Open Banking Approach with SmartVista Technologies.

Peter Theunis

BPC Banking Technologies 2017 Mexico City bpcbt.com

What are Open API’s
Peter Theunis

BPC Banking Technologies 2017 Mexico City bpcbt.com

2
True or False ?

Open API’s are not a choice

but
a mandate for banks and payment organisations
that want to be relevant in the future

3
Business Case for API’s in the Payment industry
APIs help banks in:

• Enabling omnichannel service delivery with digital connectivity

• Improving product and service innovation through co-creation with external partners and
developers
• Reducing cost and increasing speed of app development by supporting rapid prototyping
and delivery
• Enabling the monetization of data and content by increasing the number of service
channels, including partners and third-party developers
• Enhancing risk mitigation – the upgraded information sharing between banks improve
decision-making and mitigation measures regarding fraud prevention, know your customer
(KYC), and anti-money laundering (AML)

4
API types based on adoption maturity and target customers
Payment API’s can be considered as follows

INTERNAL API PARTNER API OPEN API

(Agility) (Collaboration) (Innovation)

For Internal Clients For Partners For Consumers

Low Risk Medium Risk High Risk
Proprietary Standardised Open Standards

5
Major drivers for Open API’

Changes driven
by regulations

6
Major drivers for Open API’

Changes driven by partnership between innovative Fintechs

and legacy banks creating a win-win situation

7
Compliance cost or Revenue source?
If compliance is a cost?

Loss of
Loss of Fees Customer Risk to
from Card- ‘Ownership’ become a
Based and Insight, ‘utility’-type
Transactions customers bank
attrition

Result: Huge investments with negative returns

8
Compliance cost or Revenue source?
If compliance is a revenue source?

1. Create API Platform

2. Create business value

Examples: Payments, Loans, Mortgages, PFM, Charity, Scoring, Investments, Insurance, Travel

3. Find new revenue streams

4. Compliance as a native part of growing APIs platform

9
 Role of APIs in the mobility, digital, and cloud space

Mobility Digital Cloud

• Lightweight and mobile data friendly • Simple mechanisms for 3rdparties to • Pre-eminant interface for SaaS
provide access to banking business providers
• A data representation that alligns to data and functionality
mobile technology • Simplification of hybrid platform
• Preferred egagement mechanism for integration
• Support rapid change the 3rdparty development
community

10
API Architecture

• APIs should be stable, reliable,

and not confusing
• Availability and scalability of
APIs are very important
• APIs are building blocks
• Follow standards
• RESTful API design

11
 Security Considerations

Customer mobile app Customer desktop UI Customer tablet app

API Threats API Risk Metigation Options

• DoS attacks • Encrypt the message channel
• SQL injections • Detect malicious content
• Message tampering • Endpoint entitlement checks
• Identity and session threats API Layer • Standardize security
• Service information leakage implementation patterns
• Parameter attacks • Monitor, audit, log, and analyze
• Malicious code injection traffic
• Business logic attacks • Encrypted API key validation

Bank Applications Bank data 12

API Banking becomes reality

13
 APIs manageability
SmartVista Integration Platform as a core solution for Open Banking

14
SmartVista Integration Platform
Key Advantages & Features

• Provides wide range of integration and customization capabilities

• Flexible architecture which can be adapted for any processing solutions

• High performance and availability, horizontal scalability

• Business Process Engine - flexible routing, add new entry points on the fly

• Transaction Monitoring and analysis of Business Process execution

• SDK - ISO-8583\XML WS\REST API interfaces constructor

• Create, expose, consume WS\OpenAPI interfaces

15
Key Concepts
SmartVista Platform

Instant Payments Utility Providers,

3rd Party applications
Systems, SEPA, EPAS Retailers

SmartVista
New Fraud
Prevention
Tokenization BPM

CRM
Traditional Switches,
Core Banking mBanking
eCommerce and CMS
eBanking
High Level Architecture

17
BPM Based Routing

18
Great Integration Capabilities
SmartVista Integration Platform

ISO8583 => UMF message UMF message => ISO8583

ISO 8583
implementation 1
ISO 8583
implementation 2
Component provides the following adapters:
ISO20022 => UMF message
ISO 20022
UMF message => ISO20022
ISO 20022
• Socket-based (e.g. ISO8583, BIC ISO, etc. )
•
implementation 1 implementation 2
Message Queues (e.g. IBM MQ, Apache MQ)
Binary => UMF message UMF message => Binary
BInary
implementation 1
BInary
implementation 2 • SOAP web service/http (ISO20022, XML over WS or
WS => UMF message
Web service
Message UMF message => WS
Web service
HTTP POST, etc.)
implementation 1
Formatters implementation 2
Module • REST API (e.g. OpenAPI spec. based)
HTTP => UMF message UMF message => HTTP
HTTP HTTP
implementation 1 implementation 2

MQ => UMF message UMF message => MQ

Message Queue Message Queue
implementation 1 implementation 2

Batch => UMF message UMF message => Batch

Batch Batch
implementation 1 implementation 2

19
PSD2 Ready Solution Architecture

20
Thank you

BPC Banking Technologies 2017 Mexico City bpcbt.com