Open banking regulations mandate that banks expose customer financial data through APIs to authorised third-party providers. Security testing covers: strong customer authentication implementation, consent management (can consent be manipulated or exceeded?), API access scope enforcement (can a provider access more data than consented?), token security and lifecycle management, data minimisation compliance, and security of the third-party provider registration and verification process.
Technical
Open Banking Security: A Deep Dive into API Security for Financial Data Sharing para empresas hispanohablantes
Open banking APIs expose sensitive financial data to third-party providers. Security testing for consent, authentication, and data boundaries. Guidance for ES market.