Trend Micro, a global leader in cybersecurity solutions, has today released surveys showing that significant new European banking rules could significantly increase cyber attacks for financial services companies and their clients.
The new research analyzes the impact of the European Union's Revised Payment Services Directive (PSD2), which is designed to give users greater control over their financial data and the option to share the new range of innovative financial technologies (FinTech). This is used worldwide under the term "Open Banking".
“The financial sector has always been an extremely attractive target for them hacker and PSD2 and Open Banking will give hackers even more opportunities to steal sensitive personal and financial information"Said Ed Cabrera, a Trend Micro official. "Our concern is that the industry may not be fully prepared to deal with these very widespread attacks, so we wanted to understand the risks before they occur, to warn companies to handle the situation better."
The report identifies several possible scenarios of attack under the new regulatory regime:
- API Attacks: Public API are at the heart of Open Banking, enabling approved third parties to access users' banking data to provide innovative new financial services. The flaws in these APIs will allow attackers to exploit back-end servers to steal data.
- Attacks on FinTech Companies: Users will be forced to acquire a new trust relationship with providers who may have fewer resources than their banks and have no data protection history. In a quick survey of OpenTraining FinTechs, Trend Micro found that they have average 20 employees and do not have a specialized security professional. This makes them ideal targets for hackers and raises concerns about security gaps in mobile apps, APIs, data sharing techniques, and security modules that could be applied incorrectly.
- Attacks on apps or mobile platforms: Most Open Bank services will be deployed as mobile applications, making them their primary target invaders. Finding a username, password, or encryption key in the app would allow a criminal to recover their banking data user. Even if apps are not allowed to make payments, they could contain transaction data, allowing a hacker to create a highly accurate profile of victims of.
- Attacks against the user: As new Open Banking applications become the primary means of accessing financial data and services, phishing attacks could earn large sums as a reward for them. invaders.
To prepare for the changing landscape, Trend Micro explains how financial institutions can improve cybersecurity. These include ensuring that sensitive information is never included in so-called URL paths, prioritizing secure protocols and eliminating risky practices.
Meanwhile, developers and users of Open Banking applications need to adopt a secure design approach, including regular software checks.