Open API banking: A ‘How-To’ Guide

Satya Swarup Das

Senior Solutions Architect at Virtusa

Views 1864

Open API banking: A ‘How-To’ Guide

30.10.2017 09:00 am

With the advent of open API banking, professionals across the banking world are steeling themselves for dramatic changes to their value chains and partner ecosystems. These changes call for a radical rethink of the status quo, and highlight areas where the banking industry needs to improve if open API banking is to be a success. As it stands, the banking industry has mixed views on whether open API banking should be welcomed – largely because there’s no clear direction on how to go about it.

Amidst this uncertainty, the EU’s impending PSD2 ruling has offered the closest thing the banks have to an open banking blueprint, making Europe a pilot project for the rest of the world. Yet while there’s plenty of column inches dedicated to the implications of this new ruling, there’s still a great deal of uncertainty around how to make a success of it.

How to get the most from open banking

So while there’s no ‘one-size-fits-all’ approach to open banking, there are a number of key considerations that the banking industry needs to consider if it’s to get the most from open banking:

Data sharing: Given that data sharing sits at the heart of open banking and the PSD2 ruling, banks need to be able to anticipate what kind of data needs to be shared with a mix of different third party entities, Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs). To help prepare for this requirement, banks should consider exposing a layer of their data via a 360 degree customer view, extracted from various sources within the bank to a group of third parties.

Data security: Security is at the top of the agenda for most industries, and banking is no exception. To comply with PSD2’s requirements, banks will need to critically examine which security protocols to implement, while creating a policy to govern how and when data should be shared externally – all while considering a mix of data protection regulations.

Management of APIs: Banks need to have an organised API management strategy in place. Under API banking the world is moving from SOAP based APIs to REST APIs. This is a significant change in API protocol that impacts how data is represented, and will require input and oversight, including tools to convert existing SOAP APIs into REST APIs. Bigger banks may have their own in house solution for APIs, some other banks may opt for API management provider.

Testing and publishing: As ever, testing is a crucial aspect of the compliance process. Banks should consider the value of ‘sandboxing’ the APIs they’ll use to expose data – in other words, experimenting with APIs for a specific project in a pre-production environment can help banks predict how well the project is likely to fare, without risking any data.

New business avenues: Open banking and the use of APIs doesn’t just apply to the banks’ existing services. Banks must keep looking for new opportunities to apply their open API strategies – this might even lead to new channels for customer service, or even new business options.

API Monetisation: The successful and frequent usage of open APIs will bring forth new monetisation opportunities. As banks expose their data through APIs, a range of various third-parties will have the opportunity to develop their own services using the banks’ data. For example, retail websites may begin to offer customers the chance to check their bank balance before making a purchase – all without leaving the retailer’s website.

Open banking will portend the next great leap in banking services. While there’s still a good deal of fear among banks that the ability for third parties to build their own services using the banks’ data will relegate banks to mere utilities, open banking should instead be seen as an opportunity. Will the banks really allow themselves to become utilities, or will they embrace a new type of service provider role? The answer rests on how well the banks can prepare themselves – and PSD2 provides the perfect test.

 

Latest blogs

Noa Benari SecuredTouch

4 Mobile Banking Trojan Families to Fear According to McAfee

Mobile malware is becoming more sophisticated and evasive, making detection challenging. According to the McAfee Labs Threats Report for June 2018, mobile malware grew by 42% since last year. Read more »

Bo Harald ZEF, Transmeri, Demos, Real Time Economy Program

Has anybody calculated the value?

The Finnish Ministry of Finance has set as a target to make Finland the first Real-time Economy in Europe. We are well on the way and now the MyData.org initiative is bringing in new dimensions. Read more »

Patrick Bermingham Adflex

Invoicing in the IoT: why connections are key to maximising business value

Start-ups and established companies alike are increasingly interested in the industrial internet of things (IIoT), but many are missing a trick when it comes to payments. Businesses face many challenges when designing and implementing their own IoT Read more »

Chris Larsen Ripple

How Can Merchants utilize Blockchain based Payments Technology to expand to new markets and increase revenue?

This statement might be the summary of it all. The world is constantly changing, and with this change, new technologies and approaches are revealed, defining the future business and communications. Global cross-border payments have been the main Read more »

Sabine VanderLinden Startupbootcamp

Who should be responsible for protecting our personal data?

Governments do not have the resources or the speed required to react to cybercrime. In most cases, businesses lack the incentives to focus on this topic. Consumers think they should be responsible for their own safety online, but most do not have Read more »

Magazine
ALL
Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App