Top 10
TIME TO TAKE A SECURITY-FIRST APPROACH TO APIS IN INSURTECH
Published
3 years agoon
By
admin
By Olaf van Gorp, Perforce Software
Insurance is one of the latest sectors to start to benefit from advancements in digitalization. A big part of insurance’s digital transformation is the increasing use of APIs, bits of software that connect different services and apps — whether internally or externally — to connect in a friction-free way. Part of the whole open finance movement, APIs remove the need for complex and costly integrations between disparate systems and networks.
Insurers and associated third parties benefit from being able to share data more easily, processes happen faster, workload and unnecessary costs are reduced, and customers get faster response. It’s an all-round win.
However, while one of the reasons for using APIs is that they provide a controlled route to share confidential and sensitive data, APIs can also potentially introduce risk. If an API contains a vulnerability, then that can lead to problems, including cyberattacks and data breaches. Furthermore, once an API is published, there is usually little or no time to remedy the situation.
To understand how easily these weaknesses can be introduced, let’s look at how APIs are created. First, development has always been the point at which vulnerabilities are inadvertently introduced, potentially leading to issues further down the line, including performance and security problems. Second, development teams have traditionally worked siloed from the rest of the business (even from their colleagues in the IT operations team), with little visibility into their work. Plus, traditionally, security has not been their focus: that was something for the QA or test manager to worry about later.

Olaf van Gorp
That culture is changing, particularly with the DevOps movement, whereby the barriers between development and operations teams is broken down, and they work in a more collaborative way. However, with the understandable emphasis on getting an API published as soon as possible, security often still takes a backseat.
Finally, APIs are being created by a much wider group of people (including external agencies), not just software developers. That is good and bad: it makes it easier to keep up with the demand for APIs, but the new breed of API creators may not be trained software engineers, and arguably even more likely to introduce vulnerabilities.
So, what is the solution to this dilemma? APIs are an integral part of the entire financial sector’s future, but they have to be secure. Fortunately, there are some ways in which their security can be improved.
Four ways to improve API security
ONE – create a security-first mindset – get everyone on board on putting security in the spotlight, rather than an afterthought. Bake security into development processes and throughout the API’s entire lifecycle. Make sure everyone understands their roles around risk mitigation, including external contributors. Consider investing in security training for anyone responsible for API development.
TWO – go the extra mile – some compliance and standards already address API security. For instance, in Europe, the banking sector’s PSD2 requires security measures at the API level. In insurance, the NAIC Registry in the USA is putting more emphasis on API security and overall management, with automated filing of standard reporting documentation from insurance providers to meet state-level compliance. We are likely to see more API security requirements worldwide and within all aspects of finance, including insurance. However, open finance standards have a specific scope, and there are other security measures that can be adopted to further reduce risk. A good source is the OWASP API Security Top 10, which covers the most common API vulnerabilities and ways to prevent them.
THREE – put the brakes in place – comprehensive security processes need to cover all deployment and approval processes, people and teams. They should cover: authentication, authorisation, malicious pattern detection, message content security, and rate limiting. An API should also not be published without time-stamped approval from an authorised person, and this is typically a combined manual and automated process, involving the software development’s Continuous Delivery/Continuous Integration pipeline. Finally, make sure that there is a clear audit trail, so that if a problem occurs in the future, it can be traced back to root cause.
FOUR – reduce human intervention – automate security policies as much as possible, because this will not only reduce the risk of manual error, it will also help prevent security becoming a bottleneck. Introducing an API gateway will help achieve this, as well as making it harder for people to switch off security policies at will. Make sure that the chosen API gateway can operate with external contributors, as well as support all the main types of API, and deal with high volume. People still make the final decisions, but automation is the workhorse.
Take away security from developers
This may sound counter-intuitive to what is happening in other parts of software development (especially the Shift Left movement whereby software developers are taken on more responsibility for testing), but take away security from developers. Instead, leave API product managers, security specialists and other people to keep watch on API security. Use software tools to continually inspect code so that any issues are found early. Again, this can be a largely automated process, with humans then taking action depending on the results.
APIs are transforming financial services of all kinds, opening up faster and more efficient ways to communicate. By making security a priority across an API’s lifecycle, this will make it easier to reap the rewards of APIs, to reduce costs, speed up processes, and keep customers satisfied.
You may like

Depending on your background, entering your 20s can be a bit of a precarious time. Among the things you’ll need to get to grips with is the idea of having your own money to spend. Whether you’ve just left education, or you’ve been in the world of work for a while, it pays to understand finance. The bad news is that your financial education, if you’re like most people, won’t have amounted to much. The good news is that you’ve spotted the problem early, and you can look to try to correct it.
You might put money aside in an ISA, or some other optimised savings account. You might, at this point, be looking around and wondering how you compare to everyone else (which is only natural). Research indicates that around 15% of people in the UK don’t have any savings at all, while 33% have savings of less than £1,500. If you’re young, then you’re more likely to fall into these brackets.
We should note, however, that not everyone’s starting from quite the same level. If you haven’t gotten a leg up from your family, then you’ll be at a disadvantage – but it needn’t be a lasting one, if you develop the right financial habits.
Make it a habit
Keeping your spending in check is a lot like keeping your weight under control, or learning a musical instrument. The things that you do every day without thinking will tend to add up to your long-term success or failure. Build the right financial habits, and you’ll be in good shape. Avoid frivolous spending. Ask yourself whether you really need a given product or service before you buy it. Don’t mistake an asset for a liability, and don’t kid yourself about the difference between the two.
Be realistic
You probably don’t want to waste your twenties by living a monastic lifestyle, especially if your friends are constantly going on holiday or going out in town. So, set yourself realistic limits. In some cases, you might be able to save on the necessities in creative ways. If the cost of learning to drive is prohibitive, for example, then you might look at learner driving insurance, and practicing in your own car.
Emergency funds
You never quite know what the future will hold – and you don’t want to have to sell anything when disaster strikes. If you do, then you’ll be forced to incur the costs an inconvenience that go along with selling. Think about how long you’ll be able to survive on the cash in your current account, and maintain the balance accordingly.
Saving goals
Your spending should ideally be goal-oriented. Think about what you’d like your credit score to look like, and think about how many cards you want to take out. If you think you’re going to have trouble keeping track of your funds, then you might look into budgeting apps that might help you out. As a benchmark, you might look at setting aside around ten per cent of your income for the future.
Retirement savings
While you might not be thinking about your retirement quite yet, it’s worth setting a little bit aside for this period in your life. It makes economic sense, as the government will inflate your savings by up to 25%, up to £4,000 saved every year. This lasts right up until you’re 40 – so, get saving now!
Top 10
Hidden sources of FX risk: could your business be exposed?
Published
1 day agoon
June 8, 2023By
admin
Running a business can come with great rewards, but it’s not without risk – something businesses in the UK have become all too familiar with in recent years. Living through unprecedented times has made business owners more aware of the potential impact that macroeconomic events, staffing issues, and supply chain problems can cause. While the risks faced by businesses will differ depending on their focus, one thing they’re likely to have in common is FX risk.
In this article, Thanim Islam, Head of FX Analysis at Equals Money, outlines the risk factors threatening UK SMEs and shares his top tips on how to minimise their FX exposure.
All businesses that make transactions, payments, or purchases in foreign currencies are exposed to FX risk. Whether it’s through selling on an international site like Amazon or importing from abroad, FX exposure is an unavoidable part of international trade. While larger, more profitable businesses are better positioned to weather the volatility of the FX market, for those operating with low margins, even slight currency movements can wreak havoc on their bottom lines.
For SMEs, where cashflow is the lifeblood of their businesses, FX exposure is particularly hazardous. As of last year, 99% of UK businesses were classified as SMEs, making this a risk affecting most of the business population.[1]
What are the key FX risks threatening UK SMEs currently?
The threat of ‘sticky’ inflation remains, meaning profit margins for small businesses may well continue to be tight vulnerable to the impact of FX volatility. This isn’t something to be underestimated and FX exposure putting pressure on already restricted margins has the potential to even wipe out businesses all together.
So, what kind of currency movements should SMEs be looking out for?
Since March, sterling in general has performed very well, which has seen GBPEUR rise by 3.18%, GBPUSD by 7%, GBPCAD 4.17%, and GBPAUD by 8%. These are detrimental moves for SMEs who need to convert foreign currencies back to pounds.
Businesses that can forecast their costs and revenues accurately can mitigate this kind of risk to their profit margins through risk management strategies.
Top tips for minimising your FX exposure
Always plan ahead
If you are able to forecast your expected future currency needs then this is a great starting point in minimising the negative implications of currency moves.
Once you know how much of a currency you may need, you can enter into a forward contract. Forward contracts, a form of currency hedging, are an agreement in foreign exchange dealing that allows you to guarantee, or “lock in”, an exchange rate for the sale or purchase of a specified currency for up to 24 months in the future. Whatever rate you book when the contract is agreed, you’re guaranteed that rate for the agreed time of settlement, thus mitigating the impact of market fluctuations. This can provide the stability and foresight that’s key for SMEs looking to plan and grow while taking market uncertainty into account.
Don’t forget inbound payments
It’s not just businesses that make purchases from abroad who could be losing out. If you’re accepting payments from a foreign customer, you also need to make sure you’re getting the best deal when the currency is converted in their accounts. When receiving large payments from a different currency through traditional banks, businesses run the risk of losing significant amounts of money during the conversion due to poor exchange rates. It’s important to consider your FX exposure holistically including your incoming payments to make sure you’re protecting your business from unnecessary losses.
Decide your risk appetite
While some small businesses may wish to play it safe and mitigate as much exposure to market fluctuations as possible, others may wish to gamble on FX rates in the hopes of facilitating growth. Deciding whether or not to take this risk will depend on your business’s margins, and the amount of revenue that’s tied up in international trade. It can be challenging for a small business to make this call, but by working with a payments partner who offers expertise in FX, businesses can gain insight that better informs their decision -making process.
While FX risk is an unavoidable part of business transactions, it’s important for SMEs to recognise the degree of risk they face and consider implementing appropriate risk management strategies. This may include seeking advice from FX and financial advisors, exploring hedging options, diversifying markets, and staying informed and ahead of global economic trends and exchange rate movements. Just a 15 minute conversation with an FX advisor could be enough to put in place an FX strategy that can alleviate FX pressures on your small business.
[1] Gov.UK, Business population estimates for the UK and regions 2022: statistical release, October 2022.
Magazine
Trending


Taxing times for online marketplaces? Operators must act now to avoid losing sellers
By Niall Kiernan, Senior Director of Product Marketing, Vertex In today’s digital landscape, online marketplaces are an enabler for...


Five Ways to Save Money in Your 20s
Depending on your background, entering your 20s can be a bit of a precarious time. Among the things you’ll need...


Unlocking the Power of Data: Revolutionising Business Success in the Financial Services Sector
Suki Dhuphar, Head of EMEA, Tamr The financial services (FS) sector operates within an immensely data-abundant landscape. But it’s...


Hidden sources of FX risk: could your business be exposed?
Running a business can come with great rewards, but it’s not without risk – something businesses in the UK have...


Preventing fraud and detecting money laundering in real-time
Mathew Hobbis – Chief Architect FSI, Solace The number of payment channels has grown exponentially. The time it takes...


Money where your mouth is: on the need to modernize insurance tech stacks
Tim Hood, VP, EMEA and APAC, Hyland Once upon a time, starting an insurance company was a predominantly physical...


Making the Maths Work: Addressing Inflation Challenges through Measuring and Managing Risk
Matt Clementson, Head of Enterprise UK&I Persistent inflation is highly troublesome for every business – with or without a recession....


BioCatch Strengthens Collaboration with Microsoft Cloud for Financial Services
Collaboration Delivers End-to-End Intelligent Banking Cloud Platform with Online Fraud Detection Powered by Next-Generation Behavioural Biometrics BioCatch, a global leader...


HOW SMALL BUSINESSES CAN FIGHT BACK AGAINST POOR PAYMENT PRACTICES
SMEs across the UK are facing a challenging economic environment and late payments pose a severe challenge to maintaining cash...


Less than a year until EMIR Refit: how can firms prepare?
Leo Labeis, CEO at REGnosys, discusses everything that financial institutions need to know about EMIR Refit and how they can...


Enhancing cybersecurity in investment firms as new regulations come into force
Christian Scott, COO/CISO at Gotham Security, an Abacus Group Company The alternative investment industry is a prime target for...


How to think like an attacker & why it might be critical to your security strategy
Kam Karaji, Global Head of Information Security for Bibby Financial Services, argues at DTX Manchester that the most successful way...


Building a sustainable future – what’s on your agenda for 2023?
The most successful and progressive leaders are embracing ESG or Environmental, Social and Governance principles throughout their businesses, but how...


Digital Acceleration – the next buzzword in banking tech? Or a new era for the industry?
Ove Kreison, CTO at Tuum McKinsey’s latest report on banking found that traditional banks are spending a whopping 85% of their...


One year until EMIR Refit: how can firms prepare?
Leo Labeis, CEO at REGnosys, discusses everything that financial institutions need to know about EMIR Refit and how they can...


In the Name of the Family! Firms with CEOs under clan culture influence are much more likely to be internationally focused
In an increasingly globalised world, it is incredibly rare that a firm can expect to grow in the long-term unless...


Regulations, RegTech and CBDCs – Fintech’s Next Chapter
Teresa Cameron, Finance Director at Clear Junction Over the last decade, the UK has embraced the fintech revolution with...


Gearing up for growth amid economic pressure: 10 top tips for maintaining control of IT costs
By Dirk Martin, CEO and Founder of Serviceware Three years on from the pandemic and economic pressure is...


Find Your Tribe With Content Marketing
Ian is the CMO at Spotler Group Seth Godin, a writer, speaker, marketing expert, and influencer, describes audiences as tribes,...


The formula for success: delivering total experience in financial services
Monica Hovsepian, Global Industry Strategist, OpenText The tumult of the last few years has thrown many challenges at...

Taxing times for online marketplaces? Operators must act now to avoid losing sellers

Five Ways to Save Money in Your 20s

Unlocking the Power of Data: Revolutionising Business Success in the Financial Services Sector

Hidden sources of FX risk: could your business be exposed?

Preventing fraud and detecting money laundering in real-time

Money where your mouth is: on the need to modernize insurance tech stacks

PCI DSS v.4.0 Latest Updates That You Need to Know

RBI’s MASTER DIRECTION ON DIGITAL PAYMENTS SECURITY CONTROLS

EMV® 3-D SECURE: ENABLING STRONG CUSTOMER AUTHENTICATION

HOW TO SIMPLIFY IDENTIFICATION IN THE GLOBAL DIGITAL ECONOMY WITH THE LEI

EXEGER – CHANGING THE PERCEPTION OF POWER

FUTURE FX PROMO
Trending
-
News1 day ago
BioCatch Strengthens Collaboration with Microsoft Cloud for Financial Services
-
Business3 days ago
HOW SMALL BUSINESSES CAN FIGHT BACK AGAINST POOR PAYMENT PRACTICES
-
Finance1 day ago
Preventing fraud and detecting money laundering in real-time
-
Business3 days ago
Less than a year until EMIR Refit: how can firms prepare?