As banking has changed from an in-person, retail-like experience to online and now to mobile and connected devices, the industry is adopting new standards and creating regulations for data exchange and security, writes Michael Brink, CTO of CA Southern Africa.
The value of these connected banking experiences comes from their ability to take place on any app or device that the bank allows to access its data. Thus, innovation in the space continues to redefine banking and to provide new value to customers.
This is the concept of open banking: the use of open APIs to enable developers to build apps and technology integrations through secure access to the data and systems of traditional banks. Banks currently use internal APIs to build agile, customer-centric experiences on top of legacy systems.
By creating open, external APIs, banks can enable third-party developers to create apps and services that expand the value the bank provides to its customers – such as through apps on smartphones, smartwatches and connected devices. Thus, banks spur additional integrations and services without having to invest internal resources.
This will enable a cycle of innovation that continues to change how banking is conducted. But open banking mandates that robust API management and security is in place.
New experiences, new challenges
By enabling new digital experiences on mobile apps, third party services, and connected devices, banks are opening themselves to risk by becoming further removed from the user’s transaction. They must therefore ensure that they are able to authenticate the user and secure the transaction even though it takes place on a device that is outside the control of the bank.
Full Lifecycle in front of API management solutions addresses several key concerns including integration ecosystem; ease of authentication and streamlined security.
These new banking experiences are enabled by APIs, which provide the integration and scale to support a broader ecosystem of connected devices and interfaces. APIs allow banks to expose internal data and application functionality to approved apps and services, while monitoring and controlling the flow of data. As innovation continues in the banking industry, integration will play a key role in enabling new digital experiences.
Banks and service providers will create, deliver, and consume significantly more APIs to support this digital innovation.
Ease of authentication
Tools like session management and multi-factor or risk-based authentication are used to protect consumers and banks in the digital arena. High-value transactions drive for a step-up authentication method, beyond the username and password, to provide strengthened security.
Additionally, if a user has been inactive for an extended period on a mobile or connected device, the session will expire and he or she will need to re-authenticate to complete a transaction. These risk-based authentication policies create a greater sense of trust for consumers as they adopt digital banking services.
Finally, with the broad digital ecosystems created by APIs, banks must have a mindset of end-to-end security throughout not only their internal systems, apps, and services, but also for new third- party integrations as well. By exposing customer data and account information to services like digital wallets or peer-to- peer payment apps, banks must ensure that data is protected, and that these services have access only to the limited data that the customer has consented to and that the bank has designated.
This requires systems’ security, app security and API security to protect all consumer and enterprise touchpoints from compromise. Layer7 API Management provides the speed, scale, and security necessary to evolve your digital banking strategy for IoT.