The role of application programming interfaces (APIs) in banking and B2B payments has grown progressively larger over recent years, especially overseas. The United Kingdom has more than 200 providers developing APIs, for example, and these developers made 200 million requests for bank data via APIs just in January.
These APIs are constantly threatened by fraud, however. Bad actors often find them a more appealing target than the apps to which they are connected, as they can bypass in-app authentication procedures and seize control of all connected apps at the same time by infiltrating the API’s code. Banks are working on a range of security solutions to stop them, including periodic API key rotation and advanced machine learning (ML) systems that can detect anomalous behavior.
In the June B2B API Tracker®, PYMNTS explores the latest in the world of B2B APIs, including new API-based payment solutions from Aspire and EMQ, B2B payment obstacles like slow processing times that APIs are working to solve and the security threats to APIs that plague banks and apps.
One particularly complicated B2B payment procedure is cross-border transactions, which face slow processing times and overlapping regulations from both the sending and receiving countries. Global financial settlement network EMQ recently unveiled a new solution to help ease these payments by leveraging bank APIs to connect with payment service providers. EMQ partnered with Bank Indonesia to develop the solution and is targeting businesses with particularly high cross-border transaction volumes.
Another B2B transaction pain point is corporate credit cards, which often rely on legacy software and tedious paperwork to conduct and verify their use. A new solution from Singapore-based Aspire, in partnership with credit card giant Visa and FinTech Nium, aims to simplify these verifications by providing cash flow monitoring and expense tracking services. Visa will be providing access to capital to find the projection, while Nium’s APIs will connect the card to issuing banks.
The Australian government is conducting a nationwide push for APIs and open banking, meanwhile, with its regulatory body Australia Competition and Consumer Commission (ACCC) issuing licenses for organizations to access account data from the four largest banks in Australia. FinTech Frollo recently became the first non-bank to be granted access to this data when the ACCC offered it accredited data recipient (ADR) status. The FinTech will also be able to access data from banks, energy and telecommunications companies when open banking officially begins in Australia in July.
For more on these and other B2B API news items, download this month’s Tracker.
Nordea Bank On Providing Security For B2B Payments APIs
Slow processing times and a lingering reliance on paper checks have long plagued B2B payments, leading to frustration and inefficiency. The shift to APIs to process these payments has mitigated many of these issues, but it has also opened up new avenues for fraud. For this month’s Feature Story, PYMNTS spoke with Tino Kam, head of transaction banking at Finland-based Nordea Bank, and Ulrika Claesson, the bank’s commercial business developer for open banking, about how the need for real-time payments has necessitated equally fast security measures before stolen funds are lost forever.
There were more than 473 million fraud attempts conducted against APIs between December 2017 and November 2019, with bad actors leveraging a plethora of techniques like credential abuse, SQL injections and distributed denial-of-service (DDoS) attacks. Banks’ defenses must be equally diverse if they wish to stand a chance against the rising tide of fraud. This month’s Deep Dive explores how fraudsters are leveraging a multitude of tactics to infiltrate bank APIs, as well as how tools such as multi-factor authentication (MFA) and ML are being wielded to stop them.
About The Tracker