How APIs Safeguard Bank-FinTech Collaboration

Financial institutions (FIs) that don’t offer application program interfaces (APIs) are courting trouble. When FIs don’t enable secure data access via APIs, FinTech firms use riskier measures, like screen scraping, says Ismail Chaib, COO of TESOBE and the Open Bank Project. In this month’s B2B API Tracker, he explains why a global API strategy is critical to staying competitive and safe.

Open banking regulations like PSD2 are forcing many FIs to open up their data to third-party providers (TPPs), causing a wave of changes as its September launch date approaches. Changes are coming from elsewhere, too, with Australia mandating open banking by July and Israel working on an open banking API standard of its own. Nations where FIs are not required to provide data access to TPPs, however, may be wise to jump on the bandwagon.

Small and medium-sized businesses (SMBs) often satisfy their accounting and similar needs by relying on third-party software and services, requiring them to allow banking data access to their providers. But firms whose banks don’t possess APIs to smoothly transmit that information may resort to work-around solutions with weaker security measures, putting customers’ data at risk.

Such solutions can also overburden FIs’ websites and leave banks in the dark about their customers’ wants and needs, said Ismail Chaib, chief operating officer of software company TESOBE. The company’s Open Bank Project offers an open-source API platform to support firms’ open banking strategies. Chaib recently told PYMNTS why FIs need to adopt open banking and how the space is set to change in the coming years.

APIs vs. Screen Scraping

Third-party solutions that don’t rely on APIs can instead turn to methods like screen scraping to pull information for enterprise resource planning (ERP) systems, accounting software and other offerings. Screen scraping requires customers to supply their bank account login credentials to third parties, though, increasing the risk of data breaches and making it harder for banks to keep customers’ details safe. On the other hand, FIs using APIs can promote more secure access to data, Chaib said.

Screen scraping’s problems don’t stop at security, either. Third-party apps can also cause functionality issues by generating heavy traffic on banks’ websites.

Screen scraping puts a huge load and burden on the [bank’s] system,” Chaib said. “If you’re a bank where FinTechs are a big thing – like in the U.S. – you might have two million customers. Imagine all two million customers reading your systems through screen scraping.”

Chaib said APIs and their related management solutions can help banks better control this traffic and manage third-party interactions. Additionally, banks can analyze incoming API calls to assess who is accessing data and why, allowing them to determine which services customers find most appealing and better plan their operational strategies.

“Banks see a market for this,” Chaib said. “They can monetize data, monetize the API, reduce costs and make things more [efficient] internally. … What would make or break an API program [is whether it supports] the ability of banks to know, ‘What are the most-used APIs? What are people building today? What are people really interested in, in terms of use cases and apps?’”

Challenges and FinTech Needs

Banks can keep customers from turning to other services by providing their own APIs, and these solutions also help FIs gather more insights and reduce security risks. Banks can find it challenging, though, to determine which APIs will appeal to FinTechs and encourage them to create the services end customers want.

The APIs that most appeal to FinTechs are easy to use and tailor, Chaib said. Many developers prioritize being able to quickly find specific APIs, connect to them and start coding right away.

“It needs to be very easy [and] very quick to make your first API call and start getting into it. … The attention span across the board, and in FinTechs as well, is very short,” he said.

FinTechs also often desire sandbox testing environments with sample data. This helps them demonstrate their service proposals before they decide to pursue formal bank relationships. Chaib claimed FinTechs are especially peeved when banks close their developer portals after short testing periods and don’t follow up with developers on how the FinTechs can roll out the solutions they had been working on.

Banks also need compliance strategies to smoothly work with FinTech developers worldwide. This could require them to maintain different open API specifications to satisfy each region’s regulations and framework, including France’s STET, the U.K.’s open banking and the pan-European Berlin Group standards.

“Because of regulations, because of company-specific peculiarities, banks will end up having multiple API standards they will have to maintain and to manage,” Chaib predicted.

FIs around the world see great potential in offering open banking APIs, even if they’re not required to do so. Offering such solutions will allow them to draw more business, manage traffic, gain new customer insights and improve security. Not just any approach will do, though, and FIs must cater to FinTechs’ unique needs to encourage the latter to leverage their APIs. If all goes smoothly, FinTechs, FIs and end customers all stand to reap the benefits.