Fintech Trailblazer Thwarts API Attacks

Founded in 2013, EarnIn is a financial technology company that provides earned wage access services. Rooted in the belief that individuals should be able to access their earnings in real time — not weeks later — the company is re-imagining the way money moves. This is made possible via its app, which has been downloaded over 15 million times and has garnered more than 380,000 5-star reviews across the Google Play and Apple App stores combined.

To earn and keep customer loyalty, the company is committed to developing, building, and designing services that users can trust and rely on. Inherent in that commitment is protecting against potential adversaries who seek to commit financial fraud. When EarnIn needed to advance and mature defenses against API attacks and evolving exploitation attempts, they found the solution in Akamai API Security. 

The way money and data flow among financial institutions and other industry service providers is rapidly evolving, facilitated by the growing use of APIs for data transfer and service integration. In this dynamic and interconnected environment, security teams struggle to effectively mitigate threats that can potentially disrupt business, erode customer confidence, and damage brand reputation.

While EarnIn’s security team had long relied on telemetry events and data logging across their environment, it was challenged by scaling with the company’s rapidly growing and evolving API estate. Simply put, the team desired more assurance against advanced API-related threat actors and data movements across an expanding attack surface.

According to Stan Lee, EarnIn's CISO, two crucial aspects of developing modern apps is comprehending and categorizing the transferred data, and understanding user access. "This perspective is essential for taking appropriate actions and making informed, risk-based decisions, especially as APIs become a more prevalent target for attacks. That's why we sought an API security solution to safeguard our customers and their transactions," he explains.

As it evaluated solutions, EarnIn prioritized the ability to discover and enumerate the API endpoints it produces on a daily basis. “Akamai API Security clearly showed what was being transmitted, whether the data was moving across an internal network or externally. That view of our attack surface was just what we needed to understand our risk profile and protect our APIs,” continues Lee.

Another distinguishing factor was Akamai's managed threat hunting service. Lee states, "We hadn't previously encountered such a proactive approach for identifying new and emerging threats, and were confident it would empower us to efficiently mitigate these threats while dynamically scaling our business."

As Lee explains, deployment was a breeze. “We easily deployed the cost-effective, cloud-based Akamai API security solution in just a week.” What’s more, EarnIn gained immediate value. From the start, Lee’s security team was empowered with tokenized sensitive data that was quickly analyzed using behavioral analytics by API Security in Akamai Connected Cloud. The analysis enabled the team to glean dynamics across its environment, identify threat vectors, and drive actions and behavior change.

As Lee underscores, “Akamai API Security empowers us to analyze what's going on, perform threat hunting when an attack is taking place, and take meaningful action that protects our fintech app and customers.”

Akamai API Security empowered the EarnIn security and development teams by helping to identify shadow API endpoints and more rapidly detect and investigate potential issues. “Through capabilities including behavior analytics, Akamai API Security enables us to adeptly identify and protect against common techniques such as account takeovers,” Lee continues.

As is true for many companies, API security will be a future critical path for EarnIn. With so many products being developed using APIs and so many technologies connected through APIs, it’s critical that the company understands API changes that might indicate an attack or fraud. “The Akamai solution improves how we surface actionable items to our developers, enabling us to provide them with more meaningful data. As a result, we are more confident that our apps are designed, implemented, and used in a secure manner,” Lee concludes.

EarnIn lets you access your money as you earn it¹ — not days or weeks later. We're on a mission to reimagine the way money moves to empower every person’s potential.

That starts with payday every day and builds with tools like automated Tip Yourself accounts², Credit Monitoring, and Balance Shield³, a low-balance alert feature. All with no interest⁴, no credit checks, and no mandatory fees⁵. So our customers have as many opportunities as possible to spend and save on their terms.

EarnIn’s pioneering Earned Wage Access app is backed by world-class partners like A16Z, Matrix Partners, and DST. Since our founding in 2013, over 4.4 million customers have used  EarnIn, we have received over 380,000 5-star reviews, and we have helped customers access over $20 billion in earnings.

_{1 Subject to your available earnings, Daily Max and Pay Period Max. Restrictions and/or third party fees may apply, see EarnIn.com/TOS for details.
2 Tip Yourself Account funds are held with Evolve Bank & Trust, member FDIC and FDIC insured up to $250,000. Tip Yourself is a 0% Annual Percentage Yield and $0 monthly fee service. Your Tip Yourself Account and any Tip Jars are not Savings Accounts. For more information/details visit https://www.earnin.com/evolve-bank-and-trust
3 Balance Shield cash out is subject to your available earnings, Daily Max and Pay Period Max. Other restrictions and/or third-party fees may apply. For more information visit earnin.com/TOS.
4  EarnIn does not charge interest on Cash Outs.
5  EarnIn does not charge hidden fees for use of its services.}