Top 10

TIME TO TAKE A SECURITY-FIRST APPROACH TO APIS IN INSURTECH

Published

3 years ago

July 28, 2020

admin

By Olaf van Gorp, Perforce Software

Insurance is one of the latest sectors to start to benefit from advancements in digitalization. A big part of insurance’s digital transformation is the increasing use of APIs, bits of software that connect different services and apps — whether internally or externally — to connect in a friction-free way. Part of the whole open finance movement, APIs remove the need for complex and costly integrations between disparate systems and networks.
Insurers and associated third parties benefit from being able to share data more easily, processes happen faster, workload and unnecessary costs are reduced, and customers get faster response. It’s an all-round win.
However, while one of the reasons for using APIs is that they provide a controlled route to share confidential and sensitive data, APIs can also potentially introduce risk. If an API contains a vulnerability, then that can lead to problems, including cyberattacks and data breaches. Furthermore, once an API is published, there is usually little or no time to remedy the situation.
To understand how easily these weaknesses can be introduced, let’s look at how APIs are created. First, development has always been the point at which vulnerabilities are inadvertently introduced, potentially leading to issues further down the line, including performance and security problems. Second, development teams have traditionally worked siloed from the rest of the business (even from their colleagues in the IT operations team), with little visibility into their work. Plus, traditionally, security has not been their focus: that was something for the QA or test manager to worry about later.

Olaf van Gorp

That culture is changing, particularly with the DevOps movement, whereby the barriers between development and operations teams is broken down, and they work in a more collaborative way. However, with the understandable emphasis on getting an API published as soon as possible, security often still takes a backseat.
Finally, APIs are being created by a much wider group of people (including external agencies), not just software developers. That is good and bad: it makes it easier to keep up with the demand for APIs, but the new breed of API creators may not be trained software engineers, and arguably even more likely to introduce vulnerabilities.
So, what is the solution to this dilemma? APIs are an integral part of the entire financial sector’s future, but they have to be secure. Fortunately, there are some ways in which their security can be improved.

Four ways to improve API security

ONE – create a security-first mindset – get everyone on board on putting security in the spotlight, rather than an afterthought. Bake security into development processes and throughout the API’s entire lifecycle. Make sure everyone understands their roles around risk mitigation, including external contributors. Consider investing in security training for anyone responsible for API development.

TWO – go the extra mile – some compliance and standards already address API security. For instance, in Europe, the banking sector’s PSD2 requires security measures at the API level. In insurance, the NAIC Registry in the USA is putting more emphasis on API security and overall management, with automated filing of standard reporting documentation from insurance providers to meet state-level compliance. We are likely to see more API security requirements worldwide and within all aspects of finance, including insurance. However, open finance standards have a specific scope, and there are other security measures that can be adopted to further reduce risk. A good source is the OWASP API Security Top 10, which covers the most common API vulnerabilities and ways to prevent them.

THREE – put the brakes in place – comprehensive security processes need to cover all deployment and approval processes, people and teams. They should cover: authentication, authorisation, malicious pattern detection, message content security, and rate limiting. An API should also not be published without time-stamped approval from an authorised person, and this is typically a combined manual and automated process, involving the software development’s Continuous Delivery/Continuous Integration pipeline. Finally, make sure that there is a clear audit trail, so that if a problem occurs in the future, it can be traced back to root cause.

FOUR – reduce human intervention – automate security policies as much as possible, because this will not only reduce the risk of manual error, it will also help prevent security becoming a bottleneck. Introducing an API gateway will help achieve this, as well as making it harder for people to switch off security policies at will. Make sure that the chosen API gateway can operate with external contributors, as well as support all the main types of API, and deal with high volume. People still make the final decisions, but automation is the workhorse.

Take away security from developers
This may sound counter-intuitive to what is happening in other parts of software development (especially the Shift Left movement whereby software developers are taken on more responsibility for testing), but take away security from developers. Instead, leave API product managers, security specialists and other people to keep watch on API security. Use software tools to continually inspect code so that any issues are found early. Again, this can be a largely automated process, with humans then taking action depending on the results.
APIs are transforming financial services of all kinds, opening up faster and more efficient ways to communicate. By making security a priority across an API’s lifecycle, this will make it easier to reap the rewards of APIs, to reduce costs, speed up processes, and keep customers satisfied.

Banking

Emerging technology will power long-term sustainability within the UK banking industry

Published

1 day ago

September 26, 2023

admin

By Peter-Jan Van De Venn, VP Global Digital Banking at Hexaware Mobiquity.

Sustainability has been a big focus for the banking industry in recent years, with the issue becoming increasingly important for consumers. It’s no wonder that sustainability has become baked into the purposes of almost every bank, from Natwest to HSBC.

However, the economic uncertainty of the last year has led to many banks putting it on the back burner. Challenging market conditions have forced financial institutions to change their priorities to concentrate on protecting the bottom line. Our research found there’s been a significant drop in the number of UK banks saying that sustainability remains a key business strategy. 12 months ago it was a major priority for 100 per cent of banks, but now that number has shrunk to 60 percent.

Whilst it’s understandable that banks are feeling the pressure at the moment, there’s a risk that they will miss out if they hit the pause button. From cost savings brought by innovative digital products and services, to improved brand reputation and increased profitability, there are a lot of longer-term benefits they could be failing to unlock. So how can they keep moving forward?

Losing momentum

Emerging technology holds the key to their success, with the power to disrupt current behaviours and promote a more sustainable culture. Banks are already aware of this, with 76 percent using digital transformation to drive sustainability, but a lack of leadership has made it difficult to build momentum in the last 12 months. Currently just over half (54 percent) of banks have tasked an executive at board level with overseeing sustainability – way down from 83% just 12 months ago.

This lack of board authority means banks are struggling to engage the entire organisation to move ahead with sustainable initiatives. As a result, almost two-thirds of banks are seeing progress slow, admitting they are not actively taking steps to foster more sustainable behaviours throughout the organisation. Those that have taken their foot off the gas need to find a way to move forward again.

No time for standing still

Banks know that technology can drive sustainable behaviour. For instance, many of them are already encouraging their workforce to work remotely, as a way of reducing travel. This has two benefits – not only does it cut the costs of running physical offices at full capacity, but also reduces the bank’s carbon footprint. There has never been a better time to invest in technology to drive more sustainable behaviours.

New digital products and services can also extend the benefits beyond employees to encompass the wider customer base. A fair number of banks are already investing to make this happen. More than a third (35 percent) of banking organisations are using Machine Learning (ML), Artificial Intelligence (AI), cloud and analytics to make digital services more easily accessible. Investment in these technologies will be critical as the number of physical bank branches continues to decrease, with figures from Which? showing this is taking place at a rate of 54 branch closures each month.

Hitting environmental and social responsibility goals

Emerging technologies can also help banks keep pace with tightening ESG rules and regulations. Banks are faced with demands for increasingly granular reporting and transparency on ESG – demanding a new approach. In line, 41% of them are developing data visualisation tools to improve stakeholder engagement and understanding of ESG risks and opportunities, while 37% are using machine learning and artificial intelligence to identify and track ESG risks and opportunities across a wide range of data sources.

More than one in three are also using the blockchain to improve transparency and traceability in supply chains, and implementing digital tools and platforms to collect, analyse, and report ESG data and metrics in a standardised and consistent manner. All these applications of emerging technology will put banks on track to address global environmental challenges and unlock a greener future.

Long-term sustainability

As the economic pressures hopefully start to subside, increasing numbers of banks will start investigating how they can use emerging technologies to provide engaging experiences and value-added services for customers, to drive greater revenue and efficiencies.

Whilst banks are right to focus on their revenue under difficult trading conditions, it’s important they don’t miss out on the long-term benefits that sustainability can bring. To capitalise on this, banks must keep pushing the boundaries and invest in emerging innovations to drive more sustainable banking behaviours, benefiting the planet and driving great digital experiences for customers.

Banking

The Future of Banking: Streamlined Cash Management for ATMs

Published

2 days ago

September 26, 2023

admin

Gaetano Ziri, Innovation Manager, Auriga

“Maintaining free access to cash for the community demands robust strategies to mitigate the escalating costs incurred by banks and ATM operators in handling cash. A pivotal step in this direction is modernising cash management systems to foster efficiency and reduce operational costs.

Back in 2018, a report by McKinsey underscored the urgent need to overhaul the largely manual and disjointed systems relied upon by nearly half the banks worldwide for forecasting cash requirements at branches and ATMs. Despite the decrease in cash usage noted by the European Central Bank, the cost of managing cash has not abated, primarily due to surging labour costs.

To reconcile the demand for free access to cash with the requisite cost reductions, banks are increasingly turning towards tech-driven solutions in cash management that elevate service levels while driving down expenses.

The Complex Landscape of ATM Network Management

Operating a vast ATM network can be a double-edged sword for banks, simultaneously offering customer convenience and engendering considerable challenges, including substantial cash handling, management, transit and security costs. Each ATM embodies a multifaceted operation involving numerous cash transfer operatives, necessitating a coordinated strategy to forestall costly inefficiencies.

The remedy is a holistic, data-centric approach to streamline the management of intricate ATM networks and counter the escalating costs associated with cash access. The merits of such an approach, grounded in continuous data collection and analysis across ATM networks, encompass:

Strategic Planning: Leveraging real-time data to craft bespoke strategies for individual branches or regions, assuring optimal cash flow management and averting superfluous cash loading orders.
Operational Transparency: Facilitating stakeholders with instantaneous access to accounting and operational data relating to cash supply chains, thereby enabling timely interventions and adaptations.
Enhanced Customer Experience: Minimising ATM downtimes to guarantee uninterrupted cash access to customers, enhancing their banking experience.

Innovations in Cash Management: A Closer Look

So, how does this revolutionary cash management technology function? The answer lies in a series of sophisticated features that employ cutting-edge predictive analytics, automation, and data-driven decision-making:

Predictive Analysis: Forward-thinking solutions predict cash necessities of distinct units, offering precise demand and cash flow projections by considering variables such as seasonal fluctuations, holidays, and daily usage trends.
Automation and Monitoring: Swapping manual processes or basic mathematical functions with modern software solutions for cash management ushers in real-time monitoring and efficient intervention planning, which can potentially diminish order management costs by a significant margin, whilst improving precision and operational fluidity.
Optimised Cash Transit Management: Utilising predictive analytics to strategically plan cash restocks, thereby reducing the likelihood of ATMs depleting their cash reserves and improving customer satisfaction.
Data-Driven Decision Making: Availing a comprehensive dashboard to generate timely reports and monitor critical metrics facilitates strategic decision-making grounded in accurate data, substantially reducing residual cash stock in ATMs.

As the financial landscape evolves, banks and financial institutions are impelled to adapt and innovate. Traditional cash management approaches are increasingly becoming outdated, paving the way for modern, data-driven solutions. These not only embody a commitment to technological advancement but also signify a strategic movement towards future readiness.

Embracing such technologies promises streamlined operations, substantial cost reductions, and a superior customer experience, setting a new standard in ATM network management.”