Financial Aggregators: Friends, Foes, or Attack Surface?

On-demand recording is available now!

Third-party financial aggregators might make life easier for users, but they can be a new attack vector for those looking to defraud your institution and its customers.

Each time a new list of leaked credentials goes into circulation, criminals use them for credential-stuffing attacks on aggregators, as well as other targets. Once working aggregator credentials have been identified, attackers move on to siphon funds out of their victims’ accounts.

Furthermore, some aggregators explicitly aim to use their positions to disintermediate banks and other financial institutions from their customers.

What steps can banks take to:

• Protect their infrastructure?
• Protect their customers?
• Enforce the API use agreements that they have entered with the aggregators?