The Balancing Act of API Security
Credit unions who utilize core technology that offers open architecture no doubt did their research and entered into a core provider partnership with their credit union's future in mind. In doing so, they set themselves up to offer members current fintech as soon as it becomes available. Using API (Application Program interface) technology, new third-party applications can easily interact with any credit union app to provide additional services, features and added conveniences. While inviting third-party technology to work and interact with your digital banking technology is a simple and expedient solution to boost your member offerings, is it safe? Is it smart to let them have access to your member’s accounts?
Checking the latest news is all that’s needed to confirm the fact that cybersecurity breaches have grown common. But while every industry has to contend with cybercriminals, the financial services industry is by far the most frequent target. A quarter of all malware attacks were aimed at financial services organizations in 2018, according to IntSights.
However, the good news is credit unions and other financial institutions are aware and have enacted more stringent security measures to help protect members and their data. Within their own in-house apps and technology, core providers themselves have addressed cybersecurity issues such as non-SSL (insecure) links, parameter attacks where hackers exploit weaknesses in apps via JavaScript injection attacks, identity attacks (where hackers use the name of the API to gain access to data), and man-in-the-middle attack where the perpetrator sits between the user and the API to intercept the information. A good core provider will have their own cyber protection in place as part of their structure and is prepared to protect a credit union and its members from attacks and hackers.
API’s are also helping in providing security for your member’s online transactions and account information behind the scenes too. There are some APIs specifically designed to provide services such as detecting and cleaning malware/viruses, checking website reputation, help with fraud investigation, and bug and data bounty programs.
Encouraging your members to practice good judgement when using mobile devices for banking is crucial. Setting up two-factor authentication, periodically changing passwords, logging out of mobile banking apps as soon as a transaction is done, and not banking or sharing account information with people they don’t know (specifically when using P2P services such as Venmo, PayPal, etc.) While cybersecurity will always be a concern, it shouldn’t keep you from offering great technologies to your members. Partner with a core provider that has your security and best interests in mind when designing a platform for you. Finding the right balance between security and your fintech offerings is more important than ever.