A MAXUT Consulting application security framework and solutions proposal focused on the Operational Guidelines for Open Banking in Nigeria as issued by the Central Bank of Nigeria (March 2023).
API security refers to the practice of protecting the integrity and confidentiality of Application Programming Interfaces (APIs) to prevent misuse, unauthorized access, data breaches, and other threats.
APIs are critical components in modern software systems, enabling communication between different software components, systems, and devices. As APIs often expose sensitive data and functionality, ensuring their security is a crucial part of the overall system's security posture.
The API Economy is reshaping industries by enabling new ways of creating value, fostering partnerships, and streamlining business operations through technology.
Examples of API Economy in Action:
In a February 2021 publication by the Central Bank of Nigeria, the Bank emphasized the role of open banking in furtherance of the financial inclusion initiatives of the Bank and for improving competition in the financial services space.
The Open Banking Regulatory Framework established baseline standards and requirements and defined risk-based categories of services and guidance for the sharing and leveraging of customer data based on application programming interfaces (APIs). APIs enable 3rd parties to build new solutions and services based on international standard practices.
One of the core principles enunciated clearly in the Framework is the recognition that customers of financial and non-financial services have ownership and control of their data and their right to grant authorizations to service providers for the purpose of accessing innovative financial products and services. For effective management of the risks associated with data exchanges and the opportunities provided by open banking service, the CBN categorized services offered and associated risk ratings as follows:
| S/N | Category | Risk Rating |
|---|---|---|
| 1. | Product Information and Service Touchpoints (PIST) | Low |
| 2. | Market Insight Transactions (MIT) | Moderate |
| 3. | Personal Information and Financial Transaction (PIFT) | High |
| 4. | Profile, Analytics and Scoring Transaction (PAST) | High & Sensitive |
MAXUT Consulting expects most of its customers to offer services that fall in the High-risk rating for the purpose of Open Banking risk management. Furthermore, based on data access levels and open banking services categories, Licensed Payments Service Providers and Deposit Money Banks are expected to respectively attain Tier 2 and Tier 3 Risk Maturity Levels as defined by the CBN.
At a minimum Tier 2 vendors are required to meet at a minimum, extant information and technical security standards, data breach policies and anti-money laundering standards (AML), as set by the CBN, in addition to compliance with Open Banking API security and performance standards (Financial-Grade API - FAPI)
Following further collaborations with industry stakeholders, the Regulatory Framework was issued as an Operations Guidelines for Open Banking in Nigeria document and published in March 2023
By partnering with world-class cybersecurity vendors in multi-factor authentication, API security and with in-house security software developments customized to meet the unique regulatory compliance needs of our customers, MAXUT is uniquely positioned to address Open Banking Security requirements of our customers. Our Multi-factor Authentication (MFA) pedigree and years of integrating secure applications within banking systems and applications environment provides a holistic view of open banking security challenges.
We deliver solutions to meet the requirements of the CBN Operational Guideline for Open Banking in Nigeria (APPENDIX III – Security Standards) especially Section 4.0 in:
Contact your MAXUT Consulting representative to discuss these solutions and best practices for API Security in detail. Or email us at info@maxut.com or visit us at www.maxut.com