Open Banking Approach with SmartVista Technologies. Peter Theunis BPC Banking Technologies 2017 Mexico City bpcbt.com
What are Open API s Peter Theunis BPC Banking Technologies 2017 Mexico City bpcbt.com 2
True or False? Open API s are not a choice but a mandate for banks and payment organisations that want to be relevant in the future 3
Business Case for API s in the Payment industry APIs help banks in: Enabling omnichannel service delivery with digital connectivity Improving product and service innovation through co-creation with external partners and developers Reducing cost and increasing speed of app development by supporting rapid prototyping and delivery Enabling the monetization of data and content by increasing the number of service channels, including partners and third-party developers Enhancing risk mitigation the upgraded information sharing between banks improve decision-making and mitigation measures regarding fraud prevention, know your customer (KYC), and anti-money laundering (AML) 4
API types based on adoption maturity and target customers Payment API s can be considered as follows INTERNAL API (Agility) For Internal Clients Low Risk Proprietary PARTNER API (Collaboration) For Partners Medium Risk Standardised OPEN API (Innovation) For Consumers High Risk Open Standards 5
Major drivers for Open API Changes driven by regulations 6
Major drivers for Open API Changes driven by partnership between innovative Fintechs and legacy banks creating a win-win situation 7
Compliance cost or Revenue source? If compliance is a cost? Loss of Fees from Card- Based Transactions Loss of Customer Ownership and Insight, customers attrition Risk to become a utility -type bank Result: Huge investments with negative returns 8
Compliance cost or Revenue source? If compliance is a revenue source? 1. Create API Platform 2. Create business value Examples: Payments, Loans, Mortgages, PFM, Charity, Scoring, Investments, Insurance, Travel 3. Find new revenue streams 4. Compliance as a native part of growing APIs platform 9
Role of APIs in the mobility, digital, and cloud space Mobility Digital Cloud Lightweight and mobile data friendly A data representation that alligns to mobile technology Support rapid change Simple mechanisms for 3rdparties to provide access to banking business data and functionality Preferred egagement mechanism for the 3rdparty development community Pre-eminant interface for SaaS providers Simplification of hybrid platform integration 10
API Architecture APIs should be stable, reliable, and not confusing Availability and scalability of APIs are very important APIs are building blocks Follow standards RESTful API design 11
Security Considerations Customer mobile app Customer desktop UI Customer tablet app API Threats DoS attacks SQL injections Message tampering Identity and session threats Service information leakage Parameter attacks Malicious code injection Business logic attacks API Layer API Risk Metigation Options Encrypt the message channel Detect malicious content Endpoint entitlement checks Standardize security implementation patterns Monitor, audit, log, and analyze traffic Encrypted API key validation Bank Applications Bank data 12
API Banking becomes reality 13
APIs manageability SmartVista Integration Platform as a core solution for Open Banking 14
SmartVista Integration Platform Key Advantages & Features Provides wide range of integration and customization capabilities Flexible architecture which can be adapted for any processing solutions High performance and availability, horizontal scalability Business Process Engine - flexible routing, add new entry points on the fly Transaction Monitoring and analysis of Business Process execution SDK - ISO-8583\XML WS\REST API interfaces constructor Create, expose, consume WS\OpenAPI interfaces 15
Key Concepts SmartVista Platform Instant Payments Systems, SEPA, EPAS 3 rd Party applications Utility Providers, Retailers Tokenization BPM SmartVista New Fraud Prevention Traditional Switches, ecommerce and CMS Core Banking CRM mbanking ebanking
High Level Architecture 17
BPM Based Routing 18
Great Integration Capabilities SmartVista Integration Platform ISO8583 => UMF message ISO 8583 implementation 1 ISO20022 => UMF message ISO 20022 implementation 1 Binary => UMF message BInary implementation 1 UMF message => ISO8583 ISO 8583 implementation 2 UMF message => ISO20022 ISO 20022 implementation 2 UMF message => Binary BInary implementation 2 Component provides the following adapters: Socket-based (e.g. ISO8583, BIC ISO, etc. ) Message Queues (e.g. IBM MQ, Apache MQ) SOAP web service/http (ISO20022, XML over WS or WS => UMF message Web service implementation 1 HTTP => UMF message Message Formatters Module UMF message => WS Web service implementation 2 UMF message => HTTP HTTP POST, etc.) REST API (e.g. OpenAPI spec. based) HTTP implementation 1 HTTP implementation 2 MQ => UMF message UMF message => MQ Message Queue implementation 1 Message Queue implementation 2 Batch => UMF message UMF message => Batch Batch implementation 1 Batch implementation 2 19
PSD2 Ready Solution Architecture 20
Thank you BPC Banking Technologies 2017 Mexico City bpcbt.com