Red Hat Explains Why APIs Are Not Enough

Red Hat, a multinational software company, will be conducting a webinar called “Why APIs Are Not Enough,” on Bank Innovation’s website next month.

The webinar will be delivered by Eric Marts, financial services product manager at Red Hat, and Edson Yanaga, Red Hat’s director of developer experience.

Prior to joining Red Hat, Marts shaped solutions within Retail Banking and Wealth Management HSBC and has more than 20 years of professional experience across a range of technical leadership roles and industries, including Oracle and Accenture Interactive.

Yanaga is a Java Champion, a type of honors society for Java developers. He is also a published author and a frequent speaker at international conferences, discussing Java, Microservices, Cloud Computing, DevOps, and Software Craftsmanship.

Bank Innovation spoke with Marts and Yanaga on the topic of APIs being a facilitator of bank-fintech partnerships as well as the security implications brought on by the advent of APIs in the banking world.

How Can APIs Facilitate Bank-Fintech Partnerships? 

Marts: “Innovation is happening so fast that one supplier cannot meet the needs of every new innovation for every need. Let’s take a new mobile app as an example — if you want to build it from the ground up, the time it takes to build it, take it to market, deploy it, see a return at the right time, at the right place with the right people is challenging. Banks need to do this fast and are realizing that they need to have a better model of building digital capabilities that are portable, able to plug into fintech offerings, and to use that model they need to have APIs behind it.”

Indeed, there has been a change in the sector. Yanaga explains how banks have gone from viewing fintechs as competitors and more as collaborators. Of course, there are different ways banks choose to partner or rather work with fintechs vis-a-vis APIs.

Yanaga: “In Brazil, for instance, the market is concentrated. The banks there are creating their own startups.”

But this is not limited to the Brazilian market, as banks globally are following a similar strategy:

Marts: “RBC is probably the most extreme example, where they are actually acquiring startups and using them as an extension of their holding group. Another example is HSBC, which created a new mobile app through a third party. It was completely outsourced and built by a small fintech called Bud. HSBC invested in them and are using Bud as an extension of the bank, effectively.”

Essentially, in many cases, the fintech-partnership is behind the scenes, and the consumer may have no idea the partnership exists.

Marts: “The implication, especially for retail banks, is a new model of partnerships where banks are using the direct distribution channel so the fintech’s brand is not seen on the consumer side. It’s a disruptive factor in how banks and fintechs are thinking about customers and services.”

What are the Security Concerns Tied to APIs? 

Marts: “Anytime, we are exposing data through digital channels, whether APIs or mobile apps, it opens you up to additional risk. With APIs, there are two mitigants.”

Those two mitigants, according to Marts, are regulation and better authentication through more advanced authentication, like biometrics.

Marts: “One example is in technological specifications coming out of Europe around multi-factor authentication for high-risk transactions, so that mechanism for doing multi-factor authentications should help mitigate some of the risks. Regulators need to be involved because the banks want insurance in their level of due diligence and regulated control to reduce risk from a regulatory perspective.”

Yanaga: “I wish you could say the solution with security is easy and can be solved with some encryptions but the problem we are talking about is data-enabled services. Banks need to provide customer data to third-party services. For example, traditional services would catch any red flags through their existing security systems, but when we’re talking about third parties, they will need the same level of security, which ‘I — as a bank — don’t control,’ that is where well-managed and controlled APIs come in, even those provided by third parties as part of the process.”

But both Marts and Yanaga believe the solutions to these challenges are ultimately part of API management – helping the financial industry not just with handling customer data, but in more nuanced use-cases like providing competitive exchange rates, market data, credit scoring, and lending.

To learn more on the topic, join Bank Innovation and Red Hat’s Eric Marts and Edson Yanaga to dive deeper into the topic of APIs on Thursday, November 15, 2018.

Click here to register.