The EU’s second payments services directive (PSD2) and the UK’s Open Banking legislation call for banks to open up their data to increase competition and innovation in the marketplace. This feat is to be achieved using open APIs; but what do we really know about open API technology?
On 26th November, we’re offering financial services professionals the opportunity to get up close and personal with Netacea’s experts in API security, CTO Andy Still and Head of Threat Research James Maude. Throughout the evening, we’ll be exploring the security implications associated with open APIs and the challenges facing financial services leaders as they seek to drive innovation while maintaining essential security values.
In the meantime, we’ll be adding some context to the open API challenge in our two-part blog series.
So, what is open API technology?
Open APIs make open banking possible, providing the required link between banks and third-party providers (TPPs). Via the open API, TPPs can access customer data that has previously been for the bank’s eyes and use only, to create a transparent and open banking landscape.
PSD2 and the Open Banking legislation remove the monopolisation of customer financial data from banks and enable TPPs to develop applications and services that directly affect how consumers manage their finances.
The legislations are already disrupting how customers manage money as spending data enters the public domain. Banks and FinTechs alike now have instant access to a range of consumer data, from monthly commuting costs to mortgage suppliers.
What are the benefits of open APIs?
The implementation of open APIs not only benefit customers but banks and the rising number of FinTechs too.
Businesses can use a bank’s API to enter the financial market without the historically present burden of stringent compliance and infrastructure. The new entrants can focus on providing one service while seamlessly connecting to other services via APIs.
In this disrupted environment, we’re already seeing the emergence of specialists and a need for aggregators such as Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs). Crucially, AISPs give customers visibility of multiple bank accounts via a single app that is connected to a bank’s open API.
This is fundamental to creating a transparent banking environment that prioritises the customer’s current and future needs through greater innovation and competition.
Coming up in part two
Open APIs are put in place to make data accessible between two parties, and that should set the security due-diligence alarm bells chiming.
In part two we’ll be highlighting just what are the security considerations associated with open APIs and what role do they play in the evolving threat landscape?
Read Open APIs part two: How secure are open APIs?
Did you miss our Beyond Open Banking event? If you’re in financial services and would like to learn more about API security from our CTO Andy Still and Head of Threat Research James Maude, you can catch up on the evening’s highlights here: Beyond Open Banking: Event Recap.
make informed decisions about how much you want to invest in acquiring new users.