Jake Anthony – Sales Engineering Manager, LogPoint UK&I

On January 13, 2018 the new Open Banking initiative was officially launched, aiming to provide access to application programming interfaces (APIs) to developers interested in building third party applications to enhance existing banking services.

The Open Banking initiative, which is closely tied to the EU’s Revised Payment Service Directive (PSD2), has the potential to legitimize a whole raft of applications that have until now existed in a grey area of legality. These applications and their developers, once authorized, must be given access to customer by the UK’s larger financial institutions if the customer approves the access.

Whilst this is limited to the UK’s largest financial institutions currently, there is no doubt that in a world where banks are considered Data-Rich but Information-Poor (DRIP), Fintech companies will continue to push for access to this wealth of data from all banking institutions to help customers unlock the potential of their own personal financial data.

Simple examples of where this kind of development can create fantastic value for customers is seen in the US, with applications such as MINT, which allows customers to manage their finances across multiple banks from a single interface.

But what’s the risk?

By providing this open API framework to third party providers (TTPs), banks significantly increase the size of their vulnerable enterprise edge to potential threat actors, specifically additional avenues for fraudulent activity. These open API’s mean that critical business applications can no longer be safely hidden behind a standard firewall-based security infrastructure. Even more importantly, to the banks at least, whilst they will be required to give third party access to customer data, they will remain liable for the security of that data.

The Open Banking initiative released a study, undertaken in conjunction with many leading financial institutions, entitled ‘Counter fraud and the Open Banking Ecosystem’, in which they detail the security architecture being deployed to protect the ecosystem itself. Crucially, however they also challenge all participants to ensure they have individually and combined ensure a robust approach to fraud prevention in order to successfully enable the Open Banking ecosystem to work effectively.

Strategies for the prevention of data loss and fraud toned to cover three main components which, when combined, can be used by organizations as a basis for improved security controls;

  • Prevention – how do we stop this happening
  • Detection – how can we see if this is happening
  • Response – how can we respond when this does happen

Where might LogPoint help?

Traditional technologies should be considered only a good starting point for an enterprise’s security controls. Detection of threat actors, both internal and external, require technologies that can allow business to view their landscape through a single interface. Delivering complex correlations and alerting in a simplified manner to ensure that should something occur the business is immediately aware and able to respond.

LogPoint’s streamlined and simple to deploy SIEM solution unlocks the power of cross-device log correlation and puts it into the hands of organizations that traditionally haven’t had the security resources to utilize such technologies. Whether you are a TPP, a PISP or indeed an ASPSP, if you are concerned about your ability to detect and react when threat actors come calling, LogPoint can provide the visibility, control and assurance your enterprise may need.

Contact us for more information.