Open banking makes our lives more convenient, but it needs protection. Yevhenii PEDCHENKO, Head of IS Department at Seeton, talks about how to protect this technology from cyberattacks in the article "Networks and Business" magazine
Speaking about the development of technologies and services in Internet banking in Ukraine, we can observe a trend of customers moving from branch services to resolving issues related to loans, money transfers, or card issuance via smartphone. This is what happened when, back in 2015, Internet banking was just starting to gain momentum, allowing customers to make money transfers or top up mobile operator accounts while staying at home, and as of now, by 2025, we have the opportunity to open debit cards, transfer funds between them, buy currency without leaving home, or update our personal data without standing in line at the branch on hot days, using our own smartphone.
Open Banking: Benefits and Risks
It was with the development of these capabilities that the concept of Open Banking began to gain popularity in the European Union in 2018, arising from the progress of digital technologies and the need for greater financial transparency and accessibility of banking services for users. The first initiative was introduced in the EU within the framework of the PSD2 Directive (Payment Services Directive 2), which obliged banks to provide access to payment information to third parties through open interfaces (APIs), ensuring secure data exchange for various financial services. This allowed creating competition in the financial services market, which promotes innovation and facilitates access to loans, investments and other financial instruments.
Open Banking gives consumers greater freedom of choice and control over their finances. receive services from different financial institutions: banks, credit unions and others, through the use of a single platform. This helps reduce the cost and time spent on using different services, increase convenience and access to more personalized financial services, such as automatic expense management or comparison of loan and deposit terms.
Thus, Open Banking is an important step towards the modernization of financial systems, contributing to increased competitiveness, increased efficiency and convenience for customers of various banking institutions.
So how do you protect Open Banking from cyberattacks?
Despite the benefits of Open Banking, this innovation also presents a number of cybersecurity challenges. Since open banking data is transmitted via APIs and made available to third-party financial service providers, it increases the number of potential access points and vulnerabilities through which attackers can attempt to penetrate the banking system providing the service. This can lead to security issues such as:
- risk of leakage of personal customer data;
- problems with identification and authorization;
- integration with third-party financial institutions;
- cyberattacks on API interfaces and leakage of authorization tokens;
- the presence of internal insiders in external financial institutions, etc.
The concept of Open Banking provides huge opportunities for innovation in the financial sector, but at the same time increases cybersecurity risks. Therefore, it is important to ensure an adequate level of data protection, implement the latest authentication mechanisms, API monitoring and increase the security of personal data of financial institutions' clients.
It is worth noting that, according to a study by Akamai, 84% of respondents recorded web attacks related to companies' APIs in 2024. These attacks caused losses in the US in the amount of about $600 thousand on average, in the UK - $500 thousand, in Germany - $450 thousand, etc.
That is why it is recommended to use the Akamai API Security solution to address the above information security risks.
A comprehensive approach to protecting APIs from cyberattacks
Solutions Akamai API Security (formerly known as Noname Security) is a tool designed to protect APIs in real time, which is critical for Open Banking and other digital ecosystems where data exchange between different platforms is becoming a key aspect of functioning using uncontrolled APIs. This solution helps to solve cybersecurity issues related to Open Banking (Fig. 1).
Fig. 1. The principle of operation of the API interface in Open Banking
1. API protection against cyberattacks. Akamai API Security provides the ability to detect and block malicious API requests before they reach the Origin server or database, and includes protection against SQL Injection, Cross-Site Scripting (XSS), and DoS/DDoS attacks.
2. Identification and access control. Akamai API Security provides granular access control at the API level. The system supports integration with mechanisms such as OAuth and OpenID Connect, which allows you to set up secure access to banking data for third parties and users.
3. Monitoring and analysis of traffic. Akamai API Security provides a comprehensive solution for monitoring APIs for threats and vulnerabilities. This allows you to monitor anomalous behaviour and identify potential security issues, such as the use of untrusted web sources or violations of pre-configured access policies.
4. Protection against confidential data leakage. The solution records and monitors any attempts to unauthorisedly access banking data or transfer it via APIs, which is critical to ensuring confidentiality and protecting banking secrecy.
5. 5. Improved visibility and reporting. Akamai API Security provides detailed reports and analytics on the usage of each API. This is important for detecting and investigating security incidents, as well as for compliance with international standards and regulations (e.g. PCI DSS, GDPR, or PSD2).
Akamai API Security provides a comprehensive approach to API security by combining four key components (Figure 2):
Fig. 2. Comprehensive protection from Akamai API Security
- Discovery - is responsible for a complete inventory of API assets, detecting changes, etc;
- Posture Management - includes configuration control, vulnerability detection and management, and prioritisation of remediation;
- Runtime Protection - detects and blocks cyberattacks and suspicious service behaviour in real time;
- Testing - allows you to check the security of APIs at the development stage and eliminate identified vulnerabilities before launching the API interface in products.
Akamai API Security offers three flexible deployment options to accommodate the needs of different organizations and technical requirements (Figure 3).
Fig. 3. Akamai API Security deployment options
The first option is SaaS ― is a fully cloud-based solution where the API Security platform is managed by Akamai in a cloud environment. The second option ― Hybrid ― involves placing remote modules (remote engines) in the customer's own environment: for example, in a data center or private cloud. The third option ― On-Prem ― involves full platform deployment, including backend, user interface, and API management, in the customer's data center or cloud, providing maximum control over the company's infrastructure.
If your company is planning to implement or is already using Open Banking technology, Akamai API Security is a necessary solution to ensure reliable protection of your banking secrecy and security of APIs. Guaranteeing the safe use of Open Banking is impossible without effective API protection, as the open transfer of customer or account data between customers and the company carries cybersecurity risks. Akamai API Security provides comprehensive protection that includes vulnerability detection and remediation, configuration control, real-time monitoring, and active protection against cyberattacks. Flexible deployment models allow your company to easily and quickly adapt the system to your infrastructure, ensuring maximum control and security of company and customer data transmitted via APIs. That's why Akamai API Security is an indispensable tool for successful and secure use of Open Banking technology.
Are you interested in cybersecurity solutions or need a consultation?
Write to us by email: cs@seeton.pro
Source: “Networks and Business” magazine (August 2025) “Is the emergence of the concept of Open Banking a panacea?”