open banking approach with smartvista technologies. peter ... · bpc banking technologies 2017...
TRANSCRIPT
BPCBankingTechnologies2017MexicoCity bpcbt.com
Open Banking Approach with SmartVista Technologies.
PeterTheunis
BPCBankingTechnologies2017MexicoCity bpcbt.com
WhatareOpenAPI’sPeterTheunis
2
Open API’s are not a choice but
a mandate for banks and payment organisationsthat want to be relevant in the future
3
True or False ?
Business Case for API’s in the Payment industry
• Enabling omnichannel service delivery with digital connectivity
• Improving product and service innovation through co-creation with external partners and developers
• Reducing cost and increasing speed of app development by supporting rapid prototyping and delivery
• Enabling the monetization of data and content by increasing the number of service channels, including partners and third-party developers
• Enhancing risk mitigation – the upgraded information sharing between banks improve decision-making and mitigation measures regarding fraud prevention, know your customer (KYC), and anti-money laundering (AML)
APIs help banks in:
4
INTERNALAPI(Agility)
ForInternalClientsLowRiskProprietary
PARTNERAPI(Collaboration)
ForPartnersMediumRiskStandardised
OPENAPI(Innovation)
ForConsumersHighRiskOpenStandards
API types based on adoption maturity and target customers Payment API’s can be considered as follows
5
Major drivers for Open API’
Changes driven by regulations
6
Major drivers for Open API’
Changes driven by partnership between innovative Fintechsand legacy banks creating a win-win situation
7
Compliance cost or Revenue source?
Result: Huge investments with negative returns
If compliance is a cost?
8
LossofFeesfromCard-Based
Transactions
LossofCustomer‘Ownership’andInsight,customersattrition
Risktobecomea
‘utility’-typebank
1. Create API Platform
2. Create business valueExamples: Payments, Loans, Mortgages, PFM, Charity, Scoring, Investments, Insurance, Travel
3. Find new revenue streams
4. Compliance as a native part of growing APIs platform
9
Compliance cost or Revenue source?If compliance is a revenue source?
Role of APIs in the mobility, digital, and cloud space
10
Mobility Digital Cloud
• Lightweightandmobiledatafriendly
• Adatarepresentationthatalligns tomobiletechnology
• Supportrapidchange
• Simplemechanismsfor3rdpartiestoprovideaccesstobankingbusinessdataandfunctionality
• Preferredegagement mechanismforthe3rdpartydevelopmentcommunity
• Pre-eminant interfaceforSaaSproviders
• Simplificationofhybridplatformintegration
API Architecture
• APIs should be stable, reliable, and not confusing
• Availability and scalability of APIs are very important
• APIs are building blocks
• Follow standards
• RESTful API design
11
Security Considerations
12
APILayer
APIThreats• DoS attacks• SQLinjections• Messagetampering• Identityandsessionthreats• Serviceinformationleakage• Parameterattacks• Maliciouscodeinjection• Businesslogicattacks
APIRiskMetigation Options• Encryptthemessagechannel• Detectmaliciouscontent• Endpointentitlementchecks• Standardizesecurity
implementationpatterns• Monitor,audit,log,andanalyze
traffic• EncryptedAPIkeyvalidation
Customermobileapp CustomerdesktopUI Customertabletapp
BankApplications Bankdata
API Banking becomes reality
13
14
APIs manageability
SmartVista Integration Platform as a core solution for Open Banking
SmartVista Integration Platform
• Provides wide range of integration and customization capabilities
• Flexible architecture which can be adapted for any processing solutions
• High performance and availability, horizontal scalability
• Business Process Engine - flexible routing, add new entry points on the fly
• Transaction Monitoring and analysis of Business Process execution
• SDK - ISO-8583\XML WS\REST API interfaces constructor
• Create, expose, consume WS\OpenAPI interfaces
Key Advantages & Features
15
Key ConceptsSmartVista Platform
TraditionalSwitches,eCommerce andCMS
SmartVistaNewFraudPrevention
CoreBankingCRM
mBankingeBanking
InstantPaymentsSystems,SEPA,EPAS 3rd Partyapplications UtilityProviders,
Retailers
Tokenization BPM
High Level Architecture
17
BPM Based Routing
18
ISO8583=>UMFmessageISO8583
implementation1
WS=>UMFmessageWebservice
implementation1
Binary=>UMFmessageBInary
implementation1
HTTP=>UMFmessageHTTP
implementation 1
MessageFormattersModule
ISO20022=>UMFmessageISO20022
implementation1
MQ=>UMFmessageMessage Queue
implementation 1
Batch=>UMFmessageBatch
implementation 1
UMFmessage=>ISO8583ISO8583
implementation2
UMFmessage=>WSWebservice
implementation2
UMFmessage=>BinaryBInary
implementation2
UMFmessage=>HTTPHTTP
implementation 2
UMFmessage=>ISO20022ISO20022
implementation2
UMFmessage=>MQMessage Queue
implementation 2
UMFmessage=>BatchBatch
implementation 2
Component provides the following adapters:
• Socket-based (e.g. ISO8583, BIC ISO, etc. )
• Message Queues (e.g. IBM MQ, Apache MQ)
• SOAP web service/http (ISO20022, XML over WS or
HTTP POST, etc.)
• REST API (e.g. OpenAPI spec. based)
Great Integration CapabilitiesSmartVista Integration Platform
19
PSD2 Ready Solution Architecture
20
BPCBankingTechnologies2017MexicoCity bpcbt.com
Thankyou