By Steven Chung and Bob Paajanen
As financial institutions find their way into the digital world, they face competition from several non-bank forces, including FinTechs and Big Tech companies like Apple, Google, and Amazon. FinTechs and Big Tech have begun rewriting the rules for the finance industry creating new ways of banking and new revenue streams. By offering speed, innovation, and unbundled financial services, digital non-banking entities are luring away customers from banks and credit unions. Open banking promises financial institutions an entry into the changing banking ecosystem by tapping into third-party application programming interfaces (APIs). But without the right strategy, banks may find themselves saddled with high costs, low time to value, vulnerable data systems, and no ROI to show.
As API adoption grows, so does the concern around how these APIs will be built or bought; how they will be managed; and the security and privacy risks that they present.
API Standardization and Documentation
The biggest concern around API adoption is standardization with more than 52% of organizations finding it a challenge. Unfortunately, there is no universal identity management framework which means that companies must rely on their developers to build their own management systems. Without proper documentation or style guides, different teams of developers within the organization may come up with varying standards for how the APIs are built and consumed, leading to issues with integration and management. The ‘State of Software Quality: API 2021’ study by SmartBear found that 54% of respondents pegged “accurate and detailed documentation” as the second most important characteristic they needed in an API as an API consumer, ease of use being the topmost. Yet, close to 40% of the respondents did not use API management software or were using an in-house API management tool.
As banks use more APIs to enable digital businesses and provide web and mobile experiences to customers, the chances of security breaches also go up. There have been several incidents of API attacks and data leaks this year alone. API security is made worse by the fact that many organizations lack an inventory of the APIs they create or use from third parties. Research firm Gartner found that the common theme among many of the API breaches was that “the breached organization didn’t know about their unsecured API until it was too late.” Sadly, there is no tool that will automatically discover vulnerabilities in the APIs. Implementing API threat protection and access control will require endpoint security (processes, infrastructure, and protocols). Without an API management platform in place, this will present further challenges.
“By 2022, API abuses will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications.”
API Governance standards and privacy regulations
Government-dictated compliance frameworks around APIs are still some time away for Canadian financial institutions. This means that developers at banks and credit unions must rely on varying standards, including security standards, when it comes to how API integrations will work and be used. Without governance standards, financial institutions run the risk of exposing themselves to fraudulent third parties and exposing customer information in ways that could be used against their interests.
API Reliability & Performance
To support new functionalities and user experiences, developers in financial institutions are relying more and more on third-party APIs, APIs from business partners, and from other business units within the enterprise. Many of these APIs are licensed from providers that also look after their daily operations. Due to the composite nature of these applications, an outage with one third-party API can impact any application that is using that API. As of April 2022, there were close to 7.8 million failed API calls in the UK according to Open Banking Implementation Entity (OBIE). The financial entities with the most failed calls are the big banks including Barclays, Lloyds, and HSBC. Frequent API errors create a negative impact on customer experience and may lead to discontinued product use.
Is your bank ready to adopt open banking?
API integrations are a necessity as we move towards an open banking system. Financial institutions must have a clear strategy on how they want to implement, govern, monetize, and market APIs to ensure a frictionless customer experience and better business results.
Blanc Labs has partnered with Axway to provide specialized solutions that make API integrations and management more efficient and cost-effective. Benefits of our unified API platform include:
- Increased productivity, as developers are easily able to find and repurpose APIs instead of duplicating efforts or wasting time searching for them.
- Less technical complexity by unifying and simplifying API services across the organization
- Better security through a unified view of all APIs
- Faster upgrades of legacy systems through an API-first layer allowing you to add new services more easily
- More robust governance through centralized documentation that multiple teams of developers can reference
Book a demo or discovery session with Blanc Labs to learn about the impact of our API solutions for banking.