannot neglect cybersecurity risks at the expense of innovation. Financial services providers must also not overlook the security risk associated with the creation of banking apps in the open banking environment – in particular, API security. There are a number of ways that APIs bolster security, data transparency and control. One of the most effective and secure ways for today’s banks to incorporate FinTech is through the use of application programming interfaces.

The revolution of financial technologies

Financial technology and banking were once held to be separate, competing entities in the financial space, but recently, the two have begun finding more ways to partner together and provide better offerings for their customers. While both banks and FinTech providers, along with their consumers, may benefit from expanded product offerings, all parties will increasingly have to consider the implications of data and information security.

Utilising APIs

One of the most effective and secure ways for today’s banks to incorporate fintech is through the use of application programming interfaces, or APIs. Utilizing APIs is advantageous for both the financial institution, as well as the customer. APIs allow customers to take advantage of fintech apps, while also keeping their information secure.

There are a number of ways that APIs bolster security, data transparency and control. For one, APIs allow banks to share information with third parties, such as fintech app providers, without depending on customers to share their banks’ log-in credentials. Banks that utilize an API can also limit the amount of data shared with third parties so that only necessary information is shared. While most people are relatively comfortable sharing an email or their date of birth, customers are significantly more apprehensive to share their bank account information, credit card number or social security number. Luckily, with the use of an API, banks can offer features like the ability for a customer to access their credit score in real-time through their bank account, without having to give these sensitive details away. APIs give both the financial institution and the customer increased control over data management.

As the realm of fintech continues to grow, it becomes more and more apparent the industry is not going away anytime soon. Banks are seeing the benefits of teaming up with fintech, but also discovering there are new risks involved. As the most trusted institution for ensuring customers’ data is safe and secure, banks have a responsibility to uphold and maintain their customers’ trust, even as their technological capabilities expand. Banks that provide transparency into the benefits and risks of using fintech and utilize APIs to ensure greater control over the information shared with third parties will build customers’ trust and will be able to provide an even greater repertoire of offerings for those customers.

API security is key

But this innovation must not come at the expense of security. The evolving technology and regulatory landscape have meant that cloud technologies must have security baked at its core.

Financial services must also not overlook the security risk associated with the creation of banking apps in the open banking environment – in particular, API security. As developers within banks and fintech companies use APIs to connect technologies (most commonly apps, but also platforms and systems), they create new digital banking innovations and remove barriers to allow more efficient, simpler ways to kickstart innovative programs.

But while the value of inter-connected applications is undeniable, there are also significant risks. APIs provide open connections between platforms, a failure to protect these connections will provide hackers with the opportunity to attack API services with both stolen or invalid credentials. It is essential that developers and security teams within these organisations pay close attention to securing APIs.

To illustrate this, if you visualise opening a door, you want to make sure only the right people (or in this case, apps) have the correct keys. You can do this by specifying the conditions under which actions are taken, giving you precise and confident control over your APIs. Additionally, integrating and identifying contextual factors such as IP addresses, geolocation, and device identification can increase security and reduce credential-based attacks.

Be vigilant to internal threats

With the boom in online banking and mobile apps, identity access management (IAM) becomes essential for securing financial services. External threats such as hackers are most commonly associated with identity theft and fraud, but too often internal threats are neglected. Banks and fintechs must realise the cybersecurity risk associated with their employees. Both human error and malicious intent could lead to damaging data loss/theft.

Staff could be tricked into clicking on convincing-looking phishing links designed to harvest their credentials. Malicious insiders are even harder to spot as they will do their best to cover their tracks. Some may even take data with them to a competitor when they leave. The 2018 Insider Threat Report estimates that 90 per cent of global organisations feel vulnerable to insider-related risk. The main contributing factors highlighted by IT leaders are too many employees with excessive access privileges (37 per cent), and an increasing number of devices with access to sensitive data (36 per cent). For financial services companies, these problems are particularly acute.

Security and innovation breed success

In the battle to dominate the market share in the modern era of banking, players in the financial services industry realise they must be agile, collaborative and scalable. They are under pressure to innovate at pace to appeal to a customer base that no longer cares for blind banking loyalty. But banks and fintechs cannot neglect cybersecurity risks at the expense of innovation.

The rise of digital banking means consumers are placing more personal data and information in the hands of these companies. Cybersecurity, in particular internal access management, becomes a key driver in attracting and retaining customers new and old.