Access Control of Finance APIs

posted in #IT Security on the 18.06.2018

The PSD2 Directive has redefined the framework for interfaces for payment service providers. In a study, we examine technical and security issues that arise for providers of financial APIs.

The Directive (EU) 2015/2366 of the European Parliament and the Council from November 25, 2015 adopted new framework conditions for the harmonization of payment services in the European internal market. New models of interaction are expected to provide APIs from banks so that financial data and services can be more widely consumed and shared. The aim of this project was to analyze examples of known interfaces and to shed light on potentially safety-relevant aspects. Precisely, the focus is put on the four APIs NextGenPSD2, STET, SBAS und Priora.


File Description File size
pdf Study (DE) Version 1.0 from 14.06.2018 (German only)
585 KB