Written by David Wilford
Posted on 15/12/2014

API systems in banking: security threat or service enhancer?

68 reads

The desired outcome of using API systems to make it easier to switch bank accounts is undoubtedly a “good thing”. But only if all concerns regarding data security are first fully addressed and satisfied…

API security concerns

Every now and again, events coincide to underpin ones assumptions in a pleasingly pertinent way. The assumption in this case is that government – or the public sector in general – lags behind the world of commerce in several areas, but most particularly in its use of technology.

And here’s the coincidence.

Just over a couple of weeks ago, in his autumn statement, Chancellor George Osborne announced that in the ongoing drive to make it easier for customers to move their accounts, banks will need to use API systems.

Insecure technology

Then, just a week later, Google announced that it is to “retire” its Earth API on 12 December 2015 after seven years’ service, due to the shared concerns of Chrome and Firefox that it is built on insecure technology.

Now, this is not necessarily to suggest that all API systems – links between applications or pieces of software – are insecure. But if even the mighty Google, one of the world’s brightest, shiniest and most sophisticated businesses, is continuing for the next year to use one that is even remotely questionable for its security, then it suggests that extreme care will be needed.

Following Osborne’s announcement, Tony Anderson of law firm Pinsent Masons pointed out that it reflected “another lesser known role that the established banks perform in society as the holders of substantive amounts of personal data…they are becoming recognised as banks of information in addition to deposits.”

Effective credit check

Now, there is no doubt that the better use of data, particularly by banks, is a primary route to better service. This is especially true when related to the “know your customer” (KYC) scheme that is under development by the Society for Worldwide Interbank Financial Telecommunication (SWIFT). Deeper, more granular customer understanding will deliver all sorts of benefits, from better financial products and services to more effective anti-money laundering (AML) regulations and faster, more effective credit checking.

This last point is central to any argument here. Accurate credit references that provide a realistic picture of an individual’s or organisation’s risk profile are an enormously powerful means of ensuring that business decisions are based on the right information. In that way, they help to make the assets of any organisation extending credit (in the shape of goods, services or money) greatly more secure. So, as long as it is used appropriately and securely by the right organisations, then the sharing of customer data is a valuable and wholly positive phenomenon.

For more information of Graydon's API and other related information, visit our API wikipage

Undermining trust?

However, the moment that such data is exposed to the risk of mis-appropriation and usage for nefarious purposes, then it becomes a major threat. A threat not just to the individuals or organisations directly involved, but also to the wider community of internet users and hence to people’s trust in the systems on which they increasingly rely.

So, when George Osborne calls for banks to use API systems more widely, we have all to be reassured that security is at the top of the agenda for all concerned. Indeed, the Government is set to launch a so-called “call for evidence” that will seek to establish best-practice parameters for the use of standardised API systems in the banking industry.

When this happens, it’s an initiative that we all must take very seriously. Any organisation that can help ensure the adoption of the most effective and appropriate best-practice framework is virtually duty-bound to do so. After all, it is an issue with the potential to have a major impact on all our futures.

Do you want to know more about safe and transparent ways of conducting business? Go directly to our download center and download our latest eBooks and Whitepapers for free!

Go to download center