WHITE PAPER. Payments organizations can leverage APIs to monetize their data and services. Abstract

Similar documents
Open Banking Approach with SmartVista Technologies. Peter Theunis. BPC Banking Technologies 2017 Mexico City

ACCELERATING DIGITIZATION THROUGH NEXT-GENERATION INTEGRATION

PERSPECTIVE. Microservices A New Application Paradigm. Abstract

FINACLE SERVICES: API MANAGEMENT USING CA API GATEWAY

ADVANTAGE YOU. Drive TCO* reduction through Infosys TIBCO solutions

INFOSYS REALTIME STREAMS

PSD2: An Open Banking Catalyst

Progressive Organization PERSPECTIVE

TRANSFORMING THE LANDSCAPE FOR INSURANCE CLAIMS

THE API GLOBE- TROTTERS

APIFICATION OF FINANCIAL SERVICES - ADAPTING TO A CUSTOMER CENTRIC WORLD WHITE PAPER

Boundaryless Information PERSPECTIVE

TECHED USER CONFERENCE MAY 3-4, 2016

INFOSYS BPM DIGITAL Empowering you to cash on digital opportunities

HOW AGILE DO YOU WANT IT?

DevOps Journey. adoption after organizational and process changes. Some of the key aspects to be considered are:

API Gateway Digital access to meaningful banking content

Unleashing the API Economy for Banking Payment Services Directive 2 (PSD2)

BEST STORIES FOR DIGITAL IN COMMUNICATION SERVICES

Open Banking, PSD2 and the New API Economy

EXPERIENCE EVERYTHING

INCREASING VALUE AND GTM OF B2B CONNECTEDNESS WITH API ECONOMY

Best Stories of Omni-channel Commerce

CMO Challenges Today: How Are They Reacting?

INFOSYS SMART OILFIELD SERVICES SOLUTION FOR SAP ERP

RETRANSFORM BEYOND AGILE FOR FASTER, INTEGRATED IT SERVICE DELIVERY

RETRANSFORM BEYOND AGILE FOR FASTER, INTEGRATED IT SERVICE DELIVERY

SEVEN FEATURED PEGA CASE STUDIES. Different needs, different industries, tailored solutions leveraging Pega solutions

B2B DIGITAL TRANSFORMATION

INFOSYS OFFERINGS IN ORACLE CX SALES CLOUD

An all-in-one risk management platform delivering fraud detection, transactions screening and customer due diligence capabilities

Secure information access is critical & more complex than ever

Cloud Customer Architecture for API Management.

WHITE PAPER. Cloud-Based Human Capital Management: Accelerating Organizational Evolution to be #MoreTogether. Abstract

EXTENDING YOUR SERVICE LANDSCAPE TO API

WHITE PAPER. Assuring success in blockchain implementations by engineering quality in validation

MAKING THE MOST OF INSTANT AND OPEN PAYMENTS

Data Integration for the Real-Time Enterprise

INFOSYS PROCUREMENT AND PLANNING PRACTICE

TECHNOLOGY PLATFORM STRATEGY

payment platforms that can service payment requirements globally, across the enterprise in a cost effective and flexible manner.

DIGITAL TRANSFORMATION WITH INTELLIGENT SOLUTIONS FROM INFOSYS AND PEGA

WHITE PAPER LEVERAGING 3-C PHILOSOPHY FOR ENHANCED ROI FROM CHANNELS

Capgemini Cloud Platform. Migrate, operate, and innovate every aspect of your business in the cloud

A STRATEGY FRAMEWORK FOR PLATFORM BANKS Point of View

BLOCKCHAIN CLOUD SERVICE. Integrate Your Business Network with the Blockchain Platform

INFOSYS BUSINESS PROCESS MANAGEMENT OFFERINGS

DIGITAL CASE STUDIES

MODERNIZING THE MIDDLEWARE

Middleware Modernization: lay the foundation to your digital success

ENABLING SALES TEAMS TO CREATE WINNING QUOTES

DIGITAL OUTLOOK BANKING INDUSTRY

ACCELERATE YOUR JOURNEY TO BEING DIGITAL

WHITE PAPER. BPM for Structural Integrity Management in Oil and Gas Industry. Abstract

Converting Complaints to Customer Experience A Framework to Redefine the Complaint Management Process in Banks WHITE PAPER

DIGITAL OUTLOOK INDUSTRIAL MANUFACTURING INDUSTRY

PLATFORM CAPABILITIES OF THE DIGITAL BUSINESS PLATFORM

PRODUCT UPDATES APJ PARTNER SUMMIT - BALI. February Software AG. All rights reserved. For internal use only

WHITE PAPER. Focus on value added services by network companies a paradigm shift. Rahul Kaushal, Ramakant Mittal

NAVIGATE YOUR NEXT. Our strategic direction. Salil Parekh CEO & MD

VIEW POINT UNDER ONE UMBRELLA. How an integrated global business services (GBS) model can add value to your organization. Abstract

CA API Management. Solvit Networks Powering the building blocks of digital transformation CA. ALL RIGHTS RESERVED.

Modern Integration Powers Open Banking

WHITE PAPER. Coalition loyalty: Loyalty s new definition

MARGIN MANAGEMENT IN THE OIL & GAS INDUSTRY WHITE PAPER

WHITE PAPER. Accelerating growth in online retail with the digital factory. Abstract

Integrating the Enterprise. How Business Leaders are Implementing Digital Integration

REDUCING TIME TO MARKET WITH DEVOPS

Experience. Agility.

OPEN BANKING & PSD2: WHY COMPLIANCE ISN T ENOUGH

WHITE PAPER. An Insight into Microservices Testing Strategies. Abstract. Arvind Sundar, Technical Test Lead

An Enterprise Architect s Guide to API Integration for ESB and SOA

VIEW POINT TRADE RECONSTRUCTION REQUIREMENTS:CHALLENGES AND SOLUTION

TOTAL PAYMENTS PAYMENTS-AS-A-SERVICE SOLUTION FOR US FINANCIAL INSTITUTIONS

WHAT S DRIVING THE RETAIL BANKING INDUSTRY TO CLOUD?

FUJITSU Transformational Application Managed Services

WHITE PAPER. Revenue Opportunities Created by Open APIs

An Approach to Web Application Consolidation WHITE PAPER

SaaS Digital Banking Suite

Amsterdam. Accelerate digital transformation with the cloud for smarter business. Reimagining applications & data for growth and innovation

MEETS MOBILE MAINFRAME. Access information anytime, anywhere

WHITE PAPER. Encouraging innovation in payments through the PSD2 initiative. Abstract

Business Case Planning for Robotic Process Automation

Herber de Ruijter / Head of Digital. Intellect Digital 3.0 Strategy API First and Experience-led Digital Banking for the 21 st century.

Intelligent Payment Management for Today and Tomorrow Technology Advancement to Navigate the Converging Payments Landscape

PREDICTIVE ANALYTICS FOR DATA-DRIVEN DECISIONS

RBC Capital Markets Financial Institutions Conference 2018

Finacle Omnichannel Hub. Unified Digital Engagement Solution

Capgemini s Open Banking Marketplace

MOBILITY APPS & INFRASTRUCTURE

No to fraud. Yes to business.

WHAT S DRIVING CAPITAL MARKETS TO CLOUD?

PERSPECTIVE. A connected enterprise in the sky. Abstract. Manoj Narayan

WHITE PAPER. Pick the right SAP UI/UX offering for your business. Abstract

TECHNOLOGY PLATFORM STRATEGY

AUTHENTIC AND PAYMENT TRENDS AUTHENTIC IS AN INTELLIGENT TRANSACTION-PROCESSING PLATFORM DESIGNED FOR TODAY S FAST-CHANGING PAYMENTS BUSINESS.

5 Microservice Initiatives for Digital Business

AUTOMATING BIG DATA TESTING FOR PERFORMANCE

BEST STORIES OF INFOSYS SALESFORCE IMPLEMENTATION

APIs and the Digital Enterprise

Transcription:

WHITE PAPER Payments organizations can leverage APIs to monetize their data and services Abstract Open banking initiatives such as the revised directive on payment services (PSD2), emergence of fintechs, and increased competition for winning the mindshare of digitally conscious customers have made application programming interfaces (APIs) not a choice but a mandate for the banks and payments companies. This paper delves into the business case for APIs, types of APIs based on maturity and target customer base, and best practices and other design considerations for managing the API life cycle.

Business case for APIs in payments industry Application programming interfaces (APIs) are a set of functions or procedures that allow consumers to access features, data, or other services from a bank or payments organization in a secure, scalable, and accelerated manner. An API receives a service request and responds with an instant confirmation of service execution, attached with relevant associated information. For example, a payment initiation API offers a natural interface for real-time payments, where the API call is the payment initiation request and the API response indicates the endto-end execution of the payment. APIs help banks in: Enabling omnichannel service delivery with digital connectivity Improving product and service innovation through co-creation with external partners and developers Reducing cost and increasing speed of app development by supporting rapid prototyping and delivery Enabling the monetization of data and content by increasing the number of service channels, including partners and third-party developers Enhancing risk mitigation the upgraded information sharing between banks improve decision-making and mitigation measures regarding fraud prevention, know your customer (KYC), and anti-money laundering (AML) API types based on adoption maturity and target customers APIs should generate new value by either creating new revenue streams through innovative products or services (through aggregation of data from internal and external sources) or by improving the existing customer experience. Hence, while defining the API strategy, banks need to answer what they are opening up through APIs, with whom, and why. At the same time, proper risk management strategies should be in place to handle operational and reputational risks. Based on the adoption maturity and target customers, payment APIs can broadly be considered as follows: API type Private Partner Public / Open Maturity Low Medium High Client Internal Corporate Consumer Risk Low Medium High Example Enterprise apps Software-as-a-service (SaaS) and B2B Third-party apps

Moving from a private to a public API ecosystem requires increased maturity in order to ensure risk is managed at an operational level and also at a reputational level. Banks and payment organizations start their API journey with private APIs. These APIs are for internal consumption and it can be assumed that they are at low risk. With these, the enterprise has the most control and understanding of its user base, and has the maximum flexibility to make changes. Internal services are a special case when APIs are used for internal messaging. Once they get comfortable with private APIs, they venture into the partner API model where enterprises use API gateways to extend their business capabilities to partner with fintechs, banks, or other partner organizations in a controlled fashion. Partner APIs create an extra layer of complexity. In some ways, partners are like customers or workers; the enterprise has a relationship with them, and knows something about them, but they are still an external party. Any change needs to take into consideration impacts upon the partner systems, and may have contractual implications. The open or public API model is targeted toward consumers for improving customers' digital experience through mobile or other channels. These B2C initiatives get significantly more traffic as millions of end customers use these services. Public APIs are those either exposed for third-party apps to use via an enrollment process, or fully open access for anyone to call. These APIs allow organizations the least level of control, and the highest level of consideration for change, as reputational damage is possible with minimal recourse. Partnering with APIs in the B2B space APIs enable business customers to drive efficiency, agility, and realize new and innovative business capabilities by integrating with the bank s capabilities in a simple, cost-effective way while maintaining exemplary standards of control and security. Big corporates have world-class ERP products, but they will not be able to unlock their full potential unless their partnering bank responds effectively and efficiently for faster payments and to manage exceptions in other banking transactions. Hence, it is critical for banks to invest in such API capabilities. The broad scope of exposing client-facing APIs is to enable integration between the clients' internal systems with the banks' back-end systems. This will create a new channel for corporate clients to submit a large volume of transactions such as payment instructions in different but pre-agreed formats which facilitate straight-through processing, bypassing the user involvement toward both the client and the bank. This will also be used for other information exchanges from simple to complex scenarios, such as account balance enquiry to reconciliation information. The basic capabilities of APIs include: Support multiple formats as payment instructions can be generated from various internal applications of the client Support both single instruction and batch files containing multiple instructions having various transaction types, currencies, and geographies Offer various configurations and checks such as volume limit, velocity limit, and duplicate check, supporting varied client needs Corporate customer Financial institution Domain applications Customer mobile app Customer desktop UI Customer API client software Internet API gateway layer API gateway manager System of records Customer tablet app Domain applications Figure 1 Partnering with API in the B2B space

Public / Open APIs in the consumer space Changes driven by regulations Open APIs are getting a lot of traction in payments because of regulations such as PSD2 mandating open access for new types of payment providers such as money remitters, retailers, and phone companies who want to get into the payment services game. PSD2 mandates that financial service firms make it possible for customer data to be shared easily with third parties through APIs and to allow third parties to initiate payments directly from an account. Account servicing payment service providers (AS PSPs) also have to grant third-party providers (TPPs) access to their online account and payment services in a regulated way. Access to accounts rule (XS2A) will mandate that banks / PSPs facilitate secure access via API to the customer accounts and provide account details to third-party apps if the account holder wishes to do so. PSD2 XS2A will drive open banking, offering great potential for banks and financial institutions to innovate and create new revenue opportunities. Changes driven by partnership between innovative fintechs and legacy banks creating a win-win situation Banks and card networks are partnering with fintechs by opening up public APIs and developer portals. This way, they are able to monetize their data and services with support from the developer community. Consumers are also benefiting from this secured sharing of data (with consent) to receive customized offers from their transactions. Design considerations When looking at the APIs, there are many important aspects which banks have to consider, namely: Role of API in the overall digital future API architecture and management platform Security standards and policies API life cycle management Role of API in the overall digital future APIs play an increasingly critical role in connecting evolving application architectures with organizations adopting modern software development practices like microservices, multiple clouds, and platform-as-a-service (PaaS). Companies who are winning the API adoption race are following a comprehensive, methodical approach to their digital strategy. Role of APIs in the mobility, digital, and cloud space Mobility Digital Cloud Lightweight and mobile-data-friendly Support JavaScript object notation (JSON) easily; a data representation that aligns to mobile technologies Support rapid change which allows regular service improvements to be delivered Provide a simple mechanism for third parties to access banking business data and functionality The preferred engagement mechanism for the third-party development community, generating new monetization opportunities Pre-eminent interface for SaaS providers Pre-eminent management mechanism for cloud infrastructure Can simplify hybrid platform integration

API architecture APIs, being consumer use case-focused, can be developed and evolved more rapidly than traditional enterprise services tied to complex data models and extended change and release cycles. The following are a few best practices while designing and building APIs: APIs should be stable, reliable, and not confusing If users are confused, they may end up charging their customers the wrong amount, or not charging when needed. When working with payments, obviousness is especially valuable. Easyto-understand documentation and stable interface design are key to API adoption Availability and scalability of APIs are very important Choosing the right technologies, having good test coverage, and responsive monitoring helps to ensure consumers rarely get frustrated using your APIs APIs are building blocks Keep them simple. APIs should be designed to do one thing efficiently. If developers need to create more complex things, they can always combine APIs / microservices Follow standards In payments, open standards like ISO20022 are very flexible and used extensively RESTful API design Representational state transfer (RESTful) architecture is preferred for API design as it is simple and very effective for scale and performance API management platform (APIM) The cost of agility is increasing complexity as the number of APIs grow. In order to counter this, the API life cycle must be managed in a lightweight manner with significant business ownership and involvement. Specific technologies have been created (API management platforms APIM) to ensure that APIs are managed effectively. These provide low latency, and minimal coding approaches to API delivery. Opportunities for reuse and dependencies on enterprise services and data sources must be governed to ensure that complexity does not lead to increasing costs to deliver. API portals, an additional component of an effective APIM, provide the necessary systems of engagement for internal, partner, and third-party developers to support rapid agile delivery of APIs a capability not supported by traditional enterprise integration approaches. An API management platform provides additional capabilities above and beyond simple access control which supports improved business agility and reduced time to market, whilst controlling complexity. API management sits well on top of service-oriented architecture and provides services which are more aligned to specific use cases and therefore can be more rapidly developed than enterprise services. API management platforms provide the analytics and reporting capabilities that enable enterprises to measure usage, adoption, developer and partner engagement, traffic, throughput, latency, errors, and anomalies. An API management platform Provides a system of engagement for designers and developers (internal and external). Developer mindshare and net promoter score are key to API strategy and hence, banks are launching initiatives like hackathons, offering a range of easy-tointegrate APIs, and developing products with API accessibility in mind Provides a single (scalable) point of control for secured service access and enables enterprises to implement security and governance policies across all of their APIs Uses policy-driven implementation rather than bespoke coding, thus avoiding costly maintenance Decouples internal data structures and services from external consumers' view Aligns interfaces to the consumer use case (smaller and more focused), allowing more rapid delivery than full service modeling and providing business agility Improves reuse of internal services via service façade Manages the API life cycle as a product, providing a lightweight governance model and ensuring that potential complexity from API proliferation is managed Extracts operational and business insights from the API and app ecosystem Provides the ability to monetize APIs using different rate plans Ensures effective data caching and policy enforcement to improve the customer experience and deload backend systems

UI Layer Consuming app layer REST / JSON / Web service APIs API gateway layer Security Transformation Routing API caching Traffic management Core API catalog Control and governance Identity & access mgmt. API life cycle API design Non-run time SOAP / HTTPS / MQ SOAP / HTTPS / MQ Service orchestration ESB / BPM meditation / orchestration layer Business rules engine Transformation / Meditation Process caching SOAP / HTTPS / MQ System of records Domain applications Customer master Figure 2 - API management architecture API security considerations In today s extended enterprises, there is no longer a well-defined boundary to an organization s infrastructure due to dependencies on partners and third parties, as well as migration to hybrid and cloud infrastructures. APIs are dependent on the open Internet fabric and expose a broader range of more flexible access points to data and process. We have to approach security in new ways. The level of risk and how it is managed depends on the types of API being consumed, and the underlying business value and data sensitivity being exposed.

Customer mobile app Customer desktop UI Customer tablet app API threats DoS attacks SQL injections Message tampering Identity and session threats Service information leakage Parameter attacks Malicious code injection Business logic attacks API gateway layer API risk mitigation options Encrypt the message channel Detect malicious content Endpoint entitlement checks Standardize security implementation patterns Monitor, audit, log, and analyze traffic Encrypted API key validation Domain applications System of records Domain applications It is very important to have a comprehensive security strategy (zero-trust environment), comprising multiple security layers, and it should be designed based on considering possible security breaches in API technology. API life cycle In general, APIs should all be treated as products. They have a limited shelf life and a distinct life cycle. The API life cycle must be managed in a lightweight manner with significant business ownership and involvement. Managing APIs in a DevOps model through increased automation and app provisioning improves responsiveness and alignment between IT and business. Product planning Interface design Deployment Sharing Define Implement Publish Manage & retire Policy implementation Integration Standards review Monitor usage Elicit feedback Plan for change Deprecate and retire

Conclusion In today s social and sharing economy, APIs play a key role. Digital banks are increasingly adopting an API-first mentality to ensure they can meet ever-changing customer needs and regulatory directives. Effective use of APIs is helping banks to leverage their strength of huge legacy data with the power of accelerated digital changes driven by fintechs, developers, and other non-financial service communities, creating a win-win scenario for everyone. About the Authors Abhisek Bhowmik Lead Consultant, Cards & Payments Practice, Domain Consulting Group, Infosys Abhisek is a Lead Consultant working in the Cards & Payments Practice of Infosys. He is passionate about the role of digital innovation in transforming the financial services landscape, and focuses on new disruptive technologies and business models impacting the cards & payments industry. He has led multiple large payments transformation programs such as NPP (Australia), SEPA (Europe), etc. for top global banks. He can be reached at abhisek_bhowmik@infosys.com Vikas Goyal Senior Consultant, Enterprise Application Integration Practice, Infosys Vikas is a Senior Consultant working in the Enterprise Application Integration Practice of Infosys. He is an MBA and has advised some of the top banks in varied fields such as payments architecture, solution design, API road map, etc. He can be reached at vikas_goyal02@infosys.com For more information, contact askus@infosys.com 2017 Infosys Limited, Bengaluru, India. All Rights Reserved. Infosys believes the information in this document is accurate as of its publication date; such information is subject to change without notice. Infosys acknowledges the proprietary rights of other companies to the trademarks, product names, and such other intellectual property rights mentioned in this document. Except as expressly permitted, neither this documentation nor any part of it may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, printing, photocopying, recording, or otherwise, without the prior permission of Infosys Limited and/or any named intellectual property rights holders under this document. Stay Connected

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback