Issue link: https://recursos.axway.com/i/1321495
46 Open Banking APIs State of the Market Report 2020 Security is a fundamental concern for all open banking stakeholders. Banks can apply industry best practices during the creation and publication of open APIs to ensure that they do not expose any vulnerabilities, such as those described in the Top 10 OWASP Open Web Application Security Risks. First there are regulatory security protocols that may require third parties to be accredited to use a bank's open APIs. These are usually maintained by a regulatory authority and a bank can assess evidence to ensure that a fintech or other API consumer is appropriately credentialled. There are also security reviews undertaken by a bank when a fintech submits their application for testing when requesting to use a bank's APIs in production use. In the API design and management itself, there are opportunities for banks to draw on key security technologies. Authentication is the process of ensuring that external API consumers are checked and credentialled each time they attempt to make an API call. Robust authentication and authorization processes ensure the bank can be confident they are only sharing the agreed data with the appropriately identified API consumer. 83% of banks indicate that they use OAuth 2.0 standards for authentication processes. Other security technologies such as two-factor authentication and JWT tokens can be enforced when assessing how fintech manages the customer consent flow. These security technologies can ensure that a customer knowingly gives their consent to the fintech to use a bank's APIs to connect their product to the bank's customer. In addition, there are other security measures such as rate limiting and throttling that ensure that fintech are applying best practices when making API calls and not generating inefficient data retrievals. SECURITY AS A FIRST ORDER CONCERN