Banks worldwide are undergoing digital transformations to provide the latest and most advanced services and technologies to their customers, such as remote loan applications, video tellers and biometric-enabled ATMs.
These tools are not developed in a vacuum, however. They require cooperation from FinTechs and other third-party developers to become a reality.
This teamwork is often only possible through advanced programming interfaces (APIs), which allow interactions between disparate programs. They enable software developed by FinTechs and outside organizations to interact seamlessly with bank systems and access the data they need to function. A personal budgeting app might harness a financial institution’s (FI) API to access a user’s accounts, for example, enabling him to plan his budget while viewing his accounts directly on the app, rather than switching between it and his bank’s website.
APIs come with both benefits and challenges, however, and their usage rate is not evenly spread throughout the world’s banking markets. The following Deep Dive examines how APIs drive banks’ digital innovations, the difficulties FIs face in implementing them, and why the U.S. is behind the EU in API development and implementation.
Benefits of APIs
The ability to accelerate payments between banks, FinTechs, businesses and individuals is one of the largest benefits APIs can offer digital-first FIs. Such solutions can make once-time-consuming processes take no more than a few milliseconds if payment providers use banks’ APIs to handle authentication, authorization or other security and compliance measures. Doing so eliminates the time required for providers to perform these processes themselves.
Improved security is another API benefit. Budgeting apps rely on bank data to function and often require customers to enter their bank login credentials to use them, for example. They then log into the users’ bank accounts and access the data necessary to display their current financial statuses through a practice known as screen scraping. Screen scraping requires login details to be unencrypted for third parties to access them, but that lack of encryption also presents a massive security risk: Hackers can easily intercept these payment details as they are transferred between banks and apps, then use them to gain access to sensitive information, like account numbers and passwords.
APIs make this data access much more seamless by enabling customers to allow apps and banks to interface with each other directly and close off potential entry points for fraudsters. They also allow protections for how passwords are stored, such as only at banks without being shared with third-party apps — a priority for customers who wish to limit the number of companies with which they share their data. Seventy-nine percent of consumers report being concerned about how companies are using their personal data, making safeguarding this data key to ensuring customer trust.
Banks can also leverage APIs to create more holistic views of their financial needs and lifestyles by gathering data third-party apps access via banks’ APIs. Data collected from personal budgeting apps might tell a bank about its customers’ money-saving priorities, for example. These profiles then allow FIs to forecast the products and services customers will likely use and pitch such opportunities to them. These targeted efforts can pay off, too, with banks that invest in personalization seeing revenue increases of up to 30 percent.
This can result in huge windfalls for FIs that take advantage, with some studies estimating those that leverage APIs can see increases in revenue of up to 20 percent more than those that do not. Customers are largely receptive of using APIs for greater data sharing as well, with 61 percent of consumers willing to provide open access to their data if it helps them use mobile apps for banking.
API Deployment Hinderances
Developing APIs is no easy feat, however, and several factors limit the process in the banking industry. The most commonly cited issue is that cumbersome legacy software does not allow for API implementation, and replacing it is often expensive. Compounding this problem is bank executives’ reluctance to adapt their businesses to API-focused models — an understandable hesitation as FIs have only begun embracing data sharing over the past few years. One survey of bank executives found that just 35 percent were embracing APIs in their banking operations.
A lack of universally accepted standards for API development and deployment is also causing integration issues. Five banks could have five separate API models that are incompatible with each other, forcing FinTechs that wish to work with them to develop unique back-end architecture for each. This lack of standardization undermines the point of APIs, which is to provide seamless compatibility. One 2019 report even found that 58 percent of API developers and consumers view standardization as the biggest challenge facing API implementation, up from 25 percent in 2016.
World governments are taking steps to remedy this problem, though. The U.K. has developed the Open Banking Implementation Entity (OBIE), which sets regulations for API security, messaging and dispute management processing, ensuring that every API in the country follows the same standards. OBIE reported that 204 third-party developers have accessed bank APIs since the open banking push began in 2018, with 200 million data transfers conducted via such solutions each month. The EU’s PSD2 has not yet developed a single standard, but it is encouraging banks to develop best API management practices so they can eventually come to terms on continent-wide protocols.
The U.S. is lagging, however, as no government authority is mandating open banking or API usage at all — let alone a single standard for them. U.S. FIs are proceeding nonetheless, with 77 percent saying they invested in open banking initiatives last year. That number could grow with a single nationwide standard, however, and such regulations would mean even more FIs, FinTechs and customers could benefit from APIs’ improved security, seamlessness and speed.