Why Authentication And Real-Time Tracking Are Key To API Security

APIs have drastically accelerated B2B payments, but with automation comes more risk, ranging from credential abuse to SQL attacks. Such lapses in security, according to Nordea Bank executives Tino Kam and Ulrika Claesson, often result in payments being intercepted by bad actors and a betrayal of consumer trust. In this month’s B2B API Tracker, Kam and Claesson discuss how the shift to instant payments necessitates real-time recipient validation.

B2B payments are rife with frictions, including high processing costs, slow transaction times and industry players’ reluctance to embrace electronic payments in lieu of paper checks. Application programming interfaces (APIs) have made these transactions simpler and quicker and more organizations are making their payments electronically each year. The share of B2B transactions conducted via check has fallen 50 percent since 2004 and hit an all-time low of 42 percent last September, for example.

Ensuring such payments are secure from bad actors is a priority for the banks that process them. Any intercepted transaction sent to a fraudster could permanently shake businesses’ faith in the value of paperless B2B payments, and the financial institutions (FIs) that process them could lose customers.

“From an instant payment perspective, it has now become much more important to be able to manage the fraud in real time online,” said Tino Kam, head of transaction banking at Finland-based Nordea Bank, in a recent interview with PYMNTS.

Kam and Ulrika Claesson, the FI’s commercial business developer for open banking, explained the benefits of APIs for B2B payments, such as accelerated transaction speeds and increased automation. These transactions are not without security risks, they added, meaning banks must be on the lookout for fraudsters seeking to intercept B2B payments.

Benefits Of APIs 

The biggest advantage of harnessing APIs for B2B payments is their ability to drive automation, Claesson noted. B2B payments traditionally involved tedious manual bookkeeping and companies had to ensure they were deposited correctly and accounted for on their taxes.

“When we talk about [B2B payments] for any corporate customer of ours, there’s still a lot of manual and time-consuming work by our corporate customers,” Claesson noted. “There’s not only a need [to automate], but also [to improve] the use of the data in providing advice toward the customer in a more practical way.”

APIs’ automation accelerates these transactions’ speeds, with critical steps like authentication and other security or compliance measures handled by them directly rather than redundant processes at each end of the payment. APIs can track these transfers in real time, too, and senders or receivers can then remedy situations like regulatory holdups or delays.

“What we see more and more is that our industry, our corporate [partners] and third parties are using these capabilities in use cases where they need real-time updates,” Kam said. “We’re seeing a shift toward not only real-time payments, but also real-time treasury management, real-time forecasting and real-time fraud detection.”

Fraud detection is a vital consideration when developing APIs for B2B payments because their speed means any intercepted transaction is likely lost forever. Banks mus therefore ensure their payments do not fall into fraudsters’ hands, which could result in lost payments and loyalty from their business customers.

API security

Security is of utmost importance when using APIs in B2B payments, Claesson explained, and authenticating recipients is crucial in preventing fraud. Many methods involve APIs accessing data from other banks, which is used to cross-reference recipients’ previous transactions and ensure clients are who they say they are.

“We look at real-time connections to other banks to validate the receiver before actually sending a payment,” Kam explained. “We want to make sure that before we make a payment, the receiver is the right one.”

Any authentication lapse could result in funds intercepted or sent to the wrong recipient, both of which mean lost funds for the bank and angry customers. Businesses are also now expecting instant payments, putting the onus on banks to immediately validate recipients.

Fraud prevention also requires adherence to regulatory guidelines to ensure B2B payments are not violating laws in the jurisdictions in which their customers transact. This compliance is especially important in cross-border payments as said laws can vary between sending and receiving countries.

API security issues are not the financial industry’s only problems, though. API implementation is also facing the financial obstacle of restructuring core banking systems to introduce technology.

Future of APIs 

APIs’ numerous B2B payment benefits are often overshadowed by the fact that implementation typically requires costly, time-consuming, head-to-toe overhauls of FIs’ legacy banking systems. These investments will eventually pay off, Kam explained, but the upfront cost is enough to make many banks eschew their API usage altogether.

“You see a lot of [new] FinTech companies and digital-only banks that are fully API-based,” he said. “But, a lot of these large banks obviously have a lot of legacy [software], which slows [them] down in these types of developments and makes them complex and expensive.”

FIs that bite the bullet and revamp their systems to integrate APIs must have the right mindset going into the development process, however. The goal should not be implementing APIs just because they are the hot new trend, Claesson said, but rather making sure customers and partners have the tools they need to improve their product development.

“Having the right mindset is critical, because by just providing a catalog of APIs, you don’t get a return on your investment,” she noted. “You need to be looking at the customers’ needs and key pain points when thinking about APIs.”

This customer-focused perspective could help ease banks’ operations beyond the field of B2B payments. Other APIs could provide services such as budget monitoring, investment tracking and peer-to-peer (P2P) payments, all of which could satisfy different segments of bank patrons. Happy customers are loyal customers, and those that appreciate secure and seamless APIs will be more likely to continue doing business with their banks.