Module: | MODULE A: INTERNATIONAL BANKING
Q251: Consider the following statements regarding Application Programming Interface security and architectural vulnerabilities in the digital banking ecosystem:
Statement 1: Integrating third party financial technology applications with core banking systems via open interfaces introduces new vectors for cyber attacks, such as unauthorized data scraping and credential stuffing.
Statement 2: To mitigate these vulnerabilities, international banking standards increasingly mandate the use of zero trust architecture, which requires continuous verification of every user and device attempting to access the network, regardless of their location.
Statement 3: The deployment of zero trust architecture inherently encrypts all historical transaction data, rendering it completely immune to quantum computing decryption attempts in the future.
Which of the statements given above is or are correct?
Statement 2: To mitigate these vulnerabilities, international banking standards increasingly mandate the use of zero trust architecture, which requires continuous verification of every user and device attempting to access the network, regardless of their location.
Statement 3: The deployment of zero trust architecture inherently encrypts all historical transaction data, rendering it completely immune to quantum computing decryption attempts in the future.
Which of the statements given above is or are correct?
✅ Correct Answer: A
The correct combination is A. The digitization of international banking inherently expands the cybersecurity attack surface. . Structurally, an Application Programming Interface acts as a doorway between the secure internal servers of a bank and external third party applications.
Historically, banks relied on perimeter defense, assuming everything inside their internal network was safe.
Because Open Banking requires opening these network doorways, it creates vulnerabilities like data scraping, where malicious actors extract massive amounts of customer data.
To counter this causally, the financial industry has heavily adopted zero trust architecture.
Zero trust operates on the strict principle of never trust, always verify, demanding continuous authentication for every digital interaction, making Statements 1 and 2 correct.
Statement 3 is incorrect.
Zero trust is an access control philosophy and network architecture; it does not inherently apply quantum proof encryption to historical data.
Protecting historical data against future quantum computing decryption requires entirely separate cryptographic protocols, known as post quantum cryptography, which is distinct from the access controls provided by a zero trust framework.
Historically, banks relied on perimeter defense, assuming everything inside their internal network was safe.
Because Open Banking requires opening these network doorways, it creates vulnerabilities like data scraping, where malicious actors extract massive amounts of customer data.
To counter this causally, the financial industry has heavily adopted zero trust architecture.
Zero trust operates on the strict principle of never trust, always verify, demanding continuous authentication for every digital interaction, making Statements 1 and 2 correct.
Statement 3 is incorrect.
Zero trust is an access control philosophy and network architecture; it does not inherently apply quantum proof encryption to historical data.
Protecting historical data against future quantum computing decryption requires entirely separate cryptographic protocols, known as post quantum cryptography, which is distinct from the access controls provided by a zero trust framework.