Tietoevry Banking is monitoring many European jurisdictions in the process of introducing PSD2, which mandates banks to open up their APIs to third-party service providers.
Many banks assume that putting in place and maintaining a new infrastructure is easy and they can do it on their own; but in many cases, this simply isn’t true. The devil is in the details, and the banks will need an API management tool to fully integrate into the financial services ecosystem. This is not as simple as it might seem at first glance: you can’t just take a ready-made API management solution and hope it will work.
Technology plays a key role in realizing the opportunities for business expansion brought about by the new payment world. This entails an architecture that is capable of addressing basic compliance as well as scaling to support various other technology requirements for driving digital business.
It goes without saying that an API management tool is central to any Open Banking architecture, as it provides the exposure to customer accounts and payment data through APIs in a secure manner. This comprises things such as strong customer authentication to make sure the security between the API interactions of banks and third-party providers are never compromised.
In addition to authentication, customer consent management is also of utmost importance. Service providers must obtain a customer’s explicit consent to complete a transaction on their behalf. This applies particularly when the payment initiation happens through a third party instead of the customer’s bank.
From the bank’s perspective, it’s crucial to implement API analytics to identify consumption patterns, as this can drive insight for more API monetization opportunities. The data regarding spending patterns and purchase decisions helps create customized financial products and services that cater for niche market needs and aren’t addressed by competition, supporting strategies for both cross-selling and upselling. On top of this, the banks also need to stay alert and wary of updates in API standardization regarding security, operations and regulations standards.
For TPPs, the technology used for compliance purposes should be extended to meet the requirements of third-party services, such as API integration, fraud detection and business analytics integration. Fraud detection and prevention are critical, even more so when operating in an ecosystem of multiple users, as this increases the system’s vulnerability. The fraud prevention solution needs to scale to capture a growing volume of events as well as adopt more stringent methods to detect anomalies in payments. Analytics, in turn, play a general role in development, as the data is only useful when it is analyzed. The data collected from APIs should be processed and presented in a way that’s customized for purpose and audience.
Thus, the implemented API solution needs to branch out of a bank’s internal architecture in order to connect to external APIs and online interfaces of the financial organization. As these interfaces might be in various formats, there will be a need for an API aggregator to mediate these formats into a common flow.
With regards to PSD2, there are several industry-led initiative groups working on API standardization. There has also been an API evaluation group set up by the European Payment Council, with the objective to evaluate standardized API specifications and make recommendations aiming to align these specifications on a European level to help establish harmonized market practices. As most vendors and financial institutions are part of at least one of the initiatives, it’s expected that local regulators will adapt these standards.
Creating unified systems means we’re building a foundation for decades to come. As the market realized the risk of fragmentation, the players came together; and this shared premise helps in the face of new challenges as well as in embracing new opportunities. In the coming years, self-sufficient solutions with a mix of Artificial Intelligence will appear, enabling real-time decision-making and the ability to work with customers’ bank accounts and other financial instruments. When the changes require new laws and regulations, the foundation will be a great base to build on.
Read the previous blogs on PSD2 and innovation and EU leading the way in open banking. To learn more about how Tieto can help you with business development, please contact me to set up an appointment.