Today the whole world is moving towards open banking. It promotes interaction between participants in the financial market and other industries. Every day more and more banks, insurance companies, startups and fintechs are developing new applications and digital solutions. On the one hand, this increases competition, but on the other hand, the more services, the more the attention and trust of customers is eroded. And to take the next step in development, players need to join forces in creating common interfaces and establishing the exchange of customer and technology data.
A single system is easier to manage and secure, and the exchange of the latest developments will raise the overall level of technology while maintaining the competitive advantages of each participant. In such an ecosystem, it is easier to create innovative products and services, and not only companies, but also end consumers will benefit from the introduction of open banking.
A key role in open banking is played by open APIs (Application Programming Interface). Actually this is what we will talk about today.
In this article:
What is an open banking API?
Open Banking is a concept that you can use to create your own ecosystem of FinTech development services. In such an ecosystem, banks open access to data and their own services to Third Party Providers (TPP) companies. Those, in turn, can use the data to analyze and distribute products. This is achieved through Application Programming Interfaces (APIs), which allow TPP programs to interact with bank applications. The goal is to drive innovation in digital banking and accelerate the development of new financial applications and improved services for businesses and consumers.
Open Banking was initiated in 2018 by the UK Competition and Markets Authority (CMA), which directed banks to open their applications to TPP. In the same year, the European Union updated the Payment Services Directive (PSD2) for the same purpose, and introduced new security rules for accessing payment accounts and financial transactions.
A typical use of the Open Banking API is to aggregate data from various bank accounts into a single view provided by the TPP application. There are two types of TPP. Payment Initiation Service Providers (PISPs) connect to a customer's bank account and initiate payments on behalf of the customer. Account Information Service Providers (AISPs) connect to a customer's bank account to provide a financial service such as money management.
Benefits of Open Banking APIs
Since one of the long-term results of Open Banking will be increased competition, incumbent banks have been reluctant to accept it. They have historically competed with fintech companies to provide better financial services to their clients. But Open Banking actually provides banks with an opportunity to explore new business models where they collaborate and partner with emerging fintech companies and other banks instead of trying to compete with them. And customers benefit in the long run, as Open Banking gives them more control over their transactional data.
This is a win-win situation for both banking customer experience and financial institutions. The client gets better access and control over their accounts and finances, and can also take advantage of new features and services. Financial institutions can offer improved services to their customers and participate in the revenue-sharing ecosystem. According to an Insider Intelligence article titled How Open Banking and Banking APIs are Boosting FinTech Growth, the research firm "projects the potential for UK revenue generated by open banking-enabled SMBs and retail customers to reach $2". billion by 2024".
Banks, and therefore their customers, can be big winners by using the Open Banking API to open their applications to fintech. Some benefits include:
Fintech can generally innovate and develop new applications and functionality faster than the IT teams of incumbent banks. APIs represent a great opportunity for digital banks as they allow them to rapidly adopt new features and products by connecting to ready-to-use solutions. Ultimately, this contributes to the overall growth of financial companies and improves the quality and variety of services available on the platform. Connecting various services through the API means you can create your own solution in no time, which will work with tools and functions through the API.
Detailed information about clients.
Fintech companies can connect to bank customer data to gain insights into customer financial trends and patterns. APIs allow banks and fintech companies to provide a more positive customer experience or improve the quality of customer service, since through the API you can connect innovative solutions that are designed to speed up many processes or make them more efficient.
By leveraging financial trends and customer behavior patterns, fintech can increase customer engagement by offering personalized services and recommendations. Ultimately, APIs may have an impact on the future of banking. They will connect banks, financial institutions, service providers and consumers and help you use financial information safely and conveniently. This will increase the range of products and services that financial institutions can offer to a potentially wider customer base.
Banks using Open Banking APIs
In the financial industry, some of the most well-known and large banks, financial institutions, lenders and fintech startups are already using the Open Banking API to provide improved financial products and services. Here are some examples:
O2 Banking by Telefonica Deutschland
Telefonica Deutschland has launched a mobile-only bank account that offers transactions via mobile phone number, small instant credits and the best mobile data plans built on the platform of the German bank Fidor.
Integrate customer financial information into Wave
Wave billing and accounting software that uses banking APIs to connect to a user's bank account, giving their customers complete control over their business finances in one place.
PayPal - Siri integration
One good example is managing the PayPal service using the Siri voice assistant. Users of the service can now send and request monetary transactions with a simple voice command, "Hey Siri, send David $1,000 via PayPal."
Payments via Meta(Facebook) Messenger
Since Meta is one of the companies that dictates trends in the technology industry, they have also implemented the Open Banking API into their platform. Now users of Meta (Facebook) can transfer money to their friends and pay for goods without leaving the application. The company cooperates with such big financial players as Stripe, PayPal, Braintree, Visa, MasterCard and American Express.
Security risks when using Open Banking APIs
Opening banking applications for TPPs comes with risks that need to be considered. Fraud prevention should be a top priority for all parties. Frederik Mennes, head of OneSpan's Security Competence Center, categorizes these risks into three types.
First, financial institutions open up their systems and share consumer data with TPPs. Therefore, the financial institution is obliged to make sure that it works only with reliable thermal power plants. They cannot allow a malicious or unauthorized TPP to access their data.
Secondly, users of applications provided by TPPs must be properly authenticated to prevent unauthorized access when they access a bank account. This may require additional authentication such as Strong Client Authentication (SCA).
Thirdly, the IT infrastructure of the bank essentially now contains the IT infrastructure of the TPP. Thus, if data is leaked or otherwise compromised at the TPP, the bank may also suffer.
The first risk, described above, is associated with attempts by unauthorized TPPs to gain access to bank accounts. To protect against unauthorized access of this kind, banks may require TPPs to digitally sign all requests. TPPs must have a public/private key pair with an appropriate certificate issued by a trusted CA. This will allow the TPP to authenticate itself when communicating through open banking interfaces.
To mitigate the risk of unauthorized users accessing bank accounts, banks must use strong customer authentication and transaction monitoring in accordance with PSD2 requirements. Among other specifications, PSD2 mandates transaction authentication, where the level of authentication required to process a request depends on the level of risk of the requested transaction. For example, after logging into an online banking system, a customer's request for a balance check may be processed without problems, but a request to transfer funds may require the user to use strong authentication.
PSD2 and its related Technical Regulatory Standards (RTS) require fraud monitoring and Strong Customer Authentication (SCA) for most online payments, including those made through the Open Banking API. The SCA must apply to access to payment account information and to each payment initiation, including transactions through Open Banking, unless an exception applies under the RTS. Exceptions are not mandatory, but banks can take advantage of them if they decide to do so.
In the context of Open Banking fraud analytics programs, solutions such as OneSpan Risk Analytics support monitoring of events coming from TPPs running one or more Open Banking services through the Open Banking APIs published by the bank. OneSpan Risk Analytics provides pre-built rule scripts covering PSD2 fraud monitoring requirements, business logic, and typical fraud scenarios. These rules support digital banking channels, including Open Banking.
The open APIs required by PSD2 will lead to new, innovative banking services and applications. However, at the same time, banks must prevent criminals from accessing customer data and transactions. Therefore, banks and TPPs must be aware of the risks and offer sufficient protection. Learn more in this blog: PSD2 Open Banking APIs: How to Mitigate Risks.
Top 15 Open Banking APIs
Moneyhub Open Finance
Moneyhub is an open finance platform that includes connectivity to thousands of financial institutions, machine-learning powered finance analytics, engagement insights, and payments. The Moneyhub Open Finance API includes methods to manage accounts, beneficiaries, counterparties, transactions, spending analysis, savings goals, projects, tax, connections, payees, payments, users, and much more.
Dapi is a unified open banking API that allows developers to retrieve data on users' financial information and make payments within applications. Methods are available to obtain financial data about user identity, accounts, account balance, account transactions, and account metadata. Also to perform financial operations such as payments, on a users' behalf. Developers must register and conduct application creation in the Dapi dashboard.
Banno is a personal digital banking suite from Jack Henry & Associates, a banking technology provider. Bannon offers all open banking solutions and an API with methods to manage account aggregation, accounts, institutions, OAUTH and OpenID, tasks, transactions, and more.
ClickSWITCH enables easy direct bank deposit switching, in which users can choose which financial institution to deposit their payments, or switch to another choice. The ClickSWITCH API offers programmatic access to the service, with methods for managing employees, types, customers, targets, switches, webhooks and more.
Bank of America Push Notifications
The Bank of America Push Notifications API describes the expectation for push notification authentication, provides status updates for payment requests, notifies when a real-time payment is received, provides acknowledgment by receiver (ABR), and notifies when a U.S. real-time payment request for information (RFI) is received. Bank of America makes APIs available on the Bank of America Merrill Lynch CashPro API Developer Portal.
Tilisy provides an easy, secure way to download bank account data. The Tilisy business API enables developers to get bank account transactions and balances from all major banks. There are methods for user actions, accounts data, ASPSP country codes and more.
Treasury Prime provides financial services tools for fintechs and banks, including pre-built integrations with Marqeta, Alloy and Middledesk and developer-first APIs. The Treasury Prime API offers ways to automate banking needs, with methods to manage accounts, on-boarding, card issuing, payments, counter-parties, utilities, and more.
Brex is a financial technology services company with an open API to simplify the management of financial information for the company's partners. The Brex API enables developers programmatic access to manage onboarding, team, payments, transactions, accounting and more.
Solid (Solid Financial Technologies) is a financial technology platform that allows developers to create bank accounts, send payments and issue cards. The Solid API offers methods to manage account creation, spending controls on cards, receiving and sending payments, plus KYC, KYB, owner, bank accounts, contacts, transactions and more.
WorldFirst is an API for international payment integration. The API is useful for international businesses for funds-in and payments out, for marketplace sellers to get better exchange rates, and for receiving funds in foreign currencies. API methods are available to manage rates, deals, quote and book, recipients, payments, currency accounts and lookups.
The Bud API enables you with the ability to manage financial tools that gain programmatic access to services for; Open Banking Aggregation, Enrichment, Insights, Affordability, Recognition and more. It allows you to build features, applications and experiences with endpoints that follow RESTful principles that use http verbs such as; GET, POST, PUT, PATCH, and DELETE.
The Modern Treasury API enables ACH, wire, check, and RTP transactions in applications. Requests and responses are JSON formatted. The API can be used to manage payment orders, line items, counterparties, bank accounts, routing details, and addresses. Modern Treasury does not touch money directly; the API hooks into their clients' bank accounts, enabling them to move money and read activity.
The OpenPayd API lets you develop custom solutions to manage your organization’s payments. It offers an integration with the functionality needed for a modern finance department to manage the entire cash flow from collection to payout. OpenPayd provides a way to expand into international markets by connecting to the OpenPayd banking and payments infrastructure to scale payment flows, simplify treasury, process payments in real-time and reduce costs.
FinTecSystems is licensed by BaFin as a payment initiation and account information service. XS2A API is specialized in open banking and data analysis. It allows the access of bank accounts within a user's scope and offers AI-based turnovers categorization among many other PIS and AIS services.
Wise offers International banking services including online money transfers. The Wise Platform API enables developers to integrate the service and manage payouts and account information, banks, affiliates, receive money and open banking. Methods are available to manage users, transfers, comparison, addresses, borderless accounts and more.
Open banking is still fairly new to the banking industry. But financial institutions are already talking about taking the next step - Open Finance. Open Banking initiatives apply primarily to payment accounts. Now it's time to apply this concept to all accounts so that consumers can get a holistic view of their personal finances and financial data. There is no reason why the new services, technologies and benefits of Open Banking cannot be applied to other financial accounts such as mortgages, investments, pensions and insurance.