Connect with us

Top 10

TIME TO TAKE A SECURITY-FIRST APPROACH TO APIS IN INSURTECH

Published

on

By Olaf van Gorp, Perforce Software

 

Insurance is one of the latest sectors to start to benefit from advancements in digitalization. A big part of insurance’s digital transformation is the increasing use of APIs, bits of software that connect different services and apps — whether internally or externally — to connect in a friction-free way. Part of the whole open finance movement, APIs remove the need for complex and costly integrations between disparate systems and networks.
Insurers and associated third parties benefit from being able to share data more easily, processes happen faster, workload and unnecessary costs are reduced, and customers get faster response. It’s an all-round win.
However, while one of the reasons for using APIs is that they provide a controlled route to share confidential and sensitive data, APIs can also potentially introduce risk. If an API contains a vulnerability, then that can lead to problems, including cyberattacks and data breaches. Furthermore, once an API is published, there is usually little or no time to remedy the situation.
To understand how easily these weaknesses can be introduced, let’s look at how APIs are created. First, development has always been the point at which vulnerabilities are inadvertently introduced, potentially leading to issues further down the line, including performance and security problems. Second, development teams have traditionally worked siloed from the rest of the business (even from their colleagues in the IT operations team), with little visibility into their work. Plus, traditionally, security has not been their focus: that was something for the QA or test manager to worry about later.

Olaf van Gorp

That culture is changing, particularly with the DevOps movement, whereby the barriers between development and operations teams is broken down, and they work in a more collaborative way. However, with the understandable emphasis on getting an API published as soon as possible, security often still takes a backseat.
Finally, APIs are being created by a much wider group of people (including external agencies), not just software developers. That is good and bad: it makes it easier to keep up with the demand for APIs, but the new breed of API creators may not be trained software engineers, and arguably even more likely to introduce vulnerabilities.
So, what is the solution to this dilemma? APIs are an integral part of the entire financial sector’s future, but they have to be secure. Fortunately, there are some ways in which their security can be improved.

Four ways to improve API security

ONE – create a security-first mindset – get everyone on board on putting security in the spotlight, rather than an afterthought. Bake security into development processes and throughout the API’s entire lifecycle. Make sure everyone understands their roles around risk mitigation, including external contributors. Consider investing in security training for anyone responsible for API development.

TWO – go the extra mile – some compliance and standards already address API security. For instance, in Europe, the banking sector’s PSD2 requires security measures at the API level. In insurance, the NAIC Registry in the USA is putting more emphasis on API security and overall management, with automated filing of standard reporting documentation from insurance providers to meet state-level compliance. We are likely to see more API security requirements worldwide and within all aspects of finance, including insurance. However, open finance standards have a specific scope, and there are other security measures that can be adopted to further reduce risk. A good source is the OWASP API Security Top 10, which covers the most common API vulnerabilities and ways to prevent them.

THREE – put the brakes in place – comprehensive security processes need to cover all deployment and approval processes, people and teams. They should cover: authentication, authorisation, malicious pattern detection, message content security, and rate limiting. An API should also not be published without time-stamped approval from an authorised person, and this is typically a combined manual and automated process, involving the software development’s Continuous Delivery/Continuous Integration pipeline. Finally, make sure that there is a clear audit trail, so that if a problem occurs in the future, it can be traced back to root cause.

FOUR – reduce human intervention – automate security policies as much as possible, because this will not only reduce the risk of manual error, it will also help prevent security becoming a bottleneck. Introducing an API gateway will help achieve this, as well as making it harder for people to switch off security policies at will. Make sure that the chosen API gateway can operate with external contributors, as well as support all the main types of API, and deal with high volume. People still make the final decisions, but automation is the workhorse.

Take away security from developers
This may sound counter-intuitive to what is happening in other parts of software development (especially the Shift Left movement whereby software developers are taken on more responsibility for testing), but take away security from developers. Instead, leave API product managers, security specialists and other people to keep watch on API security. Use software tools to continually inspect code so that any issues are found early. Again, this can be a largely automated process, with humans then taking action depending on the results.
APIs are transforming financial services of all kinds, opening up faster and more efficient ways to communicate. By making security a priority across an API’s lifecycle, this will make it easier to reap the rewards of APIs, to reduce costs, speed up processes, and keep customers satisfied.

 

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

2023 crypto trends that businesses need to know about

Published

on

By

By Marcus de Maria, Founder and Chairman of Investment Mastery

 

As cryptocurrencies have started to enjoy wider global acceptance in recent years, businesses and financial institutions have been slower to join the trend. Perhaps wisely, the business community has been more cautious in its approach to adopting cryptocurrencies than previously anticipated when Bitcoin first launched in 2009.

The tide is shifting though. The ever-changing digital marketplace has meant we’re now seeing increasingly more household name brands such as Microsoft, Google and Starbucks embracing payment in Bitcoin for some or all of its services or certainly trialling it. As 2022 draws to a close, over 15000 companies are excepting Bitcoin as payment around the world.

As more businesses take the plunge into the crypto world and off the back of one of the most volatile years in crypto history, what changes can we expect to see over the next year?

John Castro, CEO of Investment Mastery shares his 2023 cryptocurrency predictions below.

Marcus de Maria

Like the stock markets the crypto market is struggling against a backdrop of high inflation, the soaring cost of living, and a recessionary environment. As such prices have dropped a lot. However, sit up and take note for businesses who are looking into cryptocurrencies, 2023 could be looking promising for these three key reasons:

  1. The entering of institutions: What we are seeing now and what we will be seeing more of in 2023 are institutions entering the market. Pension funds are adding cryptos to their assets for the first time, news broke earlier this year that BlackRock is partnering with Coinbase to deliver crypto to their customers, and Fidelity and Citigroup are joining with their millions of clients. As the market inevitably becomes more regulated, we can expect this trend to continue which will encourage market growth.
  2. The formation of partnerships: As well as reputable institutions entering the market, 2023 will be bolstered by new partnerships between crypto and big business. We’re seeing Amazon partnering with either Ethereum and Solana among other cryptocurrencies and blockchains to host their cloud service. This has made the idea of crypto payment more attractive to global business leaders. As more businesses adopt cryptocurrency, we are likely to see a more stable crypto market in 2023.
  1. Bad players leaving the game: Like any market, crypto has had its share of bad players. In 2022 the market lost a lot of value thanks to the likes of Celsius ftx. This has inevitably shaken investors’ faith having a knock-on effect on price. But as these bad payers are knocked out, we predict that much needed trust will be rebuilt throughout the next year which will help lead to an increase in value.

With reputable institutions entering the market, powerful partnerships being made and the removal of those giving crypto a bad name, the prediction for 2023 is that demand for cryptocurrencies and blockchain technology is only going to increase. With supply staying the same thanks to the very nature of crypto, we can expect the price to inevitably increase.

So could a Bull market be upon us in 2023? Time will tell but one thing is for sure, cryptocurrencies are here to stay. It’s time for businesses to put their game faces on…

 

About Investment Mastery

Founded in 2003, Investment Mastery is a premium training and education company delivering easy to follow and profitable trading and investing strategies.

Today, Investment Mastery delivers training seminars and workshops, online and live in-person, annually. They have educated over thousands of people across 25 countries, while also developing and delivering industry-leading online support and training that is delivered in three different languages.

Led by founder and chairman Marcus de Maria and his expert team of real traders and investors in the fields of stocks, cryptocurrencies and forex, Investment Mastery’s training education is influenced by the exact same proven techniques that Marcus uses to trade and invest his own money.

The team at Investment Mastery do not just help clients to strengthen their finances, but their mindset too. This helps clients uncover, address and breakthrough their limiting beliefs behind wealth creation and find their reasons ‘why’. This unique approach is what sets them apart from other wealth creation educators and is why clients achieve such incredible results.

 

 

Continue Reading

Business

The big cash squeeze: will fortune favour the bold?

Published

on

By

With a new political landscape, rising inflation, a cost-of-living crisis and increasing pressure from HMRC for payments, many businesses are preparing for a big cash squeeze in 2023. This could push demand for credit management services to a new high, so how will the industry fare and could fortune favour the bold?

At a recent roundtable event in Cardiff, chaired by the Chartered Institute of Credit Management (CICM) and hosted by accountancy firm, Menzies LLP, experts from across the industry discussed the challenges and opportunities that lie ahead for businesses.

During times of economic hardship, credit managers have a particularly challenging, frontline role to play in helping businesses to protect cash flow, while mitigating financial risks. However, a strong focus on cash management and credit control can also generate opportunities to increase revenues and boost profitability.

Challenges lie ahead, not least skills shortages

Prime Minister, Rishi Sunak, has warned that the UK is facing a ‘profound economic crisis’ and while this isn’t a surprise, many businesses feel ill-prepared. The fall-out from Brexit remains a major issue for many industries, particularly those trading in Europe, driving up costs and administration and leaving a legacy of staff shortages that is impacting productivity. High take-up of Government-backed loans during the COVID-19 pandemic, has left many businesses struggling to meet their repayments with reduced revenues and depleted cash reserves, all at a time of record inflation and a war in Ukraine, which is driving up energy costs to exorbitant levels that are simply not sustainable for some businesses.

According to delegates at the roundtable, the biggest and most immediate challenge that businesses are facing is the staffing crisis. Sue Chapple, chief executive of the CICM, commented: “Members are reporting significant staff shortages right across industry sectors. In particular, businesses note a lack of graduates and skilled young people – some of whom are choosing to delay the start of their careers. In sectors such as construction, food manufacturing and hospitality, reduced access to non-UK workers is a major problem.”

While sharing examples of best practice, Nicola Johnson, head of credit and cash processing at PHS, explained that credit management professionals need to invest more time encouraging workers to develop their skills and progress their careers. She said: “We have six workers about to start  CICM qualifications at the moment, supported by the business, and we hope that this will encourage them to stay and further their careers.” Other firms reported that more apprenticeships are being taken on to grow the skills base.

For recruiters serving the industry, the lack of candidates for jobs in areas such as credit assurance and risk data analysis is inflating wage expectations, which makes it even more challenging for businesses to recruit the people they need. Jason Pallister, managing director at DCS Credit Management & Recruitment, said: “Some businesses are being priced out of the market by larger companies that are able to offer more attractive reward and remuneration packages. Things are getting increasingly competitive and unrealistic wage expectations are a growing problem.”

Referring to staff shortages in other sectors, Craig Evans, head of new business sales at credit ratings provider, Company Watch, added: “Staff shortages are so serious in some industries that businesses are unable to trade and some are choosing to wind up now, rather than wait for the situation to get worse. This is a growing area of credit risk that our customers are seeking information about – particularly regarding the number of winding up petition applications.”

While there is no silver bullet to the staffing crisis, employers are aware that they need to remain flexible and understand what workers want. Hans Meijer, EICC director at Coface, said: “We are recruiting in London and Watford at the moment and the demographic of the candidates for vacancies at each location is quite different. Understanding this and staying flexible to individual worker preferences when it comes to hybrid working is helping us to attract the right people. Greater focus on training and skills development is also helping.”

Rising tide of insolvencies

With inflation rising and ongoing uncertainty surrounding trading conditions, the challenges facing businesses are expected to continue through 2023. The hike in energy costs, due next April, could be a pivotal moment for some businesses. A survey conducted recently by the Office for National Statistics (ONS) found that one in 10 UK businesses reported being at a ‘moderate-to-severe’ risk of insolvency, with rising energy costs cited as a major factor. Smaller firms with fewer than 50 employees were among those most likely to report being at risk.

Bethan Evans, business recovery partner at Menzies LLP, said: “Corporate insolvencies in England and Wales rose to a record level in Q2 and some businesses are seeking advice about entering an insolvency process now, because they know that cost and staffing pressures, as well as market uncertainty, are not going away. They are already on the brink and the rise in the energy price cap next April could push them over the edge.”

For in-house credit management teams, reading customer behaviour and spotting red flags is increasingly important. Some businesses are still working through customer issues caused by the pandemic restrictions. In some cases, contracts have been successfully re-negotiated or ‘Covid credits’ issued. However, in other instances, demands for payment and legal action for breach of contract have proved unavoidable. Overall, there is a willingness to be flexible but, with more customers favouring short-term contracts and seeking greater control over when and how they make their payments, credit managers are feeling the strain.

Sue Chapple commented: “It has never been more important for businesses to know their customers and understand the pressures and risks they are facing. Through effective communication, credit management professionals can help to build a more complete picture.”

More focus on supply-side risks

Customer risk isn’t the only source of financial risk requiring senior-level attention. Companies understand the importance of underwriting customer credit risk, but a growing number are now seeking advice about how to mitigate supply-side risks too. “Communication is vital, as businesses need to understand where external risks lie and how to identify them. They also need accurate data about where risks might arise in the future, so they are better informed,” commented Craig Evans.

Simon Philpin, head of trade credit at credit assurance provider, Markel, added: “We have seen increased demand for credit assurance linked to suppliers. Unfortunately, businesses in some sectors have been experiencing defaults or delays, which can be highly disruptive and financially damaging.

“Fraud is another major risk factor for businesses across industry sectors. Sometimes it is linked to the activities of financiers, such as invoice discounters, and we are advising businesses to be particularly cautious when auditing their suppliers and customers. Fraud linked to the misuse of Government-backed loans is also widespread.”

Fortune favours the agile

Despite the many challenges that businesses and their credit management teams are facing on a day-to-day basis, there will also be commercial opportunities in the year ahead. As some businesses demonstrated during the pandemic, those that are quick to diversify to meet new or growing areas of demand could reap rewards. According to Bethan Cooke, senior lawyer at Admiral Money: “While risk understanding is important, businesses should also be thinking about how they might expand products or service lines in the year ahead. In particular, digitisation can deliver better quality data about customer journeys to support cross-selling or other revenue-generating initiatives.”

Even in the midst of a ‘profound economic crisis’, some businesses will succeed in growing their market share or expanding into new markets. Craig Evans added: “In the 2008/09 recession, we worked with a construction business that took on more risk and increased its market share as a result. Now they are back and looking to do the same thing again. As long as they can quantify the risk they are taking on and don’t over-stretch, it could be another case of ‘fortune favours the bold’.”

 

This report is based on a roundtable event for employers and credit management professionals, chaired by the CICM and hosted by accountancy firm, Menzies LLP.

 

First published at Credit Management magazine.

Continue Reading

Magazine

Trending

Business3 days ago

How FS organisations can utilise data to boost customer experience

Charles Southwood, Regional VP and GM – Northern Europe and Africa at Denodo We’ve all heard the age-old adage “the customer...

Business3 days ago

The Evolution of SoftPoS in 2023

By Brad Hyett, CEO of phos Contactless payments and digital wallets have surged in popularity in recent years. Part of...

Banking3 days ago

The Importance of Digital Trust in Banking and Finance

By Maeson Maherry, COO at Ascertia   With the rising adoption of eSignatures and the acceleration of digital transformation, trust...

Business4 days ago

Taking Financial Services to the Edge

Authored by Pascal Holt, Director of Marketing, Iceotope   Edge computing, cloud, and AI are changing the competitive landscape for...

Business4 days ago

Accounting Automation in the Future

Accounting automation is the process of streamlining repetitive tasks in financial processes. For example, some processes like invoicing are time-consuming...

Banking6 days ago

How banks can help customers during the cost of living crisis

 Lavanya Kaul Head of BFSI, UK & Ireland, LTI Mindtree   Surging energy and food prices are significantly driving up...

Finance6 days ago

Weathering the economic storm in 2023

Nikki Dawson, Head of EMEA Marketing at Highspot   New year, new business challenges. When it comes to creating and...

Business7 days ago

Three ways data can help financial organisations thrive in today’s economy

By Rinesh Patel, Global Head of Financial Services, Snowflake   Financial organisations are caught in the middle of an ever-evolving...

Finance1 week ago

What is the right strategy for the end of money?

By John Barber, VP & Head of Europe at Infosys Finacle More than five thousand years ago, humans replaced barter...

Business1 week ago

2023 – what will happen in the payment world?

Tommaso Jacopo Ulissi, Head of Group Strategy, Nexi Group 2022 was a year of transition for consumers, as BNPL (Buy...

Business1 week ago

2023 crypto trends that businesses need to know about

By Marcus de Maria, Founder and Chairman of Investment Mastery   As cryptocurrencies have started to enjoy wider global acceptance...

Business1 week ago

Defining Fraud in 2023

Scott Buchanan, Chief Marketing Officer at Forter Fraudsters are fluid — they constantly experiment with new tactics to find cracks in...

Business1 week ago

How accounting software may hold the key to keeping on top of credit control

By Paul Sparkes, Commercial Director of award-winning accounting software developer, iplicit.   One of the first rules everyone learns about...

Banking1 week ago

Coreless Banking: How banks can thrive in 2023

Hans Tesselaar, Executive Director of BIAN   In recent years, banks have faced immense disruption and struggled to transform with...

Technology1 week ago

Will cyberattacks be uninsurable in 2023? Three steps that financial organisations can follow now

By James Blake, Field CISO of EMEA, Cohesity   The growing number of cyber attacks and subsequent damage has led...

Business2 weeks ago

Why Financial Services Institutions must de-risk the customer journey in 2023

By Perry Gale, VP EMEA at Cyara   From rising interest rates, to the cost-of-living crisis and the ongoing recession,...

Business2 weeks ago

Why finance needs a technological leap in fraud prevention

Brett Beranek, VP & General Manager, Security and Biometrics at Nuance Communications   Banking fraud is always a punishing experience for...

Banking2 weeks ago

How Banks Should be Future-Proofing Themselves  

By John da Gama-Rose, Head of BFS, Global Growth Markets, Cognizant  Businesses across the world are facing a combination of...

Business2 weeks ago

The Promise of AI in Financial Services in 2023

By Kevin Levitt, Global Industry Business Development, Financial Services, NVIDIA   As we enter the new year, many are left...

Banking2 weeks ago

What to expect from banking and payments in 2023

Michael Mueller, CEO, Form3   The banking industry went through a number of significant challenges in 2022. The steep increase...

Trending