The New Face of Digital Transformation : Open Banking!!

Introduction to Open Banking:

Open Banking is a financial services terminology and can be defined as below:

  • The use of Open APIs that enable third party developers to build applications and services around the financial institution
  • Greater financial transparency options for account holders ranging from Open Data to private data
  • The utilization of open source technology to achieve the above

Open Banking, as a concept could be considered as a subspecies to the Open Innovation concept, a term promoted by Henry Chesbrough. In simple words, The “Open Bank” Project is an open source API and App store for banks that empowers financial institutions to securely and rapidly enhance their digital offerings using an ecosystem of 3rd party applications and services.

Concept:

There are two main strands to Open Banking: a piece of EU legislation — the second payment services directive (PSD2); and the “Open Banking” project specifically spearheaded by the UK’s Competition and Market Authority (CMA).

Principles while designing APIs:

  • Guidelines for user privacy and design in consent management controls
  • Embed privacy into design and use maximum privacy as the default setting
  • Maintain transparency of operations of the IT systems
  • Strive to detect and prevent privacy-invasive events before they happen.

How does it work?

APIs technology that allows banks and other companies to conveniently and securely share data between their organizations. We use services built using APIs all the time. For instance, Uber uses APIs to Integrate Google maps, payments and telephony in one useful app to help people order and pay for taxis quickly.

How Financial Service Firms Can Benefit from Open Banking APIs:

Financial services firms are waking up to the value of Open Banking initiatives and the fundamental role of APIs. Traditional banks understand that in order to better compete in the industry; they must develop their digital capabilities to avoid being dis-intermediated by new entrants with superior offerings and services.

As a result, many financial services firms are embracing Open Banking initiatives; this includes PayPal, Wells Fargo, and Visa. And for financial service firms in Europe, Open Banking initiatives are gradually becoming the norm, especially because from 2018, banks will be legally obliged to facilitate access to account information through APIs, per the Revised Payment Services Directive (PSD2).

Around the world, the industry is starting to recognize that Open Banking is redefining the financial landscape in a number of ways, specifically by helping financial services firms enhance service offerings, improve overall customer engagement, and increase revenue from new channels.

Enhance Service Offerings with Open Banking APIs:

In the new ecosystem of Open Banking, APIs are a channel for doing business. A recent report by the European Banking Association (EBA) reveals that through adopting and deploying APIs, banks can extend and enhance their native services and offerings. However, these APIs can also create a threat for banks by opening doors to FinTech firms, who may leverage this data to extend their own offerings as well.

First, by opening up their APIs, banks are able to easily connect other APIs in the market in order to extend their service offerings by introducing native FinTech solutions in a plug-and-play manner. Examples of such APIs include the Experian Connect API, which provides customers the ability to see their credit score in real-time through their existing bank account, or the National Change of Address (NCOA) API, which notifies banks if a customer changed their address or whether an existing address is deliverable. Through embracing the Open Banking API economy, banks are able to further enhance and transform current offerings––increasing their appeal to existing and prospective customers alike.

However, Open Banking APIs can also create a threat for banks, as they enable FinTech firms to tap into a bank’s financial data. For example, a FinTech startup may decide to use a bank’s “Customer Data API” in order to build one mobile application where customers budget their finances, manage their debt, and get real-time investment and financial advice through chat. The majority of traditional banks do not offer such debt and real-time finance management services. This means that by opening up their API, the bank has enabled the FinTech startup to fulfill this existing gap and drive a wedge between the bank and the customer.

On the one hand, a bank can view the above example as a threat and completely reject the concept of Open Banking initiatives. But on the other hand, a bank can also view this example as an opportunity. Open Banking is not going anywhere. In order to establish their position within the value chain, banks must not turn a blind eye to these initiatives. In fact, FinTech firms are already creating such services by leveraging existing APIs or without APIs, through insecure methods such as screen-scraping. In order to capitalize on this opportunity and improve security, banks must better address this threat by owning this existing relationship and enhancing their own products and offerings through innovative partnerships.

Overall, banks can expect Open Banking APIs to provide them with the opportunity to improve, inform, and further the value of their analytics and data securely. This can be through introducing native solutions or partnering with other FinTech firms that offer innovative services. These benefits, in turn, can help enhance one aspect of the banking experience: customer engagement.

Improve Overall Customer Engagement with Open Banking APIs:

Open Banking APIs increase the appeal of a bank and enable them to meet the changing demands of existing customers as well as appeal to prospective customers. These APIs can also serve as a unique way to increase customer engagement and attend to customer needs in a secure, agile, and future-proof method.

Such engagement is crucial, especially as upstarts and new entrants continue to disrupt the financial services industry and more services, offerings, and devices enter the market––leading to an increasingly competitive environment for traditional banks and changing customer expectations. This competitive landscape creates challenges for traditional banks, and forces them to further innovate in order to retain and attract customers

Open Banking API – Performance Monitoring:

The “Open Banking” performance monitoring tracks the execution of algorithms that constitute an app, measures and reports, determines whether the application executes successfully, records the latencies associated with execution step sequences and determines why an app fails to execute successfully or at expected levels.

Following are the way to monitor performance:

  • End-user experience monitoring: The capture of data about how end-to-end app availability, latency, execution correctness and quality appear to the end user.
  • App topology discovery and visualization: The discovery of the software and hardware infrastructure components involved in app execution, and the array of possible paths across which these components communicate to deliver the application.
  • User-defined transaction profiling: The tracing of user-grouped events, which comprise a transaction as they occur within the application as they interact with components discovered in the second dimension (application topology discovery and visualization). This is generated in response to a user’s request to the app.
  • App component deep dive: The fine-grained monitoring of resources consumed by, and events occurring within, the components discovered in the app topology discovery and visualization dimension. This may include server-side components and client-side devices and interfaces.
  • IT operations analytics: The combination or usage of techniques, including complex operations event processing, statistical pattern discovery and recognition, unstructured text indexing, search and inference, topological analysis, and multidimensional database search and analysis to discover meaningful and actionable patterns in the typically large datasets generated by the first dimensions presented here.

Security challenges in an open environment:

The underlying issue is that web and mobile applications are a particularly soft target for cybercriminals for a number of reasons. There are inherent vulnerabilities in the APIs that transfer data and communicate with back- end systems

  • Constant exposure to the Internet makes them easy to probe
  • The openness of the web allows hackers to view source code and data and learn how to attack it
  • Insecure web browsers leave the UI and APIs vulnerable to attack

Although security standards may become more rigorous to meet the new challenges of these environments, there are inherent vulnerabilities in Internet-based applications (and APIs) that:

  • Exacerbated by these new regulations
  • Not addressed by current security standards
  • Not anticipated to be addressed in the near term

It’s perhaps unsurprising then that there is apprehension about the coming “all access” environment. Banks will not only lose direct control of their customers, they will incur yet more operational costs required to overhaul platforms and processes, while at the same time being exposed to even greater risk that will most likely not be directly addressed by these overhauls.

In order to thrive in this new, more connected world, banks and payment service providers (PSPs) must balance innovation and their desire to maximally capitalize on new opportunities with the right security to protect their brand and customers from a significantly increased threat profile.

Turning a negative into a positive:

  • Make API security an integral part of PSD2 implementations, and ensure that security controls for APIs are at par with digital banking.
  • Adopt a user-driven authentication framework that doesn’t disclose user credentials to TPPs.
  • Use biometric technologies for authentication, as that will not only address the PSD2 requirement for more accurate validation, but will also provide a better consumer experience.
  • Assess customers’ location and behavior against their usual patterns to gain a clearer view of the risks and the level of authentication required

Conclusion:

Truth be told, no one can predict the future with 100 per cent accuracy. That’s the beauty of Open Banking and PSD2 (they allow newcomers, teams and developers to blaze a digital innovation trail) but arguably also their weakness.

Nitin Sharma

Nitin is Senior Consultant @ Verinite. Passion to learn about Cards and Payment domain. Loves to travel and explore nature a lot.