API security was analyzed in a recent report by Traceable AI. According to the report, 82% of financial institutions expressed moderate to extreme concern about complying with federal financial regulations, including FFIEC, OCC and CFPB, and 76% are concerned about PCI-DSS compliance as it relates to their API security posture.
Sixty-four percent of respondents do not have the ability to understand the context between API activity, user activity, data flow and code execution, hindering their ability to detect and respond to API-based threats effectively.
According to the report, APIs in financial organizations commonly handle personally identifiable information (60%), account authentication data (60%), payment card details (56%) and device and location data (55%), making them prime targets for attackers.
Detecting and preventing unauthorized access to accounts (35%), sensitive data exfiltration (33%) and identifying API vulnerabilities (30%) are the most pressing API security concerns for financial institutions, according to the report.
Forty-two percent of respondents who experienced an API-related data breach cite fraud, abuse, and misuse as the root cause, and only 15% are extremely confident in their ability to detect and prevent API-based fraud and abuse.
According to the report, data loss and brand reputation damage (both 41%) topping the list of repercussions, followed by financial loss (36%) and customer attrition (35%).