Financial Aggregator Risks

Securely Enable Financial Aggregators to Innovate and Deliver Customer Value

Embrace Open Banking while managing Aggregator and Third-Party Provider (TTP) risks


How Do You Securely Enable Financial Aggregators?

Financial aggregators are here to stay, these services provide valuable customer experiences to help people manage their finances. For example, they might consolidate your customer’s balances, transactions, and profiles across accounts. It is important that Financial Institutions can embrace Open Banking while balancing App & API Security to mitigate risk and prevent fraud while meeting customer expectations.
 

Financial Aggregators Can Create Unintended Application, Infrastructure, and Security Risk

While financial aggregators provide value to consumers and create new ways for them to engage, they also come with risks:

Account Verification

Attackers take advantage of the relationship fintech tools have with banks to validate accounts via credential stuffing against the aggregator instead of directly against the institution

Account Takeover

Financial aggregators store login credentials making them a tempting target for attackers

Impersonation Attacks

Fake financial aggregator apps or impersonators phishing customer credentials

Screen Scraping

Aggregators may unwittingly be scraping consumer data in a non-compliant way

Unpredictable Traffic Spikes

Aggregators can flood websites, raising infrastructure costs and potentially causing latency or outages

Compliance Breach

Some aggregators may abuse APIs or websites if there are not APIs. Other aggregators may try to bypass APIs to avoid rate-limits or usage fees

Embrace Open Banking and Manage Aggregator Risk

Give your customers full access to their data when and where they want it, through the user-enabled fintech tools they choose – while also protecting your apps against credential stuffing and other forms of attack and abuse.

Ultimately, consumers will continue to use aggregators and Open Banking policies will continue to provide them with opportunities. F5 Aggregator Manager empowers Financial Institutions to innovate while lowering digital fraud and security risk by helping them:
 

Increase Visibility

A baseline is established to understand all traffic and labels traffic as human, automated, or aggregator giving the FI the ability to better manage their traffic

 

Ensure Least Privilege Access

Aggregator access can be managed and enforced to ensure they go through authorized channels (ex: API), under pre-defined volume/time limits reducing the threat surface.

 

Mitigate Attacks

Aggregator Manager not only blocks attacks at the financial institution’s web and mobile properties, but also detects when attackers are credential stuffing through an aggregator for account validation

 

Embrace Open API Economy w/ Onboarding Assistance

Expert consulting will work with FI and aggregators to ensure best practices such as storing user financial credentials, becoming a registered third-party provider and switching to APIs supported by the financial institutions they source from.

 

Thank you!

Thank you for registering, a Shape expert will contact you soon.