What Expert Says On Marqeta Expanding Credit Platform With 40 New APIs

API use is growing at an incredible rate, and this story further exemplifies this growth. While APIs bring about huge benefits, they also bring about some serious security concerns – particularly in the financial sector where API vulnerabilities can result in the theft of huge quantities of money. It is therefore incredibly important that organisations using new APIs, no matter how big the business benefits, make security a top priority. They need to consider API security both when developing the APIs, with pre-production security testing, and while they’re running, with runtime protection. It might be surprising to learn that the majority of API attacks actually occur within authenticated sessions and through trusted channels. Attackers regularly abuse business logic of banking services and will also aim to compromise user accounts through attack techniques like brute forcing or credential stuffing. These kinds of business logic attacks cannot be detected with so-called shift-left practices like API security testing. Only runtime protection, with behavioural anomaly detection that can find the low and slow patterns of API attacks, will keep these organisations’ assets safe. Bad actors are using these hard-to-detect methods to target customer accounts for account takeover (ATO), credential stuffing, and other avenues for potential fraud. Obviously such attacks, when successful, are terrible for customers and reflect badly on the organisation.