API Security For Open Banking Summit

API Security Summit - 21st November, 2018

8:30AM

Registration

9:00AM

Chair’s Welcome

9:10AM

API standards: without them, are we floundering or innovating?Panel discussion followed by group discussion

How it works:
The session will kick-off with a discussion between the panellists, each giving their
perspective on the topic. After 30-minutes there will be 5-minutes for Q&A, after which the panellists will join the audience on their roundtables and continue the debate.

  • Brainstorming what a universal API structure may look like and the accompanying standards and regulations
  • How can banks prepare for the upcoming regulatory changes?
  • Is finding a universal standard an old way of thinking? What’s the alternative?
  • Sustainability for TPPs when using unique APIs to communicate with each bank
  • Scalability of APIs with varied cross-country infrastructure
  • What the final RTS secure encryption standards should look like

Sam Everington, Lead Engineer, Open Banking & Payment Services, Starling Bank
Jean-Louis Rocchisani, Enterprise Architect, Société Générale
Dave Tonge, CTO, Moneyhub
Chris Michael, Head of Technology, Open Banking

10:10AM

OAuth and OpenID Connect for PSD2, Open Banking and Third-Party AccessSolution Spotlight

Third-party systems needing access to APIs is a challenge for many organisations, not only in financial services. In this talk, Travis will discuss how this can be done for Open Banking, PSD2 and also for other sectors where trust of third-parties is of great importance.

Travis Spencer, CEO, Curity

10:30AM

Implementing OAuthPresentation

  • The basics of implementing OAuth into an API
  • Preparing your API infrastructure and OAuth processes for the next step in PSD2
  • Using intrusion detection and heuristics engines with OAuth to allow your API to make better access decisions

Meghdeep Basu, API, Architecture, Integration, PSD2, Open Banking , Metro Bank (UK)

10:50AM

Networking Break

11:20AM

ProofIDSolution Spotlight

Paul Heaney, CISO, ProofID

11:30AM

FAPI - Vanilla OAuth isn't enoughPresentation

  • OAuth 2.0 – is it a solid foundation or an outdated and failed standard?
  • What is FAPI and what attacks does it prevent?
  • Demonstration of attacks against many OAuth 2 APIs and how they can be prevented
  • Decoupled flows – how to support a new interaction flow without opening security holes
  • Standardisation – the unsung hero of security and an aid to innovation

Dave Tonge, CTO, Moneyhub

11:50AM

Cybersecurity concerns, digital identity and data integrity World Cafe

How it works: Using a polling app, we will crowdsource the greatest challenges the audience want to discuss on the topics of cybersecurity, digital identity and data integrity. Delegates will brainstorm in groups of 6-8 people and can either choose from the following topics (A-F) or submit another point for discussion.
The delegates will then collectively upvote the top three topics and discuss each topic in their small group, allowing 15-minutes per topics:

A.  Does a secure API capable of scaling for use actually exist today?
B.  Working together with the TPP for end-to-end security and facilitating a mutually beneficial relationship
C.  Digital identity is the heart of the discussion: who’s authentication do you trust and how do you verify a consumer is the one making a transaction?
D.  Practical security measures that can be implemented now
E.  The impact of a data breach on the open banking initiative
F.  Data integrity: who should have access to account information? For how long? What are the risks and countermeasures for errors? Does it comply with GDPR?

12:50PM

Networking Lunch

2:00PM

Real world use casesPanel followed by live Q&A polling

  • Practical examples of the adoption and implementation of microservices and APIs
  • Cross-industry APIs: what have other companies done to secure their APIs? What lessons can be learned for banking?

Marco Tedone, Global Head of API, Integration & Microservices, HSBC
Alex Michael, Co-founder & CTO, Plum
Deepanshu Chauhan, Product Owner (DevOps and API Platform), Nationwide Building Society

2:40PM

The business perspective: standardisation, security and customer usePanel followed by live Q&A polling

  • What’s being developed and how are APIs being sold and used by the customers?
  • Customer adoption: use analysis within FinTechs, and the lack of consumer and internal education
  • Providing a positive customer experience that successfully secures data
  • Lessons learned from consumer interaction: is security a demand?

Eduardo Martinez Barrios, Open Banking & PSD2 Product Head, Santander UK
Sam Everington, Lead Engineer, Open Banking & Payment Services, Starling Bank
Jean-Louis Rocchisani, Enterprise Architect, Société Générale
Ronan Connaire, Product Manager, Digital Ecosystems/API Development, AIB

3:30PM

Seizing the value of APIsPresentation

  • API monetisation and business models
  • How the API ecosystem is evolving
  • Cooperating with third parties and creating meaningful partnership propositions

Stepan Kouba, API & Third Party Leader, Česká Spořitelna

3:50PM

Chair’s Summary and Close of Summit

Finance Edge News

Top 10 API Threats & How to Prevent Them

Top 10 API Threats & How to Prevent ThemRead More

Australia is fertile ground for Open Banking

Australia is fertile ground for Open BankingRead More

Experian whitepaper – Delivering value in the digital age

Experian whitepaper – Delivering value in the digital ageRead More

Survey Results: The Future of Banking [Infographic]

Survey Results: The Future of Banking [Infographic]Read More

Developing a Strategy for Open Banking with AMP Bank & Credabl

Developing a Strategy for Open Banking with AMP Bank & CredablRead More

Opportunities & Threats of Open Banking with Seshika Fernando, Head of Financial Solutions, WS02

Opportunities & Threats of Open Banking with Seshika Fernando, Head of Financial Solutions, WS02Read More

“The roundtables produced some enlightening real-life tips and keys to success. Through discussion we identified a number of great principles to support change, and everyone took something of value from the session.”

AXA Wealth

Event Updates

Receive notifications of upcoming events and access to exclusive content.

Receive Updates
 

Finance Edge on Twitter

Incumbent financial services institutions must embrace agile to capture open banking opportunities bobsguide.com/guide/news/201… #OpenBanking

Yesterday from Finance Edge's Twitter via Twitter Web Client

Share This