a good thing!
Innovating the Customer Experience with Financial APIs
Meeting the expectations of today’s consumers is more challenging than ever before, especially in the financial services industry. Although your customers use multiple institutions for various banking products like mortgages, business banking, credit cards, insurance, etc., they expect everything to work together, smoothly and in real time. Fail to deliver on those expectations, and it’s relatively easy for consumers to move from your offerings to those of your competitors.
The key to delivering what your customers want lies in integrating your financial products and accounts into the consumer lifestyle. By enabling your end users to seamlessly interact with many different service providers, you empower them to manage their accounts in ways tailored to their individual situations, thus taking control of their financial lives.
The higher the level of personalization you’re offering, however, the higher amount of sensitive data you’re potentially serving up—and the higher the security risks. Financial institutions are notoriously attractive targets for bad actors, as bank robber Willie Sutton apocryphally explained, “because that’s where the money is.” In today’s digital age, “the money” translates to a wealth of personally identifiable information (PII) and other sensitive data that hackers and other malicious individuals would love to exploit.
To protect from breach while meeting consumer expectations of ease and flexibility, finserv companies are increasingly turning to secure APIs that are focused on improving the end user experience. Customer financial APIs create the pathways that allow you to provide customers with what they want, and when they are properly secured against the risks introduced by this new potential attack vector, your institution reaps the benefits of deeper customer engagement.
APIs are nothing new to banks, insurance companies and other financial institutions. We’re in the midst of a virtual explosion of APIs, with roughly 75% of organizations developing both internal and public-facing APIs, according to a recent SmartBear report. Your enterprise likely has operations APIs for efficiency in areas like customer support and HR, product APIs for financial products and apps that talk directly to another system in real time through an API integration, and partner APIs for limited use cases where you might, say, require a VPN connection to access.
This article focuses on a specific type of APIs: customer financial APIs. This set of APIs gives you a way to serve your customers what they want with regards to their own accounts and financial needs. For example, when a user initiates payment with a merchant, the merchant can use a bank API to execute the transaction, and your enterprise can add an additional security factor to the workflow before allowing the payment to go through. The higher level of authentication assurance not only reduces fraud, but also results in customer benefits like detailed authorization requests so the customer knows what they’re approving. Customer financial APIs help you deliver:
When you open up visibility across multiple institutions and providers so your customers can manage their financial lives, they respond with loyalty and trust. Therefore, it’s up to you to meet your customers where they are and wherever they go. You’ll find them in places like the personal budgeting software application You Need A Budget, online finance management app Mint, and the payments platform Stripe for your corporate customers. These apps exist whether your financial institution is involved or not, but you can become integrated and embedded in the financial app ecosystem when you offer open APIs (also known as web APIs or open web APIs) that are accessible openly by any third-party developer who registers for access.
By doing so, you help your customers with real-time, seamless experiences, reducing the brittle nature of integrations across financial institutions. Customers also gain the ability to manage and revoke consent to share their data and direct payments with third parties directly from the online banking portals you give them, empowering them through transparency and control of their account and data privacy.
Consider a current use case that could be greatly improved with customer data APIs: account aggregation & dashboards. Aggregation services, which compile information from different financial accounts into a single place, have been around for more than a decade, and it’s fair to say that every bank wishes they were the aggregators themselves. But in the absence of customer account data APIs, these aggregators use the risky practice of screen scraping. It works like this:
Screen scraping is, simply put, scary. While it’s likely that the aggregators are encrypting the data they scrape, those security policies are out of your control, and it only takes one vulnerability to cause an overwhelming amount of damage. But if you try to block screen scraping and don’t offer an alternative for getting customer data out, your customers will go elsewhere. They likely aren’t aware of the overall security risks, and if they’ve been with your financial institution for a while, they’ve probably built up trust that you’re securing their money for them.
You can continue to earn that trust through APIs. By giving data aggregators a more secure channel to get that data instead of asking for your customers’ banking credentials, your customers still own their data privacy. At the same time, you can better granularly scope and limit the data being shared, plus capture customer consent and step-up authentication during setup if you wish.
Financial APIs are among the most popular API categories, which isn’t surprising when you consider that nearly all commercial enterprises need to be able to initiate payments—and the financial industry holds the most data of use to these organizations. Some financial enterprises are even “productizing” APIs, treating them as new sources of revenue and charging third parties for valuable direct integration.
But as the volume of financial APIs continues to grow, so do the security risks. Since APIs drive direct access to sensitive and critical business logic, applications and data within your financial systems, it makes them attractive targets for hackers. And since some APIs are external facing and the developers accessing them aren’t controlled by your security policies, these APIs are highly exposed, which introduces complexity in management and security beyond what an API Gateway alone can handle.
Identity and access management (IAM) plays a critical role in the emerging financial API economy by enabling security, openness and innovation for your financial enterprise. IAM means the right people access the right applications, services and APIs seamlessly and securely, with the right balance of strong user experience and optimal security.
The Ping Intelligent Identity Platform delivers six key IAM capabilities that are essential for ensuring API security:
By using Ping’s comprehensive IAM solution to enable financial-grade API security, you can take the lead in API innovation without risk of breach and fraud holding you back.
Consumers can open new accounts from any smart device in a matter of minutes. This doesn’t mean they are going to leave your institution for greener pastures, but today’s customers are likely to have more open, less exclusive relationships with financial service companies.
So give them the seamless experiences they want through APIs, intelligently secured on the backend through reusable, modern access management services. By leveraging Ping’s API security, you can provide customers with more personalized, flexible and innovative experiences.
To learn more about the Ping Intelligent Identity Platform’s proven, financial-grade, comprehensive IAM solution, watch our Shaping the Financial Ecosystem with Secure APIs webinar replay.