BBVA API Market
Alfonso Muñoz, Senior Cybersecurity Expert & Research Lead BBVA – Innovation for Security, examined the possibilities afforded by cryptography to ensure user security and generating a single footprint for companies.
What role do APIs play in cryptography?
They play a critical role. We at BBVA are running a program known as “Chameleon”, which aims to provide cryptography as a service. We seek to offer usable cryptography via APIs.
How are you doing this?
APIs allow cryptography to be harnessed in a simple, controlled and audited fashion. For example, if you have an application that needs to encrypt and protect information, instead of having the algorithm built into the application, you can order a third party, the API, to protect your information. Said third party can protect your information via APIs.
What is the biggest cryptography threat to banks?
There are several. One is algorithms using public cloud cryptography. Banks use them in e-commerce and to sign digital documents. In long-term agreements, such as a mortgage or a contract, the information included in such documents could be forged, as technological progress opens the possibility of “resigning” using other algorithms and other mechanisms. The latter would entail quantum computing, which will be a threat in the longer term.
What are the most secure algorithms?
None stand out as the best at present. The problem is that there are a number of different proposals due to a lack of standardization. In other sectors, algorithms are usually presented to the scientific community, which evaluates the same over a number of years and a winner eventually emerges. This is what is lacking in the world of cryptography: a pool of algorithms made available that people can then subject to rigorous testing.
Will passwords become a thing of the past?
Not for the next 10 years, I don’t think. But exposure of the same will decline due to homomorphic encryption. I think passkeys and passwords will become less prevalent, which means the global system will be more secure. Thieves will increasingly only be able to steal from you at very specific moments.
How would you define homomorphic encryption?
It means the computation of encrypted data. I.e. operating with protected information without exposing said data. Without viewing the information.
How does that benefit users?
For users this means greater privacy in the cloud. They can grant third parties access to their information, a tax declaration for example, and allow them to operate using the same while not being able to view the data.
And for businesses?
The possibilities are much greater. It allows companies to outsource things that previously they could not. For banks, which cannot disclose information to third parties by law, it offers the potential to encrypt said information in order to allow an external operator to use the same without having access to the content. For banks it allows enormous flexibility to reduce costs and escalate cloud services.
What costs are involved?
Such encryption would require only a low-cost software program. The problem is that the current investment is more scientific. Work is ongoing to ensure that the algorithm is more secure and faster. The latter objective will be attained by improving mathematical processes.
APIs allow companies to offer their own e-wallets, building a new user experience that drives and contributes to customer loyalty.
PRETA is one of the leading bodies in the European Union in terms of intra-Community payments and financial transactions. Following the implementation of PSD2, the body has focused its efforts on ensuring compliance by providing a number of services and documentation that suppliers need.
Open banking simplifies the request for information about loans and mortgages and facilitates the buying process for the user, which can be carried out in the actual search process.