Posts Tagged ‘PSD2’

Speaker Interview: Mike Schwartz

Posted by

What is Free Open Source Software or “FOSS”, and why is it the best development methodology for Open Banking?

The “open source” marketing label is a bit like “organic” — you need to dig deeper to understand what it really means. Some “organic” products may contain up to 30% non-organic ingredients! Thriving FOSS ecosystems share some common characteristics though: at a minimum, an open source license is fundamental — everyone in the ecosystem must have the right to modify and redistribute the code. Versioned packages are important as well–operations teams can’t compile source code and need easy-to-use binaries. And finally, freely available documentation and an active community are essential for productivity.

When all cylinders are firing (code, packages, docs, and an active community), the FOSS development process results in a product which has the most features, the fewest bugs, the simplest user experience and the quickest updates. More eyes on the code, more contributors building features, and more trained engineers makes community the super-power for open source products.

Is open source safe for banks?

There is no intrinsic security advantage for proprietary commercial software — hackers don’t need to see source code to find flaws. There is, however, a clear security benefit derived when many organisations pool their penetration testing results and share findings. An open source community leads to more discussion on the impact of announced security vulnerabilities and faster bug fixes. Community collaboration is the secret power of open source software, and is a “super-safe” choice!

What types of use cases is open source software best suited to address?

Open source software works best for standards, security and infrastructure–areas where cooperation is more important than competition. Banks compete, but nobody wins if hackers get richer. Sharing know-how on software that implements security standards is a win-win for all legitimate players in an ecosystem.

What are the up-and-coming identity security standards that will impact Open Banking?

The Internet is a layered fabric of standards. Routing data packets, browsing web pages, sending email, using mobile applications — none of this can happen without Internet standards working together. Important new standards for authentication, single sign-on (SSO) and consent management are proliferating even as older identity security standards are just gaining adoption. Even experts in the industry find it difficult to keep track of it all!

Three standards organisations are developing identity standards that will have an important impact on Open Banking: the OpenID Foundation (OIDF), Kantara and the FIDO Alliance:

  • Authentication: The FIDO Alliance is defining standards for hardware, mobile, and biometric authentication credentials
  • Single Sign-On: OIDF is leading the Financial API (FAPI) working group, which is defining a profile of OpenID Connect that enables websites and mobile applications to securely use a bank’s authentication service.
  • Authorisation: Kantara’s UMA standard will enable consumers to delegate access and permissions to people and electronic agents, and will help banks define inter-operable security policies with account information service providers and payment initiation service providers.

Why will you be speaking at Finance Edge’s Open Banking Summit, and what do you hope to get out of the event?

We are looking to build the community of collaborators for the Gluu Server, an open source OAuth 2.0 and FIDO access management platform.

Speaker Interview: Timothy Vincent

Posted by

Timothy Vincent, Solutions Engineer Manager EMEA, DataStax

How will the increased use of open APIs shape the financial services market, and how will it impact different market players in both the short- and long-term?

The increased use of open API’s will impact banking institutions of all sizes, opening up financial services and payments markets to new competitors and service providers. Open API’s will provide new opportunities to make use of banks’ internal data and external market information in real-time and at scale as part of delivering customer services.

Which activities should banks be prioritising in the wake of open banking?

To meet the requirements around open banking, consolidation of data should be a priority. By looking at how to manage data at scale, banking IT teams can implement new cloud applications that can meet new customer experience expectations. Without the ability to consolidate data effectively, understand the relationships between the data elements, and achieve all this in real time, banks will find it difficult to implement new services that customers will value and face a potential loss of those customers to competitors.

What opportunities does Open Banking present, and which commercial strategies will thrive in the new environment?

Opening bank systems to third party access is a huge risk unless banks organise themselves to leverage data as a differentiator; this is the opportunity. This goes beyond looking at current data sets that are held in individual silos and instead involves thinking about how to use external and internal data sets together. The alternative is to let competitors take this approach. The strategy is to hold the data in an operational data layer to have a 360 view of your customers to better deliver a fully personalized experience in the context of where they are on their journey with the bank right now.

How can firms overcome the security and privacy concerns associated with data sharing?

This is a hot topic at the moment with the deadline of having a GDPR compliant strategy looming fast, especially when looking at hybrid cloud or multi cloud architectures. You need not only a data platform that comes with advanced security, encryption, access controls, audit trails, but also the ability to maintain data autonomy. For example, in a hybrid cloud architecture you need the ability to control which data resides on premise and which data resides in the cloud. DataStax has the ability the address this and other data autonomy requirements.

What are the best strategies to encourage customer engagement?

Having a customer-centric strategy where an organisation demonstrates that it has robust data privacy capabilities that are to the benefit of the consumer is a major USP that will drive customer engagement.

Why will you be speaking at Finance Edge’s Open Banking Summit, and what do you hope to get out of the event?

As a software vendor it is vital for us to be in regular contact with customers and potential prospects in order to better understand current market trends and emerging market requirements.

Speaker Interview: Steve Boms

Posted by

Steve Boms, President, Allon Advocacy and Advisor to Envestnet | Yodlee

How will the increased use of open APIs shape the financial services market, and how will it impact different market players in both the short- and long-term?

Open Banking, powered through Open APIs, puts the consumer, who is now fully empowered to use their own financial data to take advantage of whatever products or services they choose, at the center of the financial services ecosystem. In this new, innovation-driven environment, those market players that provide solutions to consumers where they most demand them will flourish, whether they are traditional banks or fintech firms. Incumbency will no longer be a significant competitive advantage.

Which activities should banks be prioritising in the wake of open banking?

The first order of business remains ensuring that the APIs that power Open Banking are up and running and reliable so that consumers can fully benefit from the new ecosystem.

What opportunities does Open Banking present, and which commercial strategies will thrive in the new environment?

The beauty of Open Banking is that we don’t yet know its full potential; we only know that the benefit to consumers will increase in the long run. Over time, it will enable account information and payment use cases driven by consumer demand that we couldn’t envisage today. Who would have imagined just 10 years ago that we would be able to conduct almost all of our personal banking using a mobile phone? While we can’t know what the technology landscape will look like 10 years from now, the Open Banking ecosystem provides the consumer the right to use their financial data in whatever manner they choose, and ensures that banking services will be provided wherever they will want to use them.

How can firms overcome the security and privacy concerns associated with data sharing?

Open Banking is a triumph of collaboration among all of the stakeholders – banks, policymakers, consumers, and fintech firms – to create an ecosystem that addresses the security and liability issues associated with data sharing in the banking sector. Beyond Open Banking – a framework under which these issues have been painstakingly addressed – it is only through this type of determined, exhaustive, private/public sector collaboration that these types of concerns can be adequately addressed.

What are the best strategies to encourage customer engagement?

Financial management is an emotionally charged topic. While traditional PFM tools offer consumers the convenience of getting a consolidated view of their finances, they don’t provide personal guidance and recommendations on next steps. This lack of guidance is a key contributor to lack of engagement. Next generation tools that use data analytics and domain expertise to provide contextual education and personalised recommendations have a much higher likelihood of engaging consumers and empowering them to improve their financial outlook.

Why will you be speaking at Finance Edge’s Open Banking Summit, and what do you hope to get out of the event?

As Open Banking became a reality in the UK earlier this year, all of us with a stake in its success must ensure continued dialogue. Finance Edge’s Open Banking Summit is one of the best opportunities for such critically important stakeholder engagement.


Open Banking Summit
25 April 2018 London

Steve Boms will be joining us for the Open Banking Summit. This high-level, interactive forum will bring together senior-level professionals from all corners of the open banking space.
Contact us to secure your place

E-musing … open banking – from regulation to implementation

Posted by
For open banking, 13 January 2018 was a big day. The end of the beginning, you might say – though for organisations that fail to adapt it could come to be seen as the beginning of the end.
At a European level, 13 January marked the coming into effect of the Second Payment Services Directive (PSD2). As part of this, banks and other payment services providers throughout the EU now have to make account data available to third parties if the customer wants them to.

In the UK, things have gone further. For the nine biggest retail banks (including one building society), the so-called CMA9, 13 January was not just the deadline for allowing access to account data but for doing this through an open API. While all but three of the CMA9 have been granted delays, the clock is ticking.
For banks, it’s a big step away from a world in which they effectively owned customer data. For fintechs and new challengers, it’s an exciting opportunity to develop new businesses offering account information and payment initiation services.

2018 and beyond

But all that is just the start. From a regulatory and technical point of view, the first half of the year sees plenty more changes.
For PSD2, detailed technical standards for security measures are currently under consultation. Official publication of the final version is expected during the first quarter, with the standards coming into effect eighteen months later – probably in September 2019. Both the UK and other EU countries will need to align their regulations to these standards.
For the UK’s CMA9, the six weeks from 13 January see a soft launch of open banking, with a limited rollout to allow for testing. At the end of this period, open APIs should be made generally available. Meanwhile, an extension of open banking to include credit cards and other forms of payment is already in the works.
Separately, 25 May 2018 sees new data protection laws come into effect under the EU General Data Protection Regulation (GDPR). GDPR brings its own data security requirements – and the threat of huge fines for organisations that fail to comply.
And all this before even looking at the wider business issues. What are the best opportunities for banks and fintechs to collaborate – and to compete? How will customers – who in the UK, at least, seem largely ignorant or sceptical about the promise of open banking – react? Will one or more of tech big five make a decisive move into the sector?
It looks like being a very interesting year in open banking.

Open Banking Summit
25 April 2018, London

Finance Edge’s 3rd Open Banking Summit is the year’s most crucial and focused flagship event, dedicated to providing business clarity and regulatory certainty around Open Banking, and to helping UK and European firms navigate the evolving open API landscape.
Please take a look at our agenda and secure your place today!
Contact us today to secure your place


Latest News

Finance Edge’s Weekly News Roundup - Friday 14th December

Finance Edge Weekly News Roundup-1Read More

Finance Edge’s Weekly News Roundup - Friday 7th December

Weekly NewsRoundup-1Read More

Nail convenience and customer engagement should take care of itself…

Copy of Weekly NewsRoundupRead More

Finance Edge’s Weekly News Roundup - Friday 23rd November

Weekly NewsRoundup-2Read More

Webinar: Future proofing GDPR compliance

Copy of Operationalising GDPR complianceAssure line-of-business alignment with GDPR complianceAssure legacy systems 2F data integration to comply with the requirementsAssure compliance is demonstrable to the regulatorRead More

Top 10 API Threats & How to Prevent Them

Copy of Copy of Weekly NewsRoundup (3)Read More

“I enjoyed the day. There were many knowledgeable people in the room, so it was very interesting dialogue all round.”


Event Updates

Receive notifications of upcoming events and access to exclusive content.

Receive Updates

Finance Edge on Twitter

SWIFT launches new Pay Later API standard version 1 @swiftcommunity #APIstandard #API

About 3 days ago from Finance Edge's Twitter via HubSpot