report released today by Trend Micro has found that new European open-banking rules could leave financial services organizations and their customers more susceptible to cyber-attacks.

The European Union’s Revised Payment Services Directive (PSD2) is designed to give users greater control over their financial and the option to carry out open banking via a new breed of innovative fintech firms. According to Trend Micro’s research, that increased control could come at a heavy cost. 

Vulnerabilities that could be exploited as a result of the EU’s PSD2 include public APIs that allow approved third parties to access users’ banking data and mobile that contain transactional data that could make users targets for phishing attacks.

Another concern raised by the report pertained to financial technology (fintech) firms that have no record on data protection and lack the resources of big .

In a quick survey of open-banking fintechs, Trend Micro found them to have an average of 20 employees and no dedicated professionals. The report suggests that such setups make these fintechs ideal targets for attackers and raise concerns over gaps in their mobile apps, APIs, data-sharing techniques, and modules that could be incorrectly implemented.

Bharat Mistry, principal security strategist at Trend Micro, told Infosecurity Magazine: “The worst-case scenario here is that cyber-criminals could very easily develop malicious apps, especially for mobile smartphone devices where the App Store provider hasn’t taken sufficient measures to validate the source of the application. Then, using phishing campaigns, hackers could direct users to download and use malicious apps, thereby exposing banking credentials to prying eyes.”

Open banking comes with the additional challenge of how and to whom blame should be ascribed when cybercrimes do inevitably occur.   

Mistry said: “Another aspect of this evolving open-banking world is the increasing complexity of proving responsibility when a fraudulent transaction occurs. The fault can potentially lie with the bank, the user, or the third-party provider; how smoothly will communication between these three parties go to resolve any such incident?”

Wherever the blame may lie, Mistry expects customers of financial services providers will expect their providers to shoulder the responsibility of maintaining

He said: “Cyber insurance is proving to be popular with organizations who want to offset their cyber liabilities; unfortunately, I cannot see individuals taking out such policies as most people are reluctant to pay for something that they think the service provider or bank should be taking care of.”



Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here