Over the first few years of the digital transformation, everything we heard was coming sounded more like a letter to Father Christmas from new-technology fans than tangible reality. That cash would disappear; that everyone would have more than one mobile; that we’d have on-demand television (and, often, not even use the physical device any more); that we’d buy things with just one click; that robots would be part of our daily lives… Some of these things are already here, and few of us could imagine the world without them. Others are still settling in, but no longer sound like science fiction.
In sectors like banking, the revolution is also changing the model. Users want the digital experience they get in other sectors from their financial relationships, too. But not at any cost or under any conditions. In this arena, the advantages and capacities of banking APIs to boost security and prevent fraud are a great ally in the transformation of the banking sector.
Don’t let fear get in the way
Resistance to change is always related to fear. And fear is intimately tied to the idea of security (or lack thereof). So, for the wheel of digital transformation to continue rolling (and with it the many great social and economic opportunities it opens up), we must fight fear and lack of security. This is the case in any arena, but when we’re talking about data that directly affects our economic peace of mind, the mistrust grows. Here two parallel processes are underway: on the one hand, institutions, companies and governments are encouraging open banking, letting in new players who move comfortably in the new virtual models; and, on the other, stricter data regulations regarding the use of personal data and reinforcing security (for example, with regard to authentication to prevent fraud and identity theft).
Although it may seem that these two trends are moving in opposite directions, really they are complementary. There are several strategic elements that make open banking and client/company security possible. And banking APIs are one of these elements (if not the main one).
APIs: innovating without sacrificing security
To start off, let’s look at what APIs are and how they work. API stands for Application Programming Interface and, as the name says, it is a series of commands, protocols, etc. (in short, software) that allow one application to connect to and interact with another. To do so, users don’t have to program new software or have in-depth understanding of the program they are using. To give an example, it would be like giving you a guest pass to a private pool; you can use the facilities as a guest but aren’t authorised to become a member of the club.
The new European payments directive (PSD2), in force in the EU since January, establishes that APIs are the way banks can give new operators in the financial services sector (FinTech companies, large tech companies, known as GAFA, etc.) access to certain data. As there are regulations regarding who has access to certain data belonging to banking clients, how it can be accessed (one of the requirements is that it must be with prior authorisation from the client) and, at the same time, the directive includes a whole series of new security measures (like SCA, or Strong Customer Authentication), APIs have become a tool for facilitating the opening up of the market and also guarantor of security.
It’s also good to remember that open APIs allow, for example, a company to complete a secure payment from a consumer through their bank, without compromising the client’s data (as could happen if they had to use their own software on the website to access the data). In short, with APIs everyone wins: clients (who get new products and ways of interacting with traditional banks and new players), the banking sector (which is diversifying its offering and shoring up its role in an ever-changing business model) and all the companies that, either by developing APIs or taking advantage of those that already exist, are enriching their services.