About hibank
hibank is one of the leading financial institution in Indonesia, dedicated to providing innovative banking solutions to its customers. hibank provides a comprehensive digital ecosystem, including bookkeeping features, digital payments, and virtual chatbots tailored to MSMEs. The bank focuses on integrating advanced technologies to improve banking experiences and ensure secure financial transactions. With a vision to lead the digital banking transformation in the region, hibank places security at the forefront of its operations.
Challenges
Rising API security risks and compliance pressures strain defenses
The banking industry in Indonesia is increasingly vulnerable to cyber threats, as sophisticated attacks like phishing and ransomware specifically targeting financial services institutions are becoming more prevalent. As hibank expanded its digital services to meet growing customer demand, its cybersecurity team encountered rising challenges in managing API vulnerabilities. With the rapid increase in API usage, risks such as data exposure, business logic flaws, and unauthorized access became pressing concerns.
Traditional methods, including manual security testing and firewalls, were becoming inadequate to address evolving threats, detect business logic errors, or discover hidden API endpoints. Indonesia’s regulatory landscape also requires financial institutions to meet strict compliance standards. “We must comply with data protection laws like the Personal Data Protection Act (PDPA), which necessitates stringent protection of customer data and secure API practices,” said Lim Siaw Liang, CISO at hibank.
Regulatory requirements from Indonesian Financial Services Authority (OJK) and Bank Indonesia also necessitated more robust cybersecurity measures. To meet regulatory standards and mitigate vulnerabilities, hibank required an API security solution that would safeguard sensitive customer data to help maintain trust.
Deployment
Imperva Application Security delivers advanced API protection and compliance- readiness in three months
hibank discovered Imperva while attending a Southeast Asia cybersecurity conference. They learned that Imperva API Security was an ideal fit for their needs based on its advanced API discovery and machine learning-based threat detection, integrating easily into hibank’s existing systems with minimal disruption.
Imperva API Security provides continuous protection of all APIs using deep discovery and classification to detect all public, private and shadow APIs. It also protects against business logic attacks and many more of the OWASP API Top Ten threats. The easy- to-deploy solution empowers security teams to implement a positive API security model.
“The implementation of Imperva API Security was smooth, with their team providing extensive support throughout the process. The easiest part was integrating it into our existing security ecosystem,” said Lim.
With a successful deployment in just three months, hibank gained greater control over API security, with access to actionable insights on potential vulnerabilities to help address risks effectively and comply with regulatory requirements.
Results
Time spent on API threat detection reduced by 30% and costs cut by 20%, reinforcing trust and compliance
Since implementing Imperva API Security, hibank has significantly strengthened its API security framework, resulting in a 30% reduction in time spent identifying and mitigating API threats. This proactive approach has also reduced the risk of potential data breaches, reinforcing both customer trust and regulatory compliance. The solution also ensures hibank meets stringent data protection standards under the Personal Data Protection Act (PDPA), further bolstering customer trust.
“With enhanced API security, our customers feel more confident about using hibank’s digital services. We’ve reduced the likelihood of downtime due to security breaches, which has led to increased customer satisfaction and trust in our digital banking platform,” said Lim.
Automating API threat detection has helped hibank streamline its processes and improve efficiency through a 20% reduction in operational costs associated with manual security processes. The ability to discover and classify sensitive data transfers within APIs has not only improved security but also enhanced hibank’s incident response time, allowing the security team to focus on strategic initiatives instead of repetitive tasks.
With Imperva API Security, hibank has fortified its digital banking operations and strengthened its reputation for secure, reliable services, supporting its vision of digital innovation with a strong foundation in security. “We rely heavily on Imperva API Security for API inventory management, business logic flaw detection, and preventing unauthorized API access from external sources. These use cases are critical for ensuring secure transactions and customer trust,” said Lim.