To counteract the lack of competition and innovation in the financial services industry, the EU has issued the Second Payment Services Directive (PSD2) encouraging account servicing payment service providers to share data. The UK, similarly to other European countries, has promoted a standard API for data sharing:~the Open Banking Standard. We present a formal security analysis of its APIs, focusing on the correctness of the Account and Transaction API protocol. The work relies on a previously proposed methodology, which provided a practical approach to protocol modelling and verification.
View on arXiv@article{modesti2025_2003.12776,
title={ Security Analysis of the Open Banking Account and Transaction API Protocol },
author={ Paolo Modesti and Leo Freitas and Qudus Shotomiwa and Abdulaziz Almehrej },
journal={arXiv preprint arXiv:2003.12776},
year={ 2025 }
}