Top 10
TIME TO TAKE A SECURITY-FIRST APPROACH TO APIS IN INSURTECH
Published
3 years agoon
By
admin
By Olaf van Gorp, Perforce Software
Insurance is one of the latest sectors to start to benefit from advancements in digitalization. A big part of insurance’s digital transformation is the increasing use of APIs, bits of software that connect different services and apps — whether internally or externally — to connect in a friction-free way. Part of the whole open finance movement, APIs remove the need for complex and costly integrations between disparate systems and networks.
Insurers and associated third parties benefit from being able to share data more easily, processes happen faster, workload and unnecessary costs are reduced, and customers get faster response. It’s an all-round win.
However, while one of the reasons for using APIs is that they provide a controlled route to share confidential and sensitive data, APIs can also potentially introduce risk. If an API contains a vulnerability, then that can lead to problems, including cyberattacks and data breaches. Furthermore, once an API is published, there is usually little or no time to remedy the situation.
To understand how easily these weaknesses can be introduced, let’s look at how APIs are created. First, development has always been the point at which vulnerabilities are inadvertently introduced, potentially leading to issues further down the line, including performance and security problems. Second, development teams have traditionally worked siloed from the rest of the business (even from their colleagues in the IT operations team), with little visibility into their work. Plus, traditionally, security has not been their focus: that was something for the QA or test manager to worry about later.

Olaf van Gorp
That culture is changing, particularly with the DevOps movement, whereby the barriers between development and operations teams is broken down, and they work in a more collaborative way. However, with the understandable emphasis on getting an API published as soon as possible, security often still takes a backseat.
Finally, APIs are being created by a much wider group of people (including external agencies), not just software developers. That is good and bad: it makes it easier to keep up with the demand for APIs, but the new breed of API creators may not be trained software engineers, and arguably even more likely to introduce vulnerabilities.
So, what is the solution to this dilemma? APIs are an integral part of the entire financial sector’s future, but they have to be secure. Fortunately, there are some ways in which their security can be improved.
Four ways to improve API security
ONE – create a security-first mindset – get everyone on board on putting security in the spotlight, rather than an afterthought. Bake security into development processes and throughout the API’s entire lifecycle. Make sure everyone understands their roles around risk mitigation, including external contributors. Consider investing in security training for anyone responsible for API development.
TWO – go the extra mile – some compliance and standards already address API security. For instance, in Europe, the banking sector’s PSD2 requires security measures at the API level. In insurance, the NAIC Registry in the USA is putting more emphasis on API security and overall management, with automated filing of standard reporting documentation from insurance providers to meet state-level compliance. We are likely to see more API security requirements worldwide and within all aspects of finance, including insurance. However, open finance standards have a specific scope, and there are other security measures that can be adopted to further reduce risk. A good source is the OWASP API Security Top 10, which covers the most common API vulnerabilities and ways to prevent them.
THREE – put the brakes in place – comprehensive security processes need to cover all deployment and approval processes, people and teams. They should cover: authentication, authorisation, malicious pattern detection, message content security, and rate limiting. An API should also not be published without time-stamped approval from an authorised person, and this is typically a combined manual and automated process, involving the software development’s Continuous Delivery/Continuous Integration pipeline. Finally, make sure that there is a clear audit trail, so that if a problem occurs in the future, it can be traced back to root cause.
FOUR – reduce human intervention – automate security policies as much as possible, because this will not only reduce the risk of manual error, it will also help prevent security becoming a bottleneck. Introducing an API gateway will help achieve this, as well as making it harder for people to switch off security policies at will. Make sure that the chosen API gateway can operate with external contributors, as well as support all the main types of API, and deal with high volume. People still make the final decisions, but automation is the workhorse.
Take away security from developers
This may sound counter-intuitive to what is happening in other parts of software development (especially the Shift Left movement whereby software developers are taken on more responsibility for testing), but take away security from developers. Instead, leave API product managers, security specialists and other people to keep watch on API security. Use software tools to continually inspect code so that any issues are found early. Again, this can be a largely automated process, with humans then taking action depending on the results.
APIs are transforming financial services of all kinds, opening up faster and more efficient ways to communicate. By making security a priority across an API’s lifecycle, this will make it easier to reap the rewards of APIs, to reduce costs, speed up processes, and keep customers satisfied.
You may like
Banking
Emerging technology will power long-term sustainability within the UK banking industry
Published
1 day agoon
September 26, 2023By
admin
By Peter-Jan Van De Venn, VP Global Digital Banking at Hexaware Mobiquity.
Sustainability has been a big focus for the banking industry in recent years, with the issue becoming increasingly important for consumers. It’s no wonder that sustainability has become baked into the purposes of almost every bank, from Natwest to HSBC.
However, the economic uncertainty of the last year has led to many banks putting it on the back burner. Challenging market conditions have forced financial institutions to change their priorities to concentrate on protecting the bottom line. Our research found there’s been a significant drop in the number of UK banks saying that sustainability remains a key business strategy. 12 months ago it was a major priority for 100 per cent of banks, but now that number has shrunk to 60 percent.
Whilst it’s understandable that banks are feeling the pressure at the moment, there’s a risk that they will miss out if they hit the pause button. From cost savings brought by innovative digital products and services, to improved brand reputation and increased profitability, there are a lot of longer-term benefits they could be failing to unlock. So how can they keep moving forward?
Losing momentum
Emerging technology holds the key to their success, with the power to disrupt current behaviours and promote a more sustainable culture. Banks are already aware of this, with 76 percent using digital transformation to drive sustainability, but a lack of leadership has made it difficult to build momentum in the last 12 months. Currently just over half (54 percent) of banks have tasked an executive at board level with overseeing sustainability – way down from 83% just 12 months ago.
This lack of board authority means banks are struggling to engage the entire organisation to move ahead with sustainable initiatives. As a result, almost two-thirds of banks are seeing progress slow, admitting they are not actively taking steps to foster more sustainable behaviours throughout the organisation. Those that have taken their foot off the gas need to find a way to move forward again.
No time for standing still
Banks know that technology can drive sustainable behaviour. For instance, many of them are already encouraging their workforce to work remotely, as a way of reducing travel. This has two benefits – not only does it cut the costs of running physical offices at full capacity, but also reduces the bank’s carbon footprint. There has never been a better time to invest in technology to drive more sustainable behaviours.
New digital products and services can also extend the benefits beyond employees to encompass the wider customer base. A fair number of banks are already investing to make this happen. More than a third (35 percent) of banking organisations are using Machine Learning (ML), Artificial Intelligence (AI), cloud and analytics to make digital services more easily accessible. Investment in these technologies will be critical as the number of physical bank branches continues to decrease, with figures from Which? showing this is taking place at a rate of 54 branch closures each month.
Hitting environmental and social responsibility goals
Emerging technologies can also help banks keep pace with tightening ESG rules and regulations. Banks are faced with demands for increasingly granular reporting and transparency on ESG – demanding a new approach. In line, 41% of them are developing data visualisation tools to improve stakeholder engagement and understanding of ESG risks and opportunities, while 37% are using machine learning and artificial intelligence to identify and track ESG risks and opportunities across a wide range of data sources.
More than one in three are also using the blockchain to improve transparency and traceability in supply chains, and implementing digital tools and platforms to collect, analyse, and report ESG data and metrics in a standardised and consistent manner. All these applications of emerging technology will put banks on track to address global environmental challenges and unlock a greener future.
Long-term sustainability
As the economic pressures hopefully start to subside, increasing numbers of banks will start investigating how they can use emerging technologies to provide engaging experiences and value-added services for customers, to drive greater revenue and efficiencies.
Whilst banks are right to focus on their revenue under difficult trading conditions, it’s important they don’t miss out on the long-term benefits that sustainability can bring. To capitalise on this, banks must keep pushing the boundaries and invest in emerging innovations to drive more sustainable banking behaviours, benefiting the planet and driving great digital experiences for customers.
Banking
The Future of Banking: Streamlined Cash Management for ATMs
Published
2 days agoon
September 26, 2023By
admin
Gaetano Ziri, Innovation Manager, Auriga
“Maintaining free access to cash for the community demands robust strategies to mitigate the escalating costs incurred by banks and ATM operators in handling cash. A pivotal step in this direction is modernising cash management systems to foster efficiency and reduce operational costs.
Back in 2018, a report by McKinsey underscored the urgent need to overhaul the largely manual and disjointed systems relied upon by nearly half the banks worldwide for forecasting cash requirements at branches and ATMs. Despite the decrease in cash usage noted by the European Central Bank, the cost of managing cash has not abated, primarily due to surging labour costs.
To reconcile the demand for free access to cash with the requisite cost reductions, banks are increasingly turning towards tech-driven solutions in cash management that elevate service levels while driving down expenses.
The Complex Landscape of ATM Network Management
Operating a vast ATM network can be a double-edged sword for banks, simultaneously offering customer convenience and engendering considerable challenges, including substantial cash handling, management, transit and security costs. Each ATM embodies a multifaceted operation involving numerous cash transfer operatives, necessitating a coordinated strategy to forestall costly inefficiencies.
The remedy is a holistic, data-centric approach to streamline the management of intricate ATM networks and counter the escalating costs associated with cash access. The merits of such an approach, grounded in continuous data collection and analysis across ATM networks, encompass:
- Strategic Planning: Leveraging real-time data to craft bespoke strategies for individual branches or regions, assuring optimal cash flow management and averting superfluous cash loading orders.
- Operational Transparency: Facilitating stakeholders with instantaneous access to accounting and operational data relating to cash supply chains, thereby enabling timely interventions and adaptations.
- Enhanced Customer Experience: Minimising ATM downtimes to guarantee uninterrupted cash access to customers, enhancing their banking experience.
Innovations in Cash Management: A Closer Look
So, how does this revolutionary cash management technology function? The answer lies in a series of sophisticated features that employ cutting-edge predictive analytics, automation, and data-driven decision-making:
- Predictive Analysis: Forward-thinking solutions predict cash necessities of distinct units, offering precise demand and cash flow projections by considering variables such as seasonal fluctuations, holidays, and daily usage trends.
- Automation and Monitoring: Swapping manual processes or basic mathematical functions with modern software solutions for cash management ushers in real-time monitoring and efficient intervention planning, which can potentially diminish order management costs by a significant margin, whilst improving precision and operational fluidity.
- Optimised Cash Transit Management: Utilising predictive analytics to strategically plan cash restocks, thereby reducing the likelihood of ATMs depleting their cash reserves and improving customer satisfaction.
- Data-Driven Decision Making: Availing a comprehensive dashboard to generate timely reports and monitor critical metrics facilitates strategic decision-making grounded in accurate data, substantially reducing residual cash stock in ATMs.
As the financial landscape evolves, banks and financial institutions are impelled to adapt and innovate. Traditional cash management approaches are increasingly becoming outdated, paving the way for modern, data-driven solutions. These not only embody a commitment to technological advancement but also signify a strategic movement towards future readiness.
Embracing such technologies promises streamlined operations, substantial cost reductions, and a superior customer experience, setting a new standard in ATM network management.”
Magazine
Trending


In-platform solutions are only a short-term enhancement, but bespoke AI is the future
By Damien Bennett, Global Director, Principal Consultant, Incubeta If you haven’t heard anyone talking about artificial intelligence (AI) yet,...
Exploring the Transformative Potential and Ethical Challenges of AI in Wealth Management
Nuno Godinho, Group CEO of Industrial Thought Group In recent years, the advent of AI has sparked both excitement...


Are SaaS platforms challenging banks for a piece of the payments pie?
Attributed to: Ralph Dangelmaier, Global CEO of BlueSnap The finance industry is at a tipping point with software firms...


Emerging technology will power long-term sustainability within the UK banking industry
By Peter-Jan Van De Venn, VP Global Digital Banking at Hexaware Mobiquity. Sustainability has been a big focus for...


Is your business suffering with Fintech FOMO?
Tom Kiddle, Chief Commercial Officer at Equals Money It’s a challenging time for businesses of all sizes, but the past three...


The Future of Banking: Streamlined Cash Management for ATMs
Gaetano Ziri, Innovation Manager, Auriga “Maintaining free access to cash for the community demands robust strategies to mitigate the...


Can AI revolutionise wealth management?
~ The benefits of AI when collecting and analysing financial data ~ Global fintech company Finder reported that around...


Where is the value in generative AI for financial services?
Michael Conway, Executive Partner, Data, AI and Technology Transformation Service Line Leader at IBM Consulting The New York Times...


Connecting the security dots with cyber fusion
Anuj Goel, Co-founder and CEO at Cyware Against the backdrop of Russian-based hacktivists declaring war on Europe’s financial systems, the...


Exploring the symbiotic advantages of SoftPoS for merchants and consumers
By: Brad Hyett, CEO at phos by Ingenico Amid the dynamic shifts that have come to define today’s fintech...


Investing In Bitcoin: What You Need To Understand Before You Buy
Bitcoin—the digital currency that launched a financial revolution—is more than a trending investment. This decentralized currency, free from traditional banking...
How the LEI Can Help Financial Institutions ‘Address’ a Growing Challenge in ISO 20022
The vast complexity and inconsistency of address formats globally presents significant challenges for financial institutions. In this blog, GLEIF’s Head...


Building towards an inclusive financial future
By Catharina Eklof, CCO of IDEX Biometrics From the visually impaired to displaced migrants, the unbanked, and people living...


Euro deep tech M&A deal value expected to reach $20bn+ in the next 15 months
Written by Oliver Warren, Associate at DAI Magister Investment in European deep tech has mirrored the broader decline in...


Why ESG Investing Is Becoming More Important
Author: Urtė Karklienė, Sustainability Manager at Oxylabs Environmental, social, and governance (ESG) term was first mentioned in a 2004...


Preparing banks for digital transformation
By Joman Kwong, Strategic Solutions Manager, Financial Services at Laserfiche Today, digital transformation is imperative for every industry. After...


The critical tech to deliver personalised digital financial experiences
Jay Sanderson, Senior Product Marketing Manager, Digital Experience at Progress Providing customers with outstanding digital experiences is now a must...


Bank-fintech partnerships can shape the future of cross-border payments
Steve Naudé, Head of Wise Platform People and businesses are more interconnected than ever. In today’s global economy, international...


DORA Compliance in Financial Organisations: What You Need to Know
Nick Hogg, Director of Security Training, Fortra The regulatory landscape is tightening for European banking, financial, and insurance institutions....


How sound investment research can revive the City of London
Author: Neil Shah, Director at Edison Group A few months ago, leading portfolio manager Nick Train described the modern...

In-platform solutions are only a short-term enhancement, but bespoke AI is the future
Exploring the Transformative Potential and Ethical Challenges of AI in Wealth Management

Are SaaS platforms challenging banks for a piece of the payments pie?

Emerging technology will power long-term sustainability within the UK banking industry

Is your business suffering with Fintech FOMO?

The Future of Banking: Streamlined Cash Management for ATMs

PCI DSS v.4.0 Latest Updates That You Need to Know

RBI’s MASTER DIRECTION ON DIGITAL PAYMENTS SECURITY CONTROLS

EMV® 3-D SECURE: ENABLING STRONG CUSTOMER AUTHENTICATION

HOW TO SIMPLIFY IDENTIFICATION IN THE GLOBAL DIGITAL ECONOMY WITH THE LEI

EXEGER – CHANGING THE PERCEPTION OF POWER

FUTURE FX PROMO
Trending
-
News4 days ago
How the LEI Can Help Financial Institutions ‘Address’ a Growing Challenge in ISO 20022
-
Finance2 days ago
Investing In Bitcoin: What You Need To Understand Before You Buy
-
Banking1 day ago
Emerging technology will power long-term sustainability within the UK banking industry
-
Business1 day ago
Exploring the Transformative Potential and Ethical Challenges of AI in Wealth Management