U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

NISTIR 8389 (Draft)

Cybersecurity Considerations for Open Banking Technology and Emerging Standards

Date Published: January 3, 2022
Comments Due: March 3, 2022 (public comment period is CLOSED)
Email Questions to: nistir-8389-comments@nist.gov

Author(s)

Jeffrey Voas (NIST), Phillip Laplante (Penn State University), Mohamad Kassab (Penn State University), Steve Lu (Stealth Software), Rafail Ostrovsky (UCLA), Nir Kshetri (UNC Greensboro)

Announcement

“Open banking” (OB) refers to a new financial ecosystem that provides more choices to individuals and small and mid-size businesses concerning the movement of their money, as well as information between financial institutions. Open banking is already being used in several countries around the world, however, it is yet to be adopted in the United States. Anytime a system becomes more transparent, a potential for abuse occurs, and for open banking, that would be at the API level.

This report contains a definition and description of open banking, its activities, enablers, and cybersecurity, and privacy challenges. This report is not intended to be a promotion of OB within the U.S but rather a factual description of the technology and how various countries have implemented it. Any proposal of a specific API that would be compatible across heterogeneous systems was purposely avoided in this report.

 

NOTE:  A call for patent claims is included on page iv of this draft.  For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Abstract

Keywords

open banking; computer security; privacy; cybersecurity; APIs
Control Families

None selected

Documentation

Publication:
NISTIR 8389 (Draft) (DOI)
Local Download

Supplemental Material:
None available

Document History:
01/03/22: NISTIR 8389 (Draft)

Topics

Security and Privacy
general security & privacy

Applications
small & medium business

Sectors
financial services