Scale your database traffic with Read & Write split using MySQL Router
Open Banking via API Connect & DataPower
1. Open Banking Via IBM API Connect
API Connect & DataPower
Ozair Sheikh
Program Director
Shiu-Fun Poon
STSM
2. IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without
notice and at IBM’s sole discretion.
Information regarding potential future products is intended to outline our general product direction and it
should not be relied on in making a purchasing decision.
The information mentioned regarding potential future products is not a commitment, promise, or legal
obligation to deliver any material, code or functionality. Information about potential future products may not
be incorporated into any contract.
The development, release, and timing of any future features or functionality described for our products
remains at our sole discretion.
Performance is based on measurements and projections using standard IBM benchmarks in a controlled
environment. The actual throughput or performance that any user will experience will vary depending upon
many factors, including considerations such as the amount of multiprogramming in the user’s job stream,
the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can
be given that an individual user will achieve results similar to those stated here.
2
Please note
3. • Traditional vs Open Banking platform
• Customer Experience
• IBM API Connect support for Open Banking / PSD2
Agenda
6. Banks create new a digital channel using APIs
Branch Web
API Gateway
Payment
APIs
Customer
Authentication
Payments
Core Banking Platform
Accounts And More…
Integration
Channels
Mobile
Account
API
Bank Customer
Third PartyDigital Channel
7. Open Banking Regulation
• Open Banking is a general term used to describe
the availability of banking services as APIs
• PSD2 is European legislation that is planned for
implementation across Europe in September 2019
• PSD2 provides guidance on how customers can
provide access to their banking information to
regulated third-parties
• Open Banking Entity in UK was setup to provide
standard guidance (drive the ecosystem) for the 9
largest account providers in the UK (called CMA 9)
8. Open Banking Around the World
Canadian government launches
advisory committee on Open Banking
United States National Clearing
House is reviewing Open
Banking standards
UK start enforcing Open
Banking standards (align
with PSD2) in Jan. 2018
Australia introduced Consumer Data Right which
encourages institutions to expose their customer
data as APIs to drive new customer experiences
New Zealand government is
allow the industries to decide
on how to approach open
Banking – payment pilot led
by several major banks
European Union (EU) regulation named
Payments Service Directive (PSD2) that
requires banks to expose customer
account and payments as APIs
India has already
introduced a
Universal Payment
Interface (UPI) to
encourage payment
innovationNigeria has
introduced an Open
Banking program
Singapore has
published standards to
drive innovation within
the industry
9. PSD2 Regulation - Banking APIs
• Primary Standards
• Account Information (read)
• Payments: single, recurring, future and bulk
• Funds Confirmation
• Event Notifications
• Security Standards
• Redirect from third-party application to bank
hosted site to authentication customer using OpenID
Connect / OAuth2 flows
• Decoupled flow where customer authenticates
using another channel such as their mobile phone
10. Manage Third-Party Providers (TPP) with digital identities
• PSD2 requires that third parties identify themselves using eIDAS certificates (X509 certificate
with metadata about the third-party)
• Open Banking Directory extends PSD2 requirements to provide Third Party identity discovery
and status management (valid, revoked)
Customer
Open Banking
Authority
BankThird
Party Provider
11. Who benefits from Banks exposing their digital assets?
Fintech
• Reduces barrier to entry into financial services
market
Banks
• Creates a new digital funnel via Fintech to interact
with customers
Customer
• Access to innovative financial technology tools that
can help them manage their money better.
12. • Traditional vs Open Banking platform
• Customer Experience
• IBM API Connect support for Open Banking / PSD2
Agenda
13. What about the Customer Experience?
Traditional Bank
• Banks directly market to customers.
• Banks own the channel and have established direct trust
with the customer
Open Bank
• Banking product & services are available using an API
platform to third-party providers (TPP)
• TPP gain access to data securely, approved by the
customer.
Customer experience is challenged because the third-party
developer does not have the same trust as the bank
14. Bank have been teaching us security for banking online
Phishing attacks use electronic communication
such as embedded links that redirect users to
suspicious Web sites to obtain sensitive
information
Common attack used by hackers to obtain
passwords, credit card details so that malicious
activity can be performed undetected
Open Banking introduces an indirect channel
to customers, vastly different than the direct
model which banks have been promoting for
years.
15. Customer trust is the Key driver for Open Banking success
Banks must ensure customer data is shared
with third party developers only upon customer
consent
Third parties must adhere to GDPR “right to
be forgotten” mandates
User experience and branding is critical when
switching between a third-party and banking
sites
Banks need to understand their
responsibility if the third-party misuses the
data
16. • Traditional vs Open Banking platform
• Customer Experience
• IBM API Connect support for Open Banking / PSD2
Agenda
17. 17
IBM Thought Leadership in Open Banking
• 35+ banks and banking groups use API Connect for their
PSD2 implementations
• 4 out of the 9 UK banks that launched their Open Banking APIs
in January 2018 are using the IBM API Connect & gateway
technologies
• IBM is market leader in Open Banking implementations across
the world
18. Industry Standard Leadership with Open Banking & PSD2
Accelerates market delivery of APIs by
delivering support for OpenID Connect to
provide Single-Sign-On (SSO) and identity
validation using JSON Web Tokens (JWT)
Granularity to Revoke OAuth access token
using enhanced token management
Advanced OAuth Consent with Dynamic
scope enforcement during API Invocation
19. Open API V3 support of Berlin Group
NextGenPSD2 framework
Accelerate your PSD2 adoption with set of
Open Banking specifications for exposing
banking information securely
Manage and enforce other OAI3 APIs within
the same constructs
Open API V3 support for Open Banking / PSD2
20. Hardened Portal Security
Supports OpenID Connect for
accelerated developer on-boarding and
social login
Enable PSD2/ Open Banking
compliance to programmatically onboard
consumers using REST Management APIs
and OpenID Connect
Enhanced spam protection against
spam bots with CAPTCHA and honeypot
Detect and prevent malicious attacks
with perimeter and DNS check
21. Industry accelerators: BIAN & Open Banking
Open Banking / PSD2 / BIAN assets with
Sandbox Available Today
Accelerating adoption and ensuring
compliance
Test your APIs against the open standards
and continue to monitor them in production
https://open-banking-sandbox.developer.eu.apiconnect.ibmcloud.com
23. Notices and disclaimers
continued
23
Information concerning non-IBM products was obtained from the
suppliers of those products, their published announcements or other
publicly available sources. IBM has not tested those products about this
publication and cannot confirm the accuracy of performance,
compatibility or any other claims related to non-IBM products.
Questions on the capabilities of non-IBM products should be addressed
to the suppliers of those products. IBM does not warrant the quality of
any third-party products, or the ability of any such third-party products
to interoperate with IBM’s products. IBM expressly disclaims all
warranties, expressed or implied, including but not limited to, the
implied warranties of merchantability and fitness for a purpose.
The provision of the information contained herein is not intended to, and
does not, grant any right or license under any IBM patents, copyrights,
trademarks or other intellectual property right.
IBM, the IBM logo, ibm.com and [names of other referenced IBM
products and services used in the presentation] are trademarks of
International Business Machines Corporation, registered in many
jurisdictions worldwide. Other product and service names might
be trademarks of IBM or other companies. A current list of IBM
trademarks is available on the Web at “Copyright and trademark
information” at: www.ibm.com/legal/copytrade.shtml.