APIs’ adoption has been an important catalyst in digital-first banking, allowing FIs, FinTechs and other players to collaborate on new tools while also enabling compatibility between third-party apps and bank financial data.
They are especially prevalent in Europe, where the EU’s PSD2 legislation requires their use to ensure the continent’s financial industry has access to the latest technologies.
Rollouts have not been entirely smooth, however. A lack of standardization before PSD2’s implementation meant banks were working toward multiple objectives at the same time, which required app developers to ensure their products were compatible with dozens of APIs, hindering the latter’s adoption.
“When you offer corporates an API and say that this is the API for the future, you want to make sure that the next bank is not coming along with another so-called standard,” Christoph Berentzen, head of API banking at Germany-based Commerzbank, told PYMNTS in a recent interview.
APIs’ benefits, including increased security and access to new data sources, mean banks should not delay in developing these rules, he added. The sooner financial institutions (FIs) and FinTechs can agree on concrete standards, the sooner digital-first banking innovations can be accelerated.
Gathering and Security
One of APIs’ core benefits is that they allow banks to tap into data sources they could not previously access, Berentzen explained. Much of the data third-party apps aggregate using bank APIs is shared with FIs, granting them wider views of their customers’ financial lifestyles than they could independently obtain.
“We have new opportunities in gaining customer insights from personal financial management platforms, and we are able to contact customers and to generate prospects at different points of purchase, where we can place offerings and collect data,” he said. “We do that a lot with white label applications in the loan sector, and it’s somewhere I see great opportunities for banks.”
APIs’ security benefits are also proving helpful in digital banking, Berentzen explained. They aid FIs in automatically providing security for all transactions, rather than requiring developers to create their own authentication systems. Fraudsters will always choose the weakest entry point when presented with multiple, so having a single authentication procedure rather than several login portals from each developer limits their access to bank accounts. APIs typically secure data through tokenization, with sensitive data elements replaced with non-sensitive tokens, like randomly generated numbers used in place of the actual data, such as passwords.
“In my view, it’s more secure than everything that we had before, technology-wise,” he noted. “Each API comes along with a lot of standard security features [like tokenization and authentication] that ensure … secure end-to-end communication.”
These APIs are earning their keep as the COVID-19 pandemic forces banks to radically shift their business models amid social distancing and stay-at-home orders. Digital banking is keeping many FIs in touch with their customers, with APIs ensuring quick and secure access to bank information through digital banking apps.
Aiding Social Distancing
Banks have largely been designated as essential businesses in countries affected by COVID-19, and governments allowed them to remain open while retailers and other companies were forced to temporarily shut down. The fear of exposure from in-person interactions has caused bank traffic to decline, however, and many FIs have thus closed their doors or shifted to appointment-only operations.
Customers still need access to their financial products, regardless of whether brick-and-mortar branches are available, and they are thus taking to digital banking instead. These customers require the same services online as they do at physical branch locations, which has forced banks to adapt to increased demand.
“[COVID-19] brought high pressure on digitalization from a customer perspective,” Berentzen explained. “We all have customers [who] are not able to go into a branch, so they needed more functionality with the online tools and applications.”
APIs have enabled banks to bring features online at a much faster pace as the FinTech partners that develop necessary apps can instantly access their APIs during creation. Some features were previously only available in bank branches, like loan applications, while others — such as access to emergency relief — are new measures intended to help customers through the current economic downturn. Germany is issuing more than €26 billion ($28.2 billion) in emergency loans, for example, and local banks have been able to harness APIs to quickly enable consumers to apply for the funds online.
“We’re able to provide all the features and services that our customers need in our [in-branch] service line to the app much faster than was required before,” Berentzen said. “[APIs allowed us to be] much faster in creating a website as we did for [COVID-19] loans.”
APIs are not foolproof, though, and every FI in the world would be using them if they solved every possible problem. There are several challenges involved in usage, the largest of which is a lack of standardization.
Any new technology requires agreement on its functionalities and compatibilities before it sees universal implementation, and APIs are no exception. Apps intended to access data from a large number of banks are required to develop individualized systems for each API they intend to leverage. This means a lack of API standardization is especially disruptive because it negates the whole point of the technology: to promote interoperability between FinTechs and bank systems.
“When everything is new to everyone, including the banks, customers and partners, [then] there are no standards available, and in an API context [that] is very challenging,” Berentzen explained. “The big corporates don't want to integrate the payments APIs of the six different banks they are using; they want to have just one standard that is available for all.”
Industry regulators are working to mandate a single standardization, however. Regulations like PSD2 are mandating that European banks adopt open banking standards and APIs to encourage greater cooperation with FinTechs, with the ultimate goal of providing customers greater control over their personal data.
“From the first bank [ever created] on, … customers didn't want account data to be shared with anyone,” Berentzen said. “But the banks [have now] realized that PSD2 will [provide] a lot of great opportunities for our own architecture and technology.”
Changing attitudes around open banking and APIs may drive advancements in the future, Berentzen noted. Digital-first technologies were hindered by a lack of cooperation until the advent of APIs, but open banking could allow FIs to innovate quickly and with more access to data than ever before.