SDK.finance is proud to announce a white-label RESTful API release. SDK.finance offers payments and transaction management solution which allows banks & other financial institutions accelerate their digital growth.

The current 1.24.70 version grants access to 90 APIs for transaction-related products.  It enables developers of banks and other financial institutions to operate with Client Profiles management, Business process management, Accounts, E-wallets, Invoices, Payments, Recurring payments, P2P money transfers, Prepaid & Mass Payments. A number of back-offices for different business actors like CFO, Compliance & Anti-fraud are available from the box. Depending on the user’s need multiple products can be built on the top of SDK.finance API: Mobile Bank, Payment Services, Digital wallet, P2P Money Transfer, Currency Exchange and many others. 

CTO of SDK.finance, Pavlo Sidelov said: “Transformation of backend in line with front-end innovation is a burning issue for the vast majority of banks and financial institutions. This is the challenge we are addressing with the launch of our APIs. Product teams & developers can easily integrate our APIs into the existing infrastructure linking the core banking system with its innovative front-end components. This is the first version and we are planning to expand our set of APIs within the next two months. Loyalty API will be the first added to the list”.

Gemalto, the world leader in digital security, today released the findings of the Breach Level Index revealing that 1,792 data breaches led to almost 1.4 billion data records being compromised worldwide during 2016, an increase of 86% compared to 2015. Identity theft was the leading type of data breach in 2016, accounting for 59% of all data breaches. In addition, 52% of the data breaches in 2016 did not disclose the number of compromised records at the time they were reported. 

The Breach Level Index is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted. By assigning a severity score to each breach, the Breach Level Index provides a comparative list of breaches, distinguishing data breaches that are a not serious versus those that are truly impactful (scores run 1-10).  According to the Breach Level Index, more than 7 billion data records have been exposed since 2013 when the index began benchmarking publicly disclosed data breaches. Breaking it down that is over 3 million records compromised every day or roughly 44 records every second. 

​Last year, the account access based attack on AdultFriend Finder exposing 400 million records scored a 10 in terms of severity on the Breach Level Index. Other notable breaches in 2016 included Fling (BLI: 9.8), Philippines' Commission on Elections (COMELEC) (BLI: 9.8), 17 Media (BLI: 9.7) and Dailymotion (BLI: 9.5). In fact the top 10 breaches in terms of severity accounted for over half of all compromised records. In 2016, Yahoo! reported two major data breaches involving 1.5 billion user accounts, but are not accounted for in the BLI's 2016 numbers since they occurred in 2013 and 2014. 

"The Breach Level Index highlights four major cybercriminal trends over the past year. Hackers are casting a wider net and are using easily-attainable account and identity information as a starting point for high value targets. Clearly, fraudsters are also shifting from attacks targeted at financial organizations to infiltrating large data bases such as entertainment and social media sites. Lastly, fraudsters have been using encryption to make breached data unreadable, then hold it for ransom and decrypting once they are paid", said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. 

Data Breaches by Type
In 2016, identity theft was the leading type of data breach, accounting for 59% of all data breaches, up by 5% from 2015. The second most prevalent type of breach in 2016 is account access based breaches. While the incidence of this type of data breach decreased by 3%, it made up 54 % of all breached records, which is an increase of 336% from the previous year. This highlights the cybercriminal trend from financial information attacks to bigger databases with large volumes of personally identifiable information. Another notable data point is the nuisance category with an increase of 101% accounting for 18% of all breached records up 1474% since 2015. 

Data Breaches by Source
Malicious outsiders were the leading source of data breaches, accounting for 68% of breaches, up from 13% in 2015. The number of records breached in malicious outsider attacks increased by 286% from 2015. Hacktivist data breaches also increased in 2016 by 31%, but only account for 3% of all breaches that occurred last year. 

Data Breaches by Industry
Across industries, the technology sector had the largest increase in data breaches in 2016. Breaches rose 55%, but only accounted for 11% of all breaches last year. Almost 80% of the breaches in this sector were account access and identity theft related. They also represented 28% of compromised records in 2016, an increase of 278% from 2015. 

The healthcare industry accounted for 28% of data breaches, rising 11% compared to 2015. However, the number of compromised data records in healthcare decreased by 75% since 2015. Education saw a 5% decrease in data breaches between 2015 and 2016 and a drop of 78% in compromised data records. Government accounted for 15% of all data breaches in 2016. However the number of compromised data records increased 27% from 2015. Financial services companies accounted for 12% of all data breaches, a 23% decline compared to the previous year. 

All industries listed in the 'Other' category represented 13% of data breaches and 36% of compromised data records. In this category, the overall number of data breaches decreased by 29%, while the number of compromised records jumped by 300% since 2015. Social media and entertainment industry related data breaches made up the majority. 

Last year 4.2% of the total number of breach incidents involved data that had been encrypted in part or in full, compared to 4% in 2015. In some of these instances, the password was encrypted, but other information was left unencrypted. However of the almost 1.4 billion records compromised, lost or stolen in 2016, only 6% were encrypted partially or in full (compared to 2% in 2015).

Suriname-based Trustbank is taking a big leap after signing a new licensing deal with Islamic software vendor Path Solutions to implement iMAL Islamic Banking & Investment System as its new core banking platform. This is a major breakthrough for the Kuwaiti vendor, as it’s the company’s first Islamic core banking software deal in the Americas. Path Solutions was selected after a comprehensive assessment of leading global solution providers by a senior management team from different business functions at Trustbank. 

Three IT vendors were shortlisted and invited to demo their solutions over the course of two weeks. They were Oracle FS, Temenos and Path Solutions which ultimately won the deal based on Sharia compliance, product functionality and technological superiority.

“This is a significant core banking system deal and a key win for Path Solutions in this new region”, commented Mohammed Kateeb, Path Solutions’ Group Chairman & CEO. “Trustbank was one of the most sought-after deals by all vendors because of the importance of this new market. Our Sharia-based core banking system combined with comprehensive services we offer provide a truly differentiating proposition for the first Islamic bank in South America to empower it to achieve growth and gain market share”. Kateeb continued, “We’ve been having tremendous success across the world”, confirming that Path Solutions remains the absolute world leader in Sharia-based software solutions and services. “Being the first full-fledged Islamic bank in South America, Trustbank is committed to applying true Sharia-based technology to meet the needs of a diverse client base. Working with Path Solutions will help the bank to achieve these goals”, he said.

The new Islamic core banking system will be implemented across Trustbank four branches in Suriname, Path Solutions said in a statement. The implementation of the new system is expected to start immediately and to be completed at the end of September 2017.

“We have announced the conversion of Trustbank to a full-fledged Islamic bank in 2016, and that involves the deployment of a new core banking platform in line with the Sharia guidelines. This project with Path Solutions is key to our strategy and future growth, as it will allow us to launch new Islamic banking products and services to meet the needs of our customers”, said Maureen Badjoeri, Chief Executive Officer of Trustbank. “The new Islamic core banking system is also expected to drive innovation, improve customer service through increased automation, harness the value of the data through analytics and reduce operating costs”, Badjoeri concluded.

The company that has beaten competition to major core banking system deal in Suriname, Path Solutions, was also chosen for its leadership position in the Islamic banking software market, including a well-established client base with a global reach and support network.

Banking executives will gather to discuss the challenges of PSD2 implementation at a Congress in London tomorrow. Early signs point to a battle between financial services institutions and technology firms over the new legislation’s customer data access requirements. 

The financial institutions affected by the new regulations face two challenges. First, they must build agility into their core systems to support the open APIs mandated by PSD2. In addition, complying with PSD2 will require a higher level of innovation at the consumer-facing end of their businesses in order to retain customer loyalty.

Banks need to collaborate rather than compete, says V.S. Raj, Head of Financial Services at leading IT solutions company Syntel, who works with major banks to help them to adapt to the new open banking landscape.

“In the U.S., the popularity of services that allow people to send payments directly from messaging apps has grown quickly,” said Raj. “When the PSD2 initiative comes into force in January next year, there’s no doubt that European banks will have to contend with social banking on a greater scale than ever before.”

“The PSD2 directive will go a long way to levelling the playing field between banks and third-party providers, and with this in mind, the trend towards collaboration with fintech companies is hardly surprising.”

Raj points out that large banking institutions are under pressure to avoid being relegated to the role of data custodians, and now face the same challenge that telcos have been grappling with since they were forced to open up their networks.

“The big question now is how big banks can pivot from merely being a conduit for customer data to becoming a challenger to the innovative fintech companies looking to chip away at their customer base,” said Raj.

He asserts that the main challenge posed by the regulation is that it splits banks’ attention — requiring them to evolve the core systems that support their everyday business processes without losing focus on upgrading their customer-facing front end systems.  

“The future for traditional institutions is not as bleak as some are making it out to be. The smartest banks will achieve what we call ‘two-speed’ operations, where they modernize their core IT operations whilst simultaneously maintaining the mission-critical services that run their business.”

“The main benefit of such a strategy is that it prevents banks from being encumbered by inflexible systems as they continue to adapt to meet the future needs of their customers.”

Al Rajhi Bank, an advanced financial institution in the Middle East, called upon eProseed's expertise to provide assistance in the migration of its mission critical business databases to Oracle Exadata, a platform specially engineered to run Oracle Database. One year after the initiation of the project, the Bank is now reaping the benefits of improved staff productivity and resource utilization.

In January 2016, Al Rajhi Bank (ARB), one of the largest financial institutions in Saudi Arabia and the Middle East, took the strategic decision to redeploy its pool of Oracle databases on the Oracle Exadata Engineered Systems platform. ARB has selected eProseed to help implement this ambitious project. Today the Bank benefits from improved applications performance with lower operational cost, while achieving better user productivity and stronger IT resilience.

Substantially improved performance

The main goal of this consolidation was to significantly improve the overall performance of the Bank's business applications. "We have reduced our processing times by an average of 60%", says Abdullah Ali Alkhalifa, Chief Financial Officer, Al Rajhi Bank. "In addition, our files processing for Oracle Financials Accounting Hub has become dramatically more efficient, we can now process multiple source system files in parallel without affecting other ebusiness modules, and all processing restrictions have been removed", he adds. Due to its criticality and size (+50TB), the prime beneficiary of the migration is the core business database.

A strong commitment to success

eProseed's result-driven commitment was a fundamental ingredient in ARB's decision-making process. "This has translated into a fixed-price professional services engagement which includes guarantees both on the migration deadlines and on the resulting performance improvements", underlines Geoffroy de Lamalle, Chief Executive Officer, eProseed. "As a complement of the migration project", he continues, "we have offered ARB our eProseed Concierge Service, a total care service through which we provide the Bank with a fully managed service for their new Exadata platform, including all the database instances running on It".

Increasing the resilience of the data layer

A key component of the Bank's initiative was the consolidation of database operations on a single technical platform. To this end, Oracle Exadata database machines were deployed, in the main datacenter and in a secondary site for Disaster Recovery purposes. Database replication between the datacenters increases the resilience and the availability of the data layer since the choice of a single platform facilitates the implementation of the backup and recovery strategy. Future projects will also benefit from the new architecture.

Oracle Active Data Guard was used to ensure real-time data protection. "The switch from a SAN replication-based DR solution to Oracle Active Data Guard has eliminated the high cost of idle redundancy by allowing reporting applications, ad-hoc queries, and data extracts to be offloaded to read-only copies of the production", affirms Mohammed S. Solaiman, Executive Manager Oracle Technical Support, Al Rajhi Bank.

Managing many databases as one

In addition to improved performance and availability, having all the databases up to date with the most recent version on a specially engineered platform provides new features while reducing licensing costs and freeing up substantial computing and storage resources. This also translates into increased user productivity, helping the Bank operate more efficiently as its employees become more productive.

Thus, for example, one of the benefits of the migration to Oracle Database 12c is the opportunity to take advantage of a new option called Oracle Multitenant. This enables simplified consolidation that requires no changes to existing applications. "With this new architecture, a multitenant container database can hold multiple pluggable databases, allowing administrators to manage and control a rising number of databases as one, yet retaining the isolation and resource prioritization of separate databases", explains Rui Sousa, eProseed's Delivery Manager in charge of the migration project at Al Rajhi Bank. 

The new platform will allow ARB to offer better SLAs to its internal customers, reduce the time to market for new applications and services, and increase its ability to respond rapidly and flexibly to changing market conditions.

Shortly after the launch of their joint centralised solution for Qualified Electronic Signatures (QES), Cryptomathic and SwissSign today announce the completion of a major deployment at UBS, Switzerland’s largest retail bank. 

 A shift in how trusted identities are used across the healthcare continuum is fuelling the demand for advanced smart card technologies and mobile solutions, as healthcare institutions become more connected. The new focus on ID technology is changing how institutions operate, how they manage access to patients, data and equipment, how they protect patient privacy, and how they improve billing accuracy – all without compromising the quality of care. This is according to HID Global, a worldwide leader in trusted identity solutions.

“Healthcare organisations are increasingly seeking to improve the physician, staff and patient experience by employing a combination of strong authentication and new Internet of Things (IoT) applications to address their challenges,” said Sheila Loy, Director, Healthcare Industry with HID Global. “Trusted identities will simplify and connect all aspects of healthcare operations, from opening hospital doors, accessing healthcare records and e-prescribing of controlled substances, to how healthcare professionals interact with patients and log their activities.”

The healthcare industry is embracing new ways to establish, create, manage and use trusted identities, which is redefining the meaning of trust as healthcare organisations embrace the IoT in smarter environments. This will drive a number of key technology trends:

Integrated, compliant systems that are convenient and connected

Multi-factor authentication will incorporate One Time Password (OTP) tokens, Public Key Infrastructure (PKI) and biometrics. The solutions will be used to protect patient records and data; secure access to facilities; authenticate remotely to VPNs using mobile devices; and enable new IoT use cases. Unified platforms will also add intelligent visitor management systems and automate other manual workflows to provide an access management solution that integrates with access control, IT security and other applications.

Connected environments drive the need to ensure the Internet of Trusted Things (IoTT)

Continued adoption of electronic visit verification (EVV) will help streamline in-home patient visits and eliminate billing fraud using “proof of presence” applications that make it easier to document the time, location and accurate delivery of prescribed care. Healthcare institutions will embrace trusted IDs, predictive analytics and new IoT solutions that use real-time location-based services to effectively connect, monitor and manage patients, mobile clinicians and staff. These solutions will also help quickly locate critical medical equipment, beds, crash trolleys and other medical devices by providing the missing link between physical assets and a trusted ID ecosystem.

Growing role for biometrics in patient and provider authentication

Biometrics will be used to ensure the right patient is receiving the prescribed care, and that providers are authorised to manage confidential patient medical records. Biometric solutions will also be used for e-prescribing to authenticate the issuer, pharmacy staff and/or the patient, with fingerprint biometrics continuing to be one of the most widely used due to its ease of use. Biometrics sensors and modules will continue to deliver improved capabilities for the healthcare environment, including faster finger image capture for a better user experience, and certifications to key industry standards for accuracy and image transfer performance.

HID Global anticipates that the healthcare industry will be impacted by these trends in 2017 and beyond as the shift in the use of identity technology continues to influence product development and the user experience in the coming years.