The European Union have ruled that traditional banks are uncompetitive and slow, and innovative financial services have a hard time breaking into the market. Thus, the EU has passed a new legislation (Payment Services Directive, PSD2), which requires banks to open up their information systems through a new type of API. This API allows third party Fintech apps and services to get information directly from your bank. It is obvious that such an API poses significant information security and privacy threats to banks and their end-customers.

The prospective student will first briefly get to know the idea of Open Banking and the PSD2 directive. Then, focusing on the newest version of the Open Bank API, the student will do a systematic security and privacy threat analysis. The student will learn how to apply the STRIDE and LINDDUN threat analysis methodologies.

Required skills: adequate command of English

Preferred skills: basic programming skills (e.g., python), familiarity with REST APIs

[1] Mansfield-Devine, Steve. "Open banking: opportunity and danger." Computer Fraud & Security, 2016.

Maximum number of students: 2 students