Mon. Jan 17th, 2022
    en flag
    nl flag
    et flag
    fi flag
    fr flag
    de flag
    he flag
    ja flag
    lv flag
    pl flag
    pt flag
    ru flag
    es flag

    Content Assessment: A New Financial Ecosystem? NIST Draft Report on Cybersecurity for Open Banking

    Information - 97%
    Insight - 93%
    Relevance - 89%
    Objectivity - 92%
    Authority - 95%



    A short percentage-based assessment of the qualitative benefit of the newly published draft report from NIST on cybersecurity considerations for open banking.

    Editor’s Note: From time to time, ComplexDiscovery highlights publicly available or privately purchasable announcements, content updates, and research from cyber, data, and legal discovery providers, research organizations, and ComplexDiscovery community members. While ComplexDiscovery regularly highlights this information, it does not assume any responsibility for content assertions.

    To submit recommendations for consideration and inclusion in ComplexDiscovery’s cyber, data, and legal discovery-centric service, product, or research announcements, contact us today.

    Background Note: This draft report from NIST provides an excellent overview of an emerging financial ecosystem (Open Banking) and potential cybersecurity and privacy challenges to be considered in supporting the new ecosystem. Cybersecurity, information governance, and legal discovery professionals in the eDiscovery ecosystem may find the report beneficial for developing an early understanding of the technology and standards evolving around Open Banking. They may also find the report beneficial as they consider cyber, data, and legal discovery needs to support audits, investigations, and litigation in this emerging financial ecosystem.

    NIST Draft Publication*

    Cybersecurity Considerations for Open Banking Technology and Emerging Standards

    • Published by the National Institute of Standards and Technology (NIST)
    • Authored by Jeffrey Voas, Phil Laplante, Steve Lu, Rafail Ostrovsky, Mohamad Kassab, and Nir Kshetri

    Report Announcement

    “Open banking” (OB) refers to a new financial ecosystem that provides more choices to individuals and small and mid-size businesses concerning the movement of their money, as well as information between financial institutions. Open banking is already being used in several countries around the world, however, it is yet to be adopted in the United States. Anytime a system becomes more transparent, a potential for abuse occurs, and for open banking, that would be at the API level.

    This report contains a definition and description of open banking, its activities, enablers, and cybersecurity, and privacy challenges. This report is not intended to be a promotion of OB within the U.S but rather a factual description of the technology and how various countries have implemented it. Any proposal of a specific API that would be compatible across heterogeneous systems was purposely avoided in this report.

    Report Extract


    Open banking (OB) describes a new financial ecosystem that is governed by a set of security profiles, application interfaces, and guidelines for customer experiences and operations. OB ecosystems are intended to provide new choices and more information to consumers, which should allow for easier interaction with and movement of money between financial institutions and any other entity that participates in the financial ecosystem. OB also aims to make it easier for new actors to gain access to the financial sector (e.g., smaller banks and credit unions), has the potential to reduce customer fees on transactions, and is already in use in various countries.

    Fundamental Banking Functions Provided by Financial Institutions

    Financial institutions engage in lending, receiving deposits, and other authorized financial activities. There are nine types of financial institutions: central banks, retail banks, commercial banks, credit unions, savings and loan institutions, investment banks and companies, brokerage firms, insurance companies, and mortgage companies. Central banks (e.g., the U.S. Federal Reserve Bank) only interact directly with other financial institutions. The rest of these financial institutions interact with individuals, companies, and each other in different ways. For example, banks may act as financial intermediaries by accepting customer deposits or by borrowing in the money markets. Banks then use those deposits and borrowed funds to make loans or to purchase securities. Banking entities also make loans to businesses, individuals, governments, and other entities. This document uses the term “banking entity” to refer to any financial institution that conducts business with individuals, such as a retail bank, credit union, or mortgage company.

    Banks include individuals, merchants, service providers, governments, utilities, non-profit organizations, other banking entities, and others (e.g., consumers, investors, and businesses). Financial sector institutions also serve as financial intermediaries by facilitating payments to and from their customers to the businesses and other entities with which they interact via check payments and debit and credit transfers. Some banking entities provide other services to their customers, such as financial planning and notary services.

    Multiple Financial Institutions

    A customer can interact with more than one financial institution. For example, a person may use a local bank for everyday transactions, a credit union to hold the home mortgage, a car financing firm to finance a car, and one or more other banks for credit cards. However, moving funds between these financial institutions is not always easy or transparent. For example, making a payment to an auto loan through a credit transfer from the local bank requires several customer actions, and making a mortgage payment from an advance on a credit card requires certain authorizations. Customers may be forced to accept most (or all) of a package of services offered by a financial institution. Customers usually cannot “mix and match” services offered by different banking entities easily. For example, it would be unusual to have a checking account with one bank, a money market account with another, a savings account with another, and debit card with yet another bank. Moving funds between these different accounts would likely require several steps and authorizations, including fees.

    Open Banking Defined

    Open banking describes a new kind of financial ecosystem that gives third-party financial service providers open access to consumer banking, transactions, and other financial data from banks and non-bank financial institutions through the use of application programming interfaces (APIs). It is governed by a set of security profiles, application interfaces, and guidelines for customer experiences and operations. Ecosystem-enabled banking means that there are not predefined direct relationships or “supply chains” of financial products and services. Rather, the flow of debits and credits between these products and services are executed at the discretion of the customer.

    Read the original announcement.

    Read the Compete Report: Cybersecurity Considerations for Open Banking Technology and Emerging Standards (PDF) – Mouseover to Scroll

    NIST.IR.8389 - Cybersecurity Considerations for Open Banking Technology and Emerging Standards - Draft

    Read the original report.

    *Shared with permission.

    Additional Reading

    Source: ComplexDiscovery


    Have a Request?

    If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

    ComplexDiscovery is an online publication that highlights cyber, data, and legal discovery insight and intelligence ranging from original research to aggregated news for use by cybersecurity, information governance, and eDiscovery professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data, and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

    ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data, and legal discovery organizations. Focused primarily on supporting the ComplexDiscovery publication, the company is registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world. The company operates virtually worldwide to deliver marketing consulting and services.

    A Warning from the FTC: Remediate Log4j Security Vulnerability

    When vulnerabilities are discovered and exploited, it risks a loss or...

    A New Financial Ecosystem? NIST Draft Report on Cybersecurity for Open Banking

    This new draft report from NIST on Open Banking describes a...

    DAM Ransomware! A Detection, Avoidance, and Mitigation (DAM) Framework for Ransomware

    Ransomware attacks have emerged as a major cybersecurity threat wherein user...

    Assessment and Advice: ENISA Update on Log4j Vulnerability

    On December 9th, information about a critical unauthenticated Remote Code Execution...

    eDiscovery Mergers, Acquisitions, and Investments in 2021

    Since beginning to track the number of publicly highlighted merger, acquisition,...

    eDiscovery Mergers, Acquisitions, and Investments in Q4 2021

    From Consilio and Epiq to Driven and Innovative Discovery, the following...

    Empire Technologies Risk Management Group Acquires GoldMind

    According to Kenya Parrish-Dixon, General Counsel and COO at ETRM Group,...

    Mitratech Acquires Continuity

    According to Mitratech CEO Mike Williams, “We are excited to expand...

    Trusting the Process? 2021 eDiscovery Processing Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    The Year in Review? 2021 eDiscovery Review Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    A 2021 Look at eDiscovery Collection: Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    An eDiscovery Market Size Mashup: 2021-2026 Worldwide Software and Services Overview

    From market retraction in 2020 to resurgence in 2021, the worldwide...

    Five Great Reads on Cyber, Data, and Legal Discovery for December 2021

    From CISA cybersecurity guidance to mastering megamatters, the December 2021 edition...

    Five Great Reads on Cyber, Data, and Legal Discovery for November 2021

    From worldwide eDiscovery market sizing and discovery intelligence to cybersecurity playbooks...

    Five Great Reads on Cyber, Data, and Legal Discovery for October 2021

    From artificial intelligence and predictive coding to eDiscovery business confidence and...

    Five Great Reads on Cyber, Data, and Legal Discovery for September 2021

    From countering ransomware to predictive coding and packaged services, the September...

    Transfers in Order? eDiscovery Operational Metrics in the Winter of 2022

    In the winter of 2021, 43 eDiscovery Business Confidence Survey participants...

    A View from the Top? Winter 2022 eDiscovery Business Confidence Survey Results

    Since January 2016, 2,649 individual responses to twenty-five quarterly eDiscovery Business...

    Common Cents? An Aggregate Overview of Seven Semi-Annual eDiscovery Pricing Surveys

    The anonymized aggregate results from seven semi-annual surveys highlight eDiscovery pricing...

    Alternative Reality? Winter 2022 eDiscovery Pricing Survey Results

    Based on the complexity of data and legal discovery, it is...