DESIGNING RESILIENT FINANCIAL APIS USING ZERO-TRUST AND ADAPTIVE SECURITY MODELS

Abstract

 Financial Application Programming Interfaces (APIs) have become invaluable parts 
of the modern banking infrastructure; however, they are susceptible to the increasing risk of 
security breaches due to authentication failure issues, information breaches, and high-tech 
cyber-attacks. The current research paper explores the implementation of the Zero-Trust 
architecture and the adaptive security mechanisms with the purpose to increase the resilience 
of the API in financial institutions. The study used an explanatory research design and analysis 
of secondary data to assess existing vulnerabilities, implementation initiatives and subsequent 
security implications. Results of the literature review show that 68% of API actualities are due 
to authentication-related losses, and the volumes of attacks increased between 1.9 million (Q1 
2018) and 2.3 million (Q3 2019) across ports. Geographic analysis indicates that there is one
dimensional targeting, where the Middle East had 275,000 normalised attacks. As it can be 
shown with the help of chart analysis, 78% of IT teams intend to adopt Zero-Trust. The 
examples in the case-study of Barclays UK and Monzo Bank accounted for the 35-40% decrease 
in security incidents because of implementing OAuth 2.0, micro-segmentation, and behavioural 
analytics. The research suggests a progressive process that involves identity governing, Policy 
Enforcement points, continuous authentication and machine-learning risk scoring to protect 
high-value transactions without diminishing operational performance and regulatory 
adherence.