API Security For Open Banking Summit


API Security Summit - 21st November, 2018

8:30AM

Registration

9:00AM

Chair’s Welcome

Dave Tonge, CTO, Moneyhub

9:10AM

API standards: without them, are we floundering or innovating?Panel Discussion

  • Brainstorming what a universal API structure may look like and the accompanying standards and regulations
  • How can banks prepare for the upcoming regulatory changes?
  • Is finding a universal standard an old way of thinking? What’s the alternative?
  • Sustainability for TPPs when using unique APIs to communicate with each bank
  • Scalability of APIs with varied cross-country infrastructure
  • What the final RTS secure encryption standards should look like

Moderator:
Jacques Declas, CEO, 42 Crunch

Sam Everington, Lead Engineer, Open Banking & Payment Services, Starling Bank
Jean-Louis Rocchisani, Enterprise Architect, Société Générale
Dave Tonge, CTO, Moneyhub
Chris Michael, Head of Technology, Open Banking

10:10AM

OAuth and OpenID Connect for PSD2, Open Banking and Third-Party AccessSolution Spotlight

Third-party systems needing access to APIs is a challenge for many organisations, not only in financial services. In this talk, Travis will discuss how this can be done for Open Banking, PSD2 and also for other sectors where trust of third-parties is of great importance.

Travis Spencer, CEO, Curity

10:30AM

Implementing OAuthPresentation

  • The basics of implementing OAuth into an API
  • Preparing your API infrastructure and OAuth processes for the next step in PSD2
  • Using intrusion detection and heuristics engines with OAuth to allow your API to make better access decisions


10:50AM

Networking Break

11:20AM

ProofID Managed IAM Platform for Open BankingSolution Spotlight

Deploying a PSD2 and OpenBanking compliant platform involves many components. Therefore within this session we will look at how the ProofID managed IAM platform can be utilised by both TPP’s and ASPSP’s allowing them to handle all their identity and security requirements, in turn giving them the ability to focus on running the leading services that will set your business apart.

Paul Heaney, CISO, ProofID

11:30AM

FAPI - Vanilla OAuth isn't enoughPresentation

  • OAuth 2.0 – is it a solid foundation or an outdated and failed standard?
  • What is FAPI and what attacks does it prevent?
  • Demonstration of attacks against many OAuth 2 APIs and how they can be prevented
  • Decoupled flows – how to support a new interaction flow without opening security holes
  • Standardisation – the unsung hero of security and an aid to innovation

Dave Tonge, CTO, Moneyhub

11:50AM

Do Open APIs Also Open Up The Attack Surface?Solution Spotlight

  • How Open APIs change the attack landscape
  • Why user authentication is necessary but not enough
  • How mobile app authentication can help

David Stewart, CEO, CriticalBlue

12:00PM

Cybersecurity concerns, digital identity and data integrity Roundtable

  • Does a secure API capable of scaling for use actually exist today?
  • Working together with the TPP for end-to-end security and facilitating a mutually beneficial relationship
  • Digital identity is the heart of the discussion: who’s authentication do you trust and how do you verify a consumer is the one making a transaction?
  • Practical security measures that can be implemented now
  • The impact of a data breach on the open banking initiative
  • Data integrity: who should have access to account information? For how long? What are the risks and countermeasures for errors? Does it comply with GDPR?

1:00PM

Networking Lunch

2:00PM

Real world use casesPANEL DISCUSSION

  • Practical examples of the adoption and implementation of microservices and APIs
  • Cross-industry APIs: what have other companies done to secure their APIs? What lessons can be learned for banking?

Moderator:
Dave Tonge, CTO, Moneyhub

Marco Tedone, Global Head of API, Integration & Microservices, HSBC
Alex Michael, Co-founder & CTO, Plum
Deepanshu Chauhan, Product Owner (DevOps and API Platform), Nationwide Building Society

2:40PM

Protecting Banking APIs Against Attacks

  • No, SSL and OAuth are not enough for full API security- there is a full spectrum of things to care about!
  • OAuth yes, but it must be used properly
  • Developers must be security-aware, but they can’t be responsible of API security
  • We need collaboration across Dev, Sec and Ops teams for better API security

Isabelle Mauny, CTO, 42 Crunch

3:00PM

Networking Break

3:30PM

Seizing the value of APIsPresentation

  • API monetisation and business models
  • How the API ecosystem is evolving
  • Cooperating with third parties and creating meaningful partnership propositions

Stepan Kouba, API & Third Party Leader, Česká Spořitelna

3:50PM

The business perspective: standardisation, security and customer usePANEL DISCUSSION

  • What’s being developed and how are APIs being sold and used by the customers?
  • Customer adoption: use analysis within FinTechs, and the lack of consumer and internal education
  • Providing a positive customer experience that successfully secures data
  • Lessons learned from consumer interaction: is security a demand?

Moderator:

David Stewart, CEO, CriticalBlue

Eduardo Martinez Barrios, Open Banking & PSD2 Product Head, Santander UK
Sam Everington, Lead Engineer, Open Banking & Payment Services, Starling Bank
Jean-Louis Rocchisani, Enterprise Architect, Société Générale
Ronan Connaire, Product Manager, Digital Ecosystems/API Development, AIB

4:30PM

Chair’s Summary and Close of Summit

Dave Tonge, CTO, Moneyhub

Latest News

Top 10 API Threats & How to Prevent Them

Copy of Copy of Weekly NewsRoundup (3)Read More

Speaker Interview: Roger Vincent

Copy of Weekly NewsRoundup (1)Read More

Speaker Interview: Victor Trokoudes

Read More

Speaker Interview: Timothy Vincent

Read More

“A really good place to connect the industry, regulators and start-ups.”

Citibank

Event Updates

Receive notifications of upcoming events and access to exclusive content.

Receive Updates
 

Finance Edge on Twitter

Communication shifts to bridge the financial inclusion gap: commitment, clarity, collaboration - @Marija_ZS of @NCRCorporation hubs.ly/H0j0GSs0 #FinancialInclusion

About 11 hours ago from Finance Edge's Twitter via HubSpot