<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=142903126066768&amp;ev=PageView&amp;noscript=1">

Balancing API Speed to Market with Data Security


Is your company working to develop or select a strong API (Application Program Interface) environment? If the answer is no, hustle quickly to remedy that problem. Over the past few weeks, MoneySummit has covered some of the benefits of re-orienting bank APIs towards Bank to Developer (B2D) and Banking as a Platform (BaaP) models. This week’s API focus: How can your company balance API speed to market with data security considerations?

The market for APIs is growing fast. Forrester estimates that over $3 billion will be spent on API management over the next five years. Technology firms have been heavily implementing API technologies for years and companies in financial services are only now beginning to catch up. The speed to market issue is both a blessing and a curse for such companies. While many have missed significant opportunities to build and own certain API segments, they are able to integrate existent APIs into their service offerings at a very low cost. While cost effective development is important, banks and credit unions should not be complacent. If technology firms end up developing and controlling a majority of the API functionality and data segments, financial institutions will lose out on their ability to generate revenue from platform based network transactions.  

The race is on to develop and deploy financial services APIs. In the last few weeks, the following events have turned heads:

  • Postman, creator of an API testing and management suite, announced a $7 million in Series A financing round from Nexus Venture Partners. Emerging as a side project in 2012, “Postman aims to help developers run, test, document, and share APIs”.
  • Mastercard has launched ‘Mastercard Developers’, “a new platform for developers that features 25 commerce APIs providing a wide range of capabilities across payments, data services, and security.” 
  • Last and largest, is Google. In September, Google deepened their commitment to APIs and enriched its API management capabilities further purchasing Apigee for $625 Million. Diane Green, Senior Vice President of Google said, “A good API needs to support security, give developers the freedom to work in the development environment of their choice and allow the company to continue to innovate its service while supporting a stable interface to the apps and services using the API.”

Why mention these developments and what do they have to do with banking? It is very important to review the venture and M&A space to see who has an interest in controlling banking API sectors such as payments and personal information transmission. As financial institutions have moved away from their original purpose (storage of physical cash/gold), they have essentially become sophisticated information transaction hubs with huge data repositories and fully digital customer services. Financial institutions are now technology companies — whether they like it or not. APIs are the software that connects applications, mobile platforms and back-end IT infrastructure together. Technology companies are simply responding to the API market more quickly and are taking market share away from banks. Banks and credit unions need to run, not walk, towards integrating high value API solutions to maintain market relevance.

However, in the rush to build API relevance, they must also consider how best to secure customer data. Merging legacy IT infrastructure with apps is not easy. Consider including the following security factors in your policy architecture as suggested by IT Pro Portal:

Authentication: To reliably identify users

Authorization: To give identified user/API access to appropriate resources/data

Encryption: To assure no information is available for unauthorized and validated access

Signatures: To ensure integration integrity

Vulnerability assessment: To prevent damaging attacks to users, providers, partners

If you are interested in developing your API system architecture or would like to learn more about how to protect your customer data, contact our MX team. Our Nexus API and our Atrium API can meet all of your needs on this front.