API Security For Open Banking Summit

API Security Summit - 21st November, 2018

8:30AM

Registration

9:00AM

Chair’s Welcome

Dave Tonge, CTO, Moneyhub

9:10AM

API standards: without them, are we floundering or innovating?Panel Discussion

  • Brainstorming what a universal API structure may look like and the accompanying standards and regulations
  • How can banks prepare for the upcoming regulatory changes?
  • Is finding a universal standard an old way of thinking? What’s the alternative?
  • Sustainability for TPPs when using unique APIs to communicate with each bank
  • Scalability of APIs with varied cross-country infrastructure
  • What the final RTS secure encryption standards should look like

Moderator:
Jacques Declas, CEO, 42 Crunch

Sam Everington, Lead Engineer, Open Banking & Payment Services, Starling Bank
Jean-Louis Rocchisani, Enterprise Architect, Société Générale
Dave Tonge, CTO, Moneyhub
Chris Michael, Head of Technology, Open Banking

10:10AM

OAuth and OpenID Connect for PSD2, Open Banking and Third-Party AccessSolution Spotlight

Third-party systems needing access to APIs is a challenge for many organisations, not only in financial services. In this talk, Travis will discuss how this can be done for Open Banking, PSD2 and also for other sectors where trust of third-parties is of great importance.

Travis Spencer, CEO, Curity

10:30AM

Implementing OAuthPresentation

  • The basics of implementing OAuth into an API
  • Preparing your API infrastructure and OAuth processes for the next step in PSD2
  • Using intrusion detection and heuristics engines with OAuth to allow your API to make better access decisions

Meghdeep Basu, API, Architecture, Integration, PSD2, Open Banking , Metro Bank (UK)

10:50AM

Networking Break

11:20AM

ProofID Managed IAM Platform for Open BankingSolution Spotlight

Deploying a PSD2 and OpenBanking compliant platform involves many components. Therefore within this session we will look at how the ProofID managed IAM platform can be utilised by both TPP’s and ASPSP’s allowing them to handle all their identity and security requirements, in turn giving them the ability to focus on running the leading services that will set your business apart.

Paul Heaney, CISO, ProofID

11:30AM

FAPI - Vanilla OAuth isn't enoughPresentation

  • OAuth 2.0 – is it a solid foundation or an outdated and failed standard?
  • What is FAPI and what attacks does it prevent?
  • Demonstration of attacks against many OAuth 2 APIs and how they can be prevented
  • Decoupled flows – how to support a new interaction flow without opening security holes
  • Standardisation – the unsung hero of security and an aid to innovation

Dave Tonge, CTO, Moneyhub

11:50AM

Do Open APIs Also Open Up The Attack Surface?Solution Spotlight

  • How Open APIs change the attack landscape
  • Why user authentication is necessary but not enough
  • How mobile app authentication can help

David Stewart, CEO, CriticalBlue

12:00PM

Cybersecurity concerns, digital identity and data integrity Roundtable

  • Does a secure API capable of scaling for use actually exist today?
  • Working together with the TPP for end-to-end security and facilitating a mutually beneficial relationship
  • Digital identity is the heart of the discussion: who’s authentication do you trust and how do you verify a consumer is the one making a transaction?
  • Practical security measures that can be implemented now
  • The impact of a data breach on the open banking initiative
  • Data integrity: who should have access to account information? For how long? What are the risks and countermeasures for errors? Does it comply with GDPR?

1:00PM

Networking Lunch

2:00PM

Real world use casesPANEL DISCUSSION

  • Practical examples of the adoption and implementation of microservices and APIs
  • Cross-industry APIs: what have other companies done to secure their APIs? What lessons can be learned for banking?

Moderator:
Dave Tonge, CTO, Moneyhub

Marco Tedone, Global Head of API, Integration & Microservices, HSBC
Alex Michael, Co-founder & CTO, Plum
Deepanshu Chauhan, Product Owner (DevOps and API Platform), Nationwide Building Society

2:40PM

Protecting Banking APIs Against Attacks

  • No, SSL and OAuth are not enough for full API security- there is a full spectrum of things to care about!
  • OAuth yes, but it must be used properly
  • Developers must be security-aware, but they can’t be responsible of API security
  • We need collaboration across Dev, Sec and Ops teams for better API security

Isabelle Mauny, CTO, 42 Crunch

3:00PM

Networking Break

3:30PM

Seizing the value of APIsPresentation

  • API monetisation and business models
  • How the API ecosystem is evolving
  • Cooperating with third parties and creating meaningful partnership propositions

Stepan Kouba, API & Third Party Leader, Česká Spořitelna

3:50PM

The business perspective: standardisation, security and customer usePANEL DISCUSSION

  • What’s being developed and how are APIs being sold and used by the customers?
  • Customer adoption: use analysis within FinTechs, and the lack of consumer and internal education
  • Providing a positive customer experience that successfully secures data
  • Lessons learned from consumer interaction: is security a demand?

Moderator:

David Stewart, CEO, CriticalBlue

Eduardo Martinez Barrios, Open Banking & PSD2 Product Head, Santander UK
Sam Everington, Lead Engineer, Open Banking & Payment Services, Starling Bank
Jean-Louis Rocchisani, Enterprise Architect, Société Générale
Ronan Connaire, Product Manager, Digital Ecosystems/API Development, AIB

4:30PM

Chair’s Summary and Close of Summit

Dave Tonge, CTO, Moneyhub

Finance Edge News

Finance Edge’s Weekly News Roundup – Friday 23rd November

Finance Edge’s Weekly News Roundup – Friday 23rd NovemberRead More

Top 10 API Threats & How to Prevent Them

Top 10 API Threats & How to Prevent ThemRead More

Australia is fertile ground for Open Banking

Australia is fertile ground for Open BankingRead More

Experian whitepaper – Delivering value in the digital age

Experian whitepaper – Delivering value in the digital ageRead More

Survey Results: The Future of Banking [Infographic]

Survey Results: The Future of Banking [Infographic]Read More

Developing a Strategy for Open Banking with AMP Bank & Credabl

Developing a Strategy for Open Banking with AMP Bank & CredablRead More

“Good content, interesting speakers, good rythmn with panel, presentation and roundtable.”

Aurexia

Event Updates

Receive notifications of upcoming events and access to exclusive content.

Receive Updates
 

Finance Edge on Twitter

Check out this weekly news roundup - our edit of interesting news in the world of Open Banking and Pensions this week: hubs.ly/H0fQlBw0 #openbanking #pensionsdashboard #fintech

About 3 days ago from Finance Edge's Twitter via HubSpot

Share This