Top 10

TIME TO TAKE A SECURITY-FIRST APPROACH TO APIS IN INSURTECH

Published

3 years ago

July 28, 2020

admin

By Olaf van Gorp, Perforce Software

Insurance is one of the latest sectors to start to benefit from advancements in digitalization. A big part of insurance’s digital transformation is the increasing use of APIs, bits of software that connect different services and apps — whether internally or externally — to connect in a friction-free way. Part of the whole open finance movement, APIs remove the need for complex and costly integrations between disparate systems and networks.
Insurers and associated third parties benefit from being able to share data more easily, processes happen faster, workload and unnecessary costs are reduced, and customers get faster response. It’s an all-round win.
However, while one of the reasons for using APIs is that they provide a controlled route to share confidential and sensitive data, APIs can also potentially introduce risk. If an API contains a vulnerability, then that can lead to problems, including cyberattacks and data breaches. Furthermore, once an API is published, there is usually little or no time to remedy the situation.
To understand how easily these weaknesses can be introduced, let’s look at how APIs are created. First, development has always been the point at which vulnerabilities are inadvertently introduced, potentially leading to issues further down the line, including performance and security problems. Second, development teams have traditionally worked siloed from the rest of the business (even from their colleagues in the IT operations team), with little visibility into their work. Plus, traditionally, security has not been their focus: that was something for the QA or test manager to worry about later.

Olaf van Gorp

That culture is changing, particularly with the DevOps movement, whereby the barriers between development and operations teams is broken down, and they work in a more collaborative way. However, with the understandable emphasis on getting an API published as soon as possible, security often still takes a backseat.
Finally, APIs are being created by a much wider group of people (including external agencies), not just software developers. That is good and bad: it makes it easier to keep up with the demand for APIs, but the new breed of API creators may not be trained software engineers, and arguably even more likely to introduce vulnerabilities.
So, what is the solution to this dilemma? APIs are an integral part of the entire financial sector’s future, but they have to be secure. Fortunately, there are some ways in which their security can be improved.

Four ways to improve API security

ONE – create a security-first mindset – get everyone on board on putting security in the spotlight, rather than an afterthought. Bake security into development processes and throughout the API’s entire lifecycle. Make sure everyone understands their roles around risk mitigation, including external contributors. Consider investing in security training for anyone responsible for API development.

TWO – go the extra mile – some compliance and standards already address API security. For instance, in Europe, the banking sector’s PSD2 requires security measures at the API level. In insurance, the NAIC Registry in the USA is putting more emphasis on API security and overall management, with automated filing of standard reporting documentation from insurance providers to meet state-level compliance. We are likely to see more API security requirements worldwide and within all aspects of finance, including insurance. However, open finance standards have a specific scope, and there are other security measures that can be adopted to further reduce risk. A good source is the OWASP API Security Top 10, which covers the most common API vulnerabilities and ways to prevent them.

THREE – put the brakes in place – comprehensive security processes need to cover all deployment and approval processes, people and teams. They should cover: authentication, authorisation, malicious pattern detection, message content security, and rate limiting. An API should also not be published without time-stamped approval from an authorised person, and this is typically a combined manual and automated process, involving the software development’s Continuous Delivery/Continuous Integration pipeline. Finally, make sure that there is a clear audit trail, so that if a problem occurs in the future, it can be traced back to root cause.

FOUR – reduce human intervention – automate security policies as much as possible, because this will not only reduce the risk of manual error, it will also help prevent security becoming a bottleneck. Introducing an API gateway will help achieve this, as well as making it harder for people to switch off security policies at will. Make sure that the chosen API gateway can operate with external contributors, as well as support all the main types of API, and deal with high volume. People still make the final decisions, but automation is the workhorse.

Take away security from developers
This may sound counter-intuitive to what is happening in other parts of software development (especially the Shift Left movement whereby software developers are taken on more responsibility for testing), but take away security from developers. Instead, leave API product managers, security specialists and other people to keep watch on API security. Use software tools to continually inspect code so that any issues are found early. Again, this can be a largely automated process, with humans then taking action depending on the results.
APIs are transforming financial services of all kinds, opening up faster and more efficient ways to communicate. By making security a priority across an API’s lifecycle, this will make it easier to reap the rewards of APIs, to reduce costs, speed up processes, and keep customers satisfied.

Top 10

Five Ways to Save Money in Your 20s

Published

16 hours ago

June 8, 2023

admin

Depending on your background, entering your 20s can be a bit of a precarious time. Among the things you’ll need to get to grips with is the idea of having your own money to spend. Whether you’ve just left education, or you’ve been in the world of work for a while, it pays to understand finance. The bad news is that your financial education, if you’re like most people, won’t have amounted to much. The good news is that you’ve spotted the problem early, and you can look to try to correct it.

You might put money aside in an ISA, or some other optimised savings account. You might, at this point, be looking around and wondering how you compare to everyone else (which is only natural). Research indicates that around 15% of people in the UK don’t have any savings at all, while 33% have savings of less than £1,500. If you’re young, then you’re more likely to fall into these brackets.

We should note, however, that not everyone’s starting from quite the same level. If you haven’t gotten a leg up from your family, then you’ll be at a disadvantage – but it needn’t be a lasting one, if you develop the right financial habits.

Make it a habit

Keeping your spending in check is a lot like keeping your weight under control, or learning a musical instrument. The things that you do every day without thinking will tend to add up to your long-term success or failure. Build the right financial habits, and you’ll be in good shape. Avoid frivolous spending. Ask yourself whether you really need a given product or service before you buy it. Don’t mistake an asset for a liability, and don’t kid yourself about the difference between the two.

Be realistic

You probably don’t want to waste your twenties by living a monastic lifestyle, especially if your friends are constantly going on holiday or going out in town. So, set yourself realistic limits. In some cases, you might be able to save on the necessities in creative ways. If the cost of learning to drive is prohibitive, for example, then you might look at learner driving insurance, and practicing in your own car.

Emergency funds

You never quite know what the future will hold – and you don’t want to have to sell anything when disaster strikes. If you do, then you’ll be forced to incur the costs an inconvenience that go along with selling. Think about how long you’ll be able to survive on the cash in your current account, and maintain the balance accordingly.

Saving goals

Your spending should ideally be goal-oriented. Think about what you’d like your credit score to look like, and think about how many cards you want to take out. If you think you’re going to have trouble keeping track of your funds, then you might look into budgeting apps that might help you out. As a benchmark, you might look at setting aside around ten per cent of your income for the future.

Retirement savings

While you might not be thinking about your retirement quite yet, it’s worth setting a little bit aside for this period in your life. It makes economic sense, as the government will inflate your savings by up to 25%, up to £4,000 saved every year. This lasts right up until you’re 40 – so, get saving now!

Top 10

Hidden sources of FX risk: could your business be exposed?

Published

1 day ago

June 8, 2023

admin

Running a business can come with great rewards, but it’s not without risk – something businesses in the UK have become all too familiar with in recent years. Living through unprecedented times has made business owners more aware of the potential impact that macroeconomic events, staffing issues, and supply chain problems can cause. While the risks faced by businesses will differ depending on their focus, one thing they’re likely to have in common is FX risk.

In this article, Thanim Islam, Head of FX Analysis at Equals Money, outlines the risk factors threatening UK SMEs and shares his top tips on how to minimise their FX exposure.

All businesses that make transactions, payments, or purchases in foreign currencies are exposed to FX risk. Whether it’s through selling on an international site like Amazon or importing from abroad, FX exposure is an unavoidable part of international trade. While larger, more profitable businesses are better positioned to weather the volatility of the FX market, for those operating with low margins, even slight currency movements can wreak havoc on their bottom lines.

For SMEs, where cashflow is the lifeblood of their businesses, FX exposure is particularly hazardous. As of last year, 99% of UK businesses were classified as SMEs, making this a risk affecting most of the business population.[1]

What are the key FX risks threatening UK SMEs currently?

The threat of ‘sticky’ inflation remains, meaning profit margins for small businesses may well continue to be tight vulnerable to the impact of FX volatility. This isn’t something to be underestimated and FX exposure putting pressure on already restricted margins has the potential to even wipe out businesses all together.

So, what kind of currency movements should SMEs be looking out for?

Since March, sterling in general has performed very well, which has seen GBPEUR rise by 3.18%, GBPUSD by 7%, GBPCAD 4.17%, and GBPAUD by 8%. These are detrimental moves for SMEs who need to convert foreign currencies back to pounds.

Businesses that can forecast their costs and revenues accurately can mitigate this kind of risk to their profit margins through risk management strategies.

Top tips for minimising your FX exposure

Always plan ahead

If you are able to forecast your expected future currency needs then this is a great starting point in minimising the negative implications of currency moves.

Once you know how much of a currency you may need, you can enter into a forward contract. Forward contracts, a form of currency hedging, are an agreement in foreign exchange dealing that allows you to guarantee, or “lock in”, an exchange rate for the sale or purchase of a specified currency for up to 24 months in the future. Whatever rate you book when the contract is agreed, you’re guaranteed that rate for the agreed time of settlement, thus mitigating the impact of market fluctuations. This can provide the stability and foresight that’s key for SMEs looking to plan and grow while taking market uncertainty into account.

Don’t forget inbound payments

It’s not just businesses that make purchases from abroad who could be losing out. If you’re accepting payments from a foreign customer, you also need to make sure you’re getting the best deal when the currency is converted in their accounts. When receiving large payments from a different currency through traditional banks, businesses run the risk of losing significant amounts of money during the conversion due to poor exchange rates. It’s important to consider your FX exposure holistically including your incoming payments to make sure you’re protecting your business from unnecessary losses.

Decide your risk appetite

While some small businesses may wish to play it safe and mitigate as much exposure to market fluctuations as possible, others may wish to gamble on FX rates in the hopes of facilitating growth. Deciding whether or not to take this risk will depend on your business’s margins, and the amount of revenue that’s tied up in international trade. It can be challenging for a small business to make this call, but by working with a payments partner who offers expertise in FX, businesses can gain insight that better informs their decision -making process.

While FX risk is an unavoidable part of business transactions, it’s important for SMEs to recognise the degree of risk they face and consider implementing appropriate risk management strategies. This may include seeking advice from FX and financial advisors, exploring hedging options, diversifying markets, and staying informed and ahead of global economic trends and exchange rate movements. Just a 15 minute conversation with an FX advisor could be enough to put in place an FX strategy that can alleviate FX pressures on your small business.

[1] Gov.UK, Business population estimates for the UK and regions 2022: statistical release, October 2022.