Connect with us

Top 10

TIME TO TAKE A SECURITY-FIRST APPROACH TO APIS IN INSURTECH

By Olaf van Gorp, Perforce Software

 

Insurance is one of the latest sectors to start to benefit from advancements in digitalization. A big part of insurance’s digital transformation is the increasing use of APIs, bits of software that connect different services and apps — whether internally or externally — to connect in a friction-free way. Part of the whole open finance movement, APIs remove the need for complex and costly integrations between disparate systems and networks.
Insurers and associated third parties benefit from being able to share data more easily, processes happen faster, workload and unnecessary costs are reduced, and customers get faster response. It’s an all-round win.
However, while one of the reasons for using APIs is that they provide a controlled route to share confidential and sensitive data, APIs can also potentially introduce risk. If an API contains a vulnerability, then that can lead to problems, including cyberattacks and data breaches. Furthermore, once an API is published, there is usually little or no time to remedy the situation.
To understand how easily these weaknesses can be introduced, let’s look at how APIs are created. First, development has always been the point at which vulnerabilities are inadvertently introduced, potentially leading to issues further down the line, including performance and security problems. Second, development teams have traditionally worked siloed from the rest of the business (even from their colleagues in the IT operations team), with little visibility into their work. Plus, traditionally, security has not been their focus: that was something for the QA or test manager to worry about later.

Olaf van Gorp

That culture is changing, particularly with the DevOps movement, whereby the barriers between development and operations teams is broken down, and they work in a more collaborative way. However, with the understandable emphasis on getting an API published as soon as possible, security often still takes a backseat.
Finally, APIs are being created by a much wider group of people (including external agencies), not just software developers. That is good and bad: it makes it easier to keep up with the demand for APIs, but the new breed of API creators may not be trained software engineers, and arguably even more likely to introduce vulnerabilities.
So, what is the solution to this dilemma? APIs are an integral part of the entire financial sector’s future, but they have to be secure. Fortunately, there are some ways in which their security can be improved.

Four ways to improve API security

ONE – create a security-first mindset – get everyone on board on putting security in the spotlight, rather than an afterthought. Bake security into development processes and throughout the API’s entire lifecycle. Make sure everyone understands their roles around risk mitigation, including external contributors. Consider investing in security training for anyone responsible for API development.

TWO – go the extra mile – some compliance and standards already address API security. For instance, in Europe, the banking sector’s PSD2 requires security measures at the API level. In insurance, the NAIC Registry in the USA is putting more emphasis on API security and overall management, with automated filing of standard reporting documentation from insurance providers to meet state-level compliance. We are likely to see more API security requirements worldwide and within all aspects of finance, including insurance. However, open finance standards have a specific scope, and there are other security measures that can be adopted to further reduce risk. A good source is the OWASP API Security Top 10, which covers the most common API vulnerabilities and ways to prevent them.

THREE – put the brakes in place – comprehensive security processes need to cover all deployment and approval processes, people and teams. They should cover: authentication, authorisation, malicious pattern detection, message content security, and rate limiting. An API should also not be published without time-stamped approval from an authorised person, and this is typically a combined manual and automated process, involving the software development’s Continuous Delivery/Continuous Integration pipeline. Finally, make sure that there is a clear audit trail, so that if a problem occurs in the future, it can be traced back to root cause.

FOUR – reduce human intervention – automate security policies as much as possible, because this will not only reduce the risk of manual error, it will also help prevent security becoming a bottleneck. Introducing an API gateway will help achieve this, as well as making it harder for people to switch off security policies at will. Make sure that the chosen API gateway can operate with external contributors, as well as support all the main types of API, and deal with high volume. People still make the final decisions, but automation is the workhorse.

Take away security from developers
This may sound counter-intuitive to what is happening in other parts of software development (especially the Shift Left movement whereby software developers are taken on more responsibility for testing), but take away security from developers. Instead, leave API product managers, security specialists and other people to keep watch on API security. Use software tools to continually inspect code so that any issues are found early. Again, this can be a largely automated process, with humans then taking action depending on the results.
APIs are transforming financial services of all kinds, opening up faster and more efficient ways to communicate. By making security a priority across an API’s lifecycle, this will make it easier to reap the rewards of APIs, to reduce costs, speed up processes, and keep customers satisfied.

 

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Top 10

PREMIUM RATES REQUIRE PREMIUM SERVICES

By Kash Amini, CEO and Founder of MasLife

 

A few years ago, the UK world of finance was disrupted by the likes of Monzo, Revolut, Starling and other neobanks. They have managed to play the roles of the ‘good guys’ and built an impressive customer base – ending 2019 with almost 20 million customers globally according to Accenture’s Digital Banking Tracker. Now, it seems the unicorn fairytale is about to end with ongoing challenges to grow profit. It’s not all rainbows and corals, fintechs need to offer more if they want their customers to pay premium rates.

For quite a while, the narrative used to be all about trust. Good old HSBC or Lloyds Bank might not have the quickest customer service or interactive mobile app features, but they had customers’ trust. It was a question of changing the UK customer mindset to venture out and see what neobanks had to offer. With a decent few millions of customers in the UK, we parked this conversation and started with ‘How can traditional banks compete with fintechs?’. New era. More technology, more flexibility, better customer service.

New chapter – 2020 has led the fintech conversation strongly with profit challenges. People are still more inclined to pay premium rates to the industry veterans rather than to flying unicorns. You probably know all of this, now, scrap that. Forget all you knew about the last few years and months in the consumer finance space. This is 2021 we need to talk about and customers now want more than ever.

 

This year has changed us all.

In the UK, three out of four people reported a change in their wellbeing, according to Deloitte’s The Impact of Lockdown on Wellbeing and the Economics of Happiness from July this year.

Google analysis shows that people are looking for ethical brands, now more than ever.

According to McKinsey, each month, more consumers expect the impact of COVID-19 on the economy will last a year or longer.

We could carry on listing stats and customer research but what do they mean for the fintechs struggling with profitability? These changes mean that you need to think about the impact your brand has on customers’ wellbeing. Yes, even a financial institution should do this. Consider your brand purpose, how have you helped the world to go through the pandemic? The future is blurred and unpredictable and people will think at least twice about where they pay their premium rates.

The fintech vs traditional banks war started with trust. Now, let’s admit it, the oldies have an upper hand of a long history in times of financial uncertainty. To fight on their level, you have to offer more than just seamless technology, apps with emojis and solid customer service. This is what your customers already expect, they don’t want to pay premium rates for what they consider standard.

Based on the behavioural changes the pandemic storm has brought, here are three key attributes the unicorn breed of fintech firms are missing, which could spell the difference between an onwards-and-upwards trajectory rather than a crash-and-burn scenario.

 

Do some good

We are not talking about an all singing and dancing corporate social responsibility campaign with a big PR stunt about it. Consumers don’t buy that anymore. It’s about the real impact of your services.

The finance sector and most fintech apps do not have the consumer’s interest in mind. They are intentionally letting users go into debt in order to generate revenue. This isn’t the way to humanise the finance sector, and it is definitely not a mindful approach to customers’ wellbeing and future finances. Customers are looking for ethical applications, so fintechs who can show and prove they care about not just the customer, but about scenarios chiming with customer feelings – like improving the climate or wellbeing will likely be chosen.

Helping people realise how to reach their potential is missing big time. Fintechs need to give users a 360 degree approach to their life and realise the need for a holistic approach to customer finance.

 

Be human

Years ago, this would have sounded strange in the context of financial services. For  a long time, it’s been one of the most sterile industries. But fintechs are missing a trick here.

When you’re looking at finance holistically, it’s important to realise that a healthy relationship with money is part of one’s wellbeing and affects all the other aspects of your customer’s life – personal, business and health.

Gamification can offer the answer to humanising financial services. It moves the process of dealing with money away from it being ‘just a finance app’ and adds more support to creating a healthier approach to personal finance.

Dr. Bradley Klontz, respected financial psychology expert, has conducted several studies on customers’ relationships with their finances. People with money avoidance issues will avoid looking at account balances, bank statements, will not adhere to budgets and run away from their financial problems. Gamification and calming features can help people overcome the worry of opening their money account and make them feel more connected.

 

Look premium

Most people wouldn’t pay a premium price for a basic t-shirt, so why would they when it comes to a banking app? If you want to charge premium rates, you need to offer premium looks as well and emoji icons and neon colours are not going to make the cut. Think about the design of your app and payment card, do they really look premium? Do they attract premium customers?

Design is the base for good looks but it should go in hand with the points raised earlier – gamification and overall wellbeing. Consider images that decrease the anxiety associated with financial matters, together with a calming user interface design. Incorporating nature and meditation features to give a much more holistic feel will also promote a better relationship with one’s finances. Health and wellness themes will make it more pleasant for people to deal with finances.

We have seen new trends emerging in the last few months with some consumer brands having approached new ways of engaging with their customers. But the big unicorn fintech world still awaits a strong player which can take a lesson from this year’s changes, offer additional value and cater to the current and future premium customers.

 

Continue Reading

Business

SOCIAL MEDIA AND THE FINANCIAL INDUSTRY: TOP 5 REASONS TO DEVELOP A LONG-TERM STRATEGY

Social media is not just for people to share stories and opinions anymore, and it has not been just that for a long time. Nearly every platform is a place for businesses, including financial institutions, to build a following, share important information with active or potential clients or customers, and reach out to people in a variety of ways, whether through text, images, or videos. And while we doubt a solely meme-based strategy will work for your business, a social media presence is vital, and you should consider how your company can use it to its fullest.

To do so, you will need a long-term strategy. While developing one might not be easy in a constantly changing online landscape, here are some of the top reasons to start developing your long-term strategy as soon as possible:

 

1) You Can Be Ready for Major Opportunities

The world is constantly changing, especially in these current times, and while there are many things that can happen, there are some key situations you know your business is prepared for. Whether it is a downturn in the economy or circumstances that would lead to a ramping up of investments across the board, you want people to be able to know where to go and who to talk to. With a social media plan, you can respond to these opportunities quickly and effectively, ideally with less confirmation and more action.

And waiting for the right time to start is the only wrong choice that matters now. Your business will need time to build an infrastructure, a social media methodology, and a following. By the time that is done, any new opportunities will have passed, or will certainly not have been seized on to their fullest potential.

 

2) You Can Build Trust in Your Institution

While you likely do not want your clients constantly worrying about their accounts (that is what your institution is there for, to alleviate such concerns), you also should not be completely absent from their minds or exist only as a distant and replaceable entity that provides a very basic service. You want what makes your organization great to shine through, and with a social media plan, that is more likely.

By staying in the public eye through providing important and useful information to them free of charge on social media, among other initiatives, you can improve your company’s brand in a significant way, and likely retain clients and gain new ones in the process (whether by word of mouth or improved natural traffic) through positive reputation and a sense of trust in your people. It is an investment that might take time to pay off, but it will pay off.

 

3) You Can More Easily Promote Your Online Systems and Resources

If you can provide direct links to your pages, sites, and tools, it is much better and quicker than giving someone a pamphlet that they might never read. Social media allows for just that, without the commitment of an email newsletter or similar techniques.

And while you certainly have people already using your institution’s online tools (and it would be hard to imagine your company does not have them in 2020 to at least some degree) you can use social media pages to better direct them, increase usage as opposed to more inefficient methods, and provide information as to their best uses. You want the investments made in technology and design to pay off. Use a social media plan to make that happen.

 

4) You Can Build a Team and Mission

As you are certainly aware from all other parts of your business, a good team and good processes make all the difference, and with a long-term plan, you can create the foundations for those personnel to thrive and give them clear instructions on how you want the company to be seen by active and prospective clients. Once people know what they are working with, they can work better.

A planned team will be able to be more organized and be able to use data of several types more efficiently than a simple unplanned posting schedule. You will be able to track what is working and what does not all the better for the changes.

 

5) You Can Be Proactive Instead of Reactive

Rounding back to the first point, if you have a long-term social media strategy for your financial institution, then you can plan for the future, even if that future is uncertain. You can have a plan that allows your social media and marketing teams to work more easily in conjunction and to target the likely people to use your organization’s services in the near future. As opposed to responding to events, you will be at times anticipating them.

Consider the top websites of recent years. While you probably aren’t operating on the same scale, does a single one of these websites not have a significant social media presence on at least a few platforms, if they are not one of the most trafficked websites in the world? Your financial institution needs to go to where the people are, and ideally be there before people start looking for answers. A long-term social media plan allows for just that.

 

Conclusion

You do not need to start investing all of your marketing budget into social media or create a team that’s as large as some of the top companies in the world. You just need to get started and get your priorities clear when it comes to social media. Even devoting just a few resources towards creating a consistent, long-term strategy can make the difference between stagnation and success over the next decade, and given that every competitor is either already working with a plan or soon will, its best to start working as soon as you can.

 

Continue Reading

Magazine

Trending

Top 109 hours ago

PREMIUM RATES REQUIRE PREMIUM SERVICES

By Kash Amini, CEO and Founder of MasLife   A few years ago, the UK world of finance was disrupted...

Business10 hours ago

THE REASON WHY YOU NEED A LAWYER FOR YOUR BUSINESS

– Peter Before we get into deeper into the law of business, let’s find out who the lawyer is or...

Business11 hours ago

SOCIAL MEDIA AND THE FINANCIAL INDUSTRY: TOP 5 REASONS TO DEVELOP A LONG-TERM STRATEGY

Social media is not just for people to share stories and opinions anymore, and it has not been just that...

News12 hours ago

2020: THE YEAR THAT CHANGED US ALL

There isn’t an industry that hasn’t felt the impact of 2020. Every sector has had to adapt to deal with...

News12 hours ago

TECHNOLOGY: THE SAVING GRACE OF THE MONTH-END HEADACHE IN FINANCIAL REPORTING

The end of the month is a challenging time for many accountants and financial analysts as they race to close...

Banking12 hours ago

WHAT STRATEGIES CAN BANKS USE TO COMPETE WITH NEW DIGITAL PLAYERS?

Banks are experiencing a gradual loss of their monopoly, due to the arrival of new players born from digital transformation....

News12 hours ago

VIVA WALLET BRINGS GOOGLE PAY TO ITS CUSTOMERS IN 11 COUNTRIES

Today, Viva Wallet, the European digital-first payments provider, is announcing its customers can now enjoy the benefits of Google Pay, the most popular mobile payment...

News12 hours ago

SINNAD ENABLES FINANCIAL INSTITUTIONS IN BAHRAIN TO OFFER SECURE AND TOKENISED MOBILE PAYMENTS

SINNAD, a leading GCC third-party payment service provider based in Bahrain, has teamed up with trusted partner Compass Plus to enable its...

TAX HAVENS TAX HAVENS
Finance12 hours ago

HOW TO ENSURE YOUR CHILD’S ASSETS ARE PROTECTED

Making money is one thing, but protecting it is another – this is particularly true if you want to pass...

Business13 hours ago

HOW DOES COLLABORATION TECHNOLOGY BENEFIT HR AND RECRUITERS?

People management plays a large role in human resources today. Both customer and employee expectations are higher than they have...

Finance14 hours ago

THE IMPORTANCE OF THOUGHT LEADERSHIP CONTENT IN THE FINANCIAL SERVICES SECTOR

The collapse of Lehman Brothers in 2008 marked a turning point in the financial services industry. Not only did the...

News14 hours ago

BIAN SPEARHEADS THE NEW FRONTIER OF BANKING WITH UPDATES TO ITS SERVICE LANDSCAPE

Not for profit organization announces its 9th update to innovation model   Today, BIAN, the independent not-for-profit association, announces Service...

News14 hours ago

ORACLE BRINGS BIG BANK ANTI-MONEY LAUNDERING PROTECTION TO SMALLER INSTITUTIONS

New cloud application suite helps mid-sized banks stay safe, compliant, and ready for growth   Oracle today announced new cloud...

Technology14 hours ago

HOW TO ACHIEVE THE BEST POSSIBLE CUSTOMER EXPERIENCE THROUGH ARTIFICIAL INTELLIGENCE

By Craig Charlton, CEO of SugarCRM   Before high definition televisions were introduced, home entertainment was limited to a grainy...

News14 hours ago

MEEZAN BANK INKS DEAL WITH BPC BANKING TECHNOLOGIES TO ACCOMMODATE PAKISTAN’S DIGITAL PAYMENTS BOOM

Pakistan’s largest Islamic bank kicks off its digital transformation programme with the upgrade of its legacy payment platform   Partnership...

News3 days ago

ESSENTIAL SCREEN BREAK COMPLIANCE AT AN ALL-TIME LOW AMONG REMOTE WORKERS DURING PANDEMIC

Fewer UK workers are taking Health and Safety (HSE) recommended screen breaks than ever while working remotely, a new survey...

News3 days ago

GALA TENT LAUNCHES OPEN BANKING SOLUTION FOR TELEPHONE PAYMENTS

Gala Tent, the UK’s largest manufacturer and supplier of commercial marquees and gazebos, has launched an open banking application programme...

Finance3 days ago

THE IMPACT OF CORONAVIRUS ON CRYPTOCURRENCY AND ITS FUTURE

The beginning of March was disastrous for major global markets. When news of the coronavirus pandemic spread, the stock market...

Banking4 days ago

BANKS SHOULD NOT TAKE DATA PRIVACY FOR GRANTED IN THEIR BREXIT TRANSITION PLANS

Rich Vibert, CEO and Co-founder, Metomic   UK banks are not as prepared as they should be for Brexit. This...

Wealth Management6 days ago

UNDERSTANDING THE RISKS INVOLVED IN TRADING FOREX

The foreign exchange market attracts numerous traders every day because penetrating the market is easy. To venture into trading forex,...

Trending