BPCBankingTechnologies2017MexicoCity bpcbt.com

Open Banking Approach with SmartVista Technologies.

PeterTheunis

BPCBankingTechnologies2017MexicoCity bpcbt.com

WhatareOpenAPI’sPeterTheunis

2

Open API’s are not a choice but

a mandate for banks and payment organisationsthat want to be relevant in the future

3

True or False ?

Business Case for API’s in the Payment industry

• Enabling omnichannel service delivery with digital connectivity

• Improving product and service innovation through co-creation with external partners and developers

• Reducing cost and increasing speed of app development by supporting rapid prototyping and delivery

• Enabling the monetization of data and content by increasing the number of service channels, including partners and third-party developers

• Enhancing risk mitigation – the upgraded information sharing between banks improve decision-making and mitigation measures regarding fraud prevention, know your customer (KYC), and anti-money laundering (AML)

APIs help banks in:

4

INTERNALAPI(Agility)

ForInternalClientsLowRiskProprietary

PARTNERAPI(Collaboration)

ForPartnersMediumRiskStandardised

OPENAPI(Innovation)

ForConsumersHighRiskOpenStandards

API types based on adoption maturity and target customers Payment API’s can be considered as follows

5

Major drivers for Open API’

Changes driven by regulations

6

Major drivers for Open API’

Changes driven by partnership between innovative Fintechsand legacy banks creating a win-win situation

7

Compliance cost or Revenue source?

Result: Huge investments with negative returns

If compliance is a cost?

8

LossofFeesfromCard-Based

Transactions

LossofCustomer‘Ownership’andInsight,customersattrition

Risktobecomea

‘utility’-typebank

1. Create API Platform

2. Create business valueExamples: Payments, Loans, Mortgages, PFM, Charity, Scoring, Investments, Insurance, Travel

3. Find new revenue streams

4. Compliance as a native part of growing APIs platform

9

Compliance cost or Revenue source?If compliance is a revenue source?

Role of APIs in the mobility, digital, and cloud space

10

Mobility Digital Cloud

• Lightweightandmobiledatafriendly

• Adatarepresentationthatalligns tomobiletechnology

• Supportrapidchange

• Simplemechanismsfor3rdpartiestoprovideaccesstobankingbusinessdataandfunctionality

• Preferredegagement mechanismforthe3rdpartydevelopmentcommunity

• Pre-eminant interfaceforSaaSproviders

• Simplificationofhybridplatformintegration

API Architecture

• APIs should be stable, reliable, and not confusing

• Availability and scalability of APIs are very important

• APIs are building blocks

• Follow standards

• RESTful API design

11

Security Considerations

12

APILayer

APIThreats• DoS attacks• SQLinjections• Messagetampering• Identityandsessionthreats• Serviceinformationleakage• Parameterattacks• Maliciouscodeinjection• Businesslogicattacks

APIRiskMetigation Options• Encryptthemessagechannel• Detectmaliciouscontent• Endpointentitlementchecks• Standardizesecurity

implementationpatterns• Monitor,audit,log,andanalyze

traffic• EncryptedAPIkeyvalidation

Customermobileapp CustomerdesktopUI Customertabletapp

BankApplications Bankdata

API Banking becomes reality

13

14

APIs manageability

SmartVista Integration Platform as a core solution for Open Banking

SmartVista Integration Platform

• Provides wide range of integration and customization capabilities

• Flexible architecture which can be adapted for any processing solutions

• High performance and availability, horizontal scalability

• Business Process Engine - flexible routing, add new entry points on the fly

• Transaction Monitoring and analysis of Business Process execution

• SDK - ISO-8583\XML WS\REST API interfaces constructor

• Create, expose, consume WS\OpenAPI interfaces

Key Advantages & Features

15

Key ConceptsSmartVista Platform

TraditionalSwitches,eCommerce andCMS

SmartVistaNewFraudPrevention

CoreBankingCRM

mBankingeBanking

InstantPaymentsSystems,SEPA,EPAS 3rd Partyapplications UtilityProviders,

Retailers

Tokenization BPM

High Level Architecture

17

BPM Based Routing

18

ISO8583=>UMFmessageISO8583

implementation1

WS=>UMFmessageWebservice

implementation1

Binary=>UMFmessageBInary

implementation1

HTTP=>UMFmessageHTTP

implementation 1

MessageFormattersModule

ISO20022=>UMFmessageISO20022

implementation1

MQ=>UMFmessageMessage Queue

implementation 1

Batch=>UMFmessageBatch

implementation 1

UMFmessage=>ISO8583ISO8583

implementation2

UMFmessage=>WSWebservice

implementation2

UMFmessage=>BinaryBInary

implementation2

UMFmessage=>HTTPHTTP

implementation 2

UMFmessage=>ISO20022ISO20022

implementation2

UMFmessage=>MQMessage Queue

implementation 2

UMFmessage=>BatchBatch

implementation 2

Component provides the following adapters:

• Socket-based (e.g. ISO8583, BIC ISO, etc. )

• Message Queues (e.g. IBM MQ, Apache MQ)

• SOAP web service/http (ISO20022, XML over WS or

HTTP POST, etc.)

• REST API (e.g. OpenAPI spec. based)

Great Integration CapabilitiesSmartVista Integration Platform

19

PSD2 Ready Solution Architecture

20

BPCBankingTechnologies2017MexicoCity bpcbt.com

Thankyou