National Post (National Edition)
Attack Pathways to Watch For
1. APIs
Public APIs are at the heart of open banking, allowing approved third parties to access users’ banking data to provide innovative new financial services. Implementation flaws allow attackers to exploit back-end servers to steal data.
2. Fintech companies
Users will enter new trust relationships with companies that likely have fewer resources than their banks and no track record on data protection. Open banking fintechs have an average of 20 employees and no dedicated security professional.
3. Apps or mobile platforms
Most open banking services are deployed as mobile apps. Finding the credentials within the app will allow criminals to retrieve banking data and pose as the user. This can allow attackers to build accurate profiles of their victims.
4. Against the user
Because new open banking apps will become the main way for users to access financial data and services, phishing attacks could reap major rewards for attackers.