Home » Payments - Making » Accounts Payable Management

What security threats will we face under PSD2?

A new white paper by Vasco – Open Banking APIs under PSD2: Security Threats and Solutions – looks at some of the security threats that will come into play when European banks begin to allow access to communication interfaces from third party providers (TPPs), under the Revised Payments Services Directive (PSD2). The research looks at the requirements for the communication interface as defined in the draft regulatory technical standards (RTS) and how banks can protect their interfaces from security threats.

Key security threats for APIs

Some of the key security threats that banks could face when they allow third party access to customer account data could include the following:

  • Leakage of financial information of users. This kind of security breach could arise from vulnerabilities in the application programme interface (API) or compromised or malicious TPP leaking financial information obtained from bank.
  • Fraudulent financial transactions via the API. An API vulnerability could lead to a man-in-the-middle attack and manipulation of transaction data. There could also be compromised or malicious TPPs issuing fraudulent transaction requests.
  • Unavailability of API. The API could be compromised and the quality of service for users could be affected or users could be locked out of the service.

The potential business impacts of these security problems include:

  • legal liability (e.g. GDPR fines);
  • reputational damage
  • financial loss;
  • contractual liability; and
  • negative impact on users.

CTMfile take: This white paper is detailed and useful for anyone wanting to get a grip on the security threats that could arise under PSD2

This item appears in the following sections:
Payments - Making
Accounts Payable Management
Making International Payments

Also see


No comment yet, why not be the first?

Add a comment