Approov API Threat Protection was a natural choice at the end of our research because of the extensive capabilities of the product.
The advent of PSD2 and open banking has brought both opportunities and challenges for bank and financial institutions in delivering mobile access to their customers. Open banking uses Application Programming Interfaces (APIs) to enable third parties to access financial information needed to create new applications and make transactions.
APIs are an increasingly attractive attack vector, creating vulnerable points of attack which require new security techniques which are not adequately protected by traditional network perimeter defenses. Banks and financial institutions especially need to ensure these channels are protected to mitigate loss of both revenue and reputation.
Shortly after launching their service, a fast growing European Fintech company that focuses on digital banking and payments discovered that fraudsters were using automated systems to open multiple accounts using their mobile APIs. They realized that bad actors had automated the sign-on process and were creating tens and even hundreds of false accounts, and they wanted to be able to monitor and control access to their backend services from their mobile apps via their APIs so that fraudulent traffic could be blocked while maintaining a frictionless experience for legitimate customers.
By adding Approov, scripts and bots which spoof mobile app traffic were prevented from accessing the API since Approov enables blocking of illegitimate API requests not originating from the official app.
By integrating Approov into their mobile channel, this Fintech company achieved a significant drop in fraudulent traffic and eliminated the automated onboarding of new fake accounts.
The Fintech CTO explains why Approov was the right choice:
Approov was a natural choice at the end of our research because of the extensive capabilities of the product. It required minimal integration work while providing maximum security and flexibility. The similar solutions we found were too rigid and required too much initial integration work.