Detecting Open Banking API Security Threats Using Bayesian Attack Graphs

Abstract

Particularly amid Covid-19, enterprises' digital transformation has rapidly accelerated, making cybersecurity an even bigger challenge. Financial institutions adopt FinTech technologies to advance their service and achieve an enhanced customer experience that creates a competitive edge in the market. FinTech products utilise open banking API services to allow communication between a financial institution and a FinTech provider. However, such an integration introduces significant security concerns. Therefore, financial firms must ensure that a robust API service to protect the bank's infrastructure and its customers' information. To address this concern, we propose a Framework for Open Banking API security that utilises STRIDE model to identify security threats in FinTech integration via Open Banking API and Bayesian Attack Graphs to automate predictions of the most exploitable attack paths.