Securely Enable Financial Aggregators to Innovate and Deliver Customer Value
Embrace Open Banking while managing Aggregator and Third-Party Provider (TTP) risks
Financial aggregators are here to stay, these services provide valuable customer experiences to help people manage their finances. For example, they might consolidate your customer’s balances, transactions, and profiles across accounts. It is important that Financial Institutions can embrace Open Banking while balancing App & API Security to mitigate risk and prevent fraud while meeting customer expectations.
While financial aggregators provide value to consumers and create new ways for them to engage, they also come with risks:
Attackers take advantage of the relationship fintech tools have with banks to validate accounts via credential stuffing against the aggregator instead of directly against the institution
Financial aggregators store login credentials making them a tempting target for attackers
Fake financial aggregator apps or impersonators phishing customer credentials
Aggregators may unwittingly be scraping consumer data in a non-compliant way
Aggregators can flood websites, raising infrastructure costs and potentially causing latency or outages
Some aggregators may abuse APIs or websites if there are not APIs. Other aggregators may try to bypass APIs to avoid rate-limits or usage fees
Give your customers full access to their data when and where they want it, through the user-enabled fintech tools they choose – while also protecting your apps against credential stuffing and other forms of attack and abuse.
Ultimately, consumers will continue to use aggregators and Open Banking policies will continue to provide them with opportunities. F5 Aggregator Manager empowers Financial Institutions to innovate while lowering digital fraud and security risk by helping them:
A baseline is established to understand all traffic and labels traffic as human, automated, or aggregator giving the FI the ability to better manage their traffic
Aggregator access can be managed and enforced to ensure they go through authorized channels (ex: API), under pre-defined volume/time limits reducing the threat surface.
Aggregator Manager not only blocks attacks at the financial institution’s web and mobile properties, but also detects when attackers are credential stuffing through an aggregator for account validation
Expert consulting will work with FI and aggregators to ensure best practices such as storing user financial credentials, becoming a registered third-party provider and switching to APIs supported by the financial institutions they source from.