BBVA API Market
Alfonso Muñoz, Senior Cybersecurity Expert & Research Lead BBVA – Innovation for Security, examined the possibilities afforded by cryptography to ensure user security and generating a single footprint for companies.
What role do APIs play in cryptography?
They play a critical role. We at BBVA are running a program known as “Chameleon”, which aims to provide cryptography as a service. We seek to offer usable cryptography via APIs.
How are you doing this?
APIs allow cryptography to be harnessed in a simple, controlled and audited fashion. For example, if you have an application that needs to encrypt and protect information, instead of having the algorithm built into the application, you can order a third party, the API, to protect your information. Said third party can protect your information via APIs.
What is the biggest cryptography threat to banks?
There are several. One is algorithms using public cloud cryptography. Banks use them in e-commerce and to sign digital documents. In long-term agreements, such as a mortgage or a contract, the information included in such documents could be forged, as technological progress opens the possibility of “resigning” using other algorithms and other mechanisms. The latter would entail quantum computing, which will be a threat in the longer term.
What are the most secure algorithms?
None stand out as the best at present. The problem is that there are a number of different proposals due to a lack of standardization. In other sectors, algorithms are usually presented to the scientific community, which evaluates the same over a number of years and a winner eventually emerges. This is what is lacking in the world of cryptography: a pool of algorithms made available that people can then subject to rigorous testing.
Will passwords become a thing of the past?
Not for the next 10 years, I don’t think. But exposure of the same will decline due to homomorphic encryption. I think passkeys and passwords will become less prevalent, which means the global system will be more secure. Thieves will increasingly only be able to steal from you at very specific moments.
How would you define homomorphic encryption?
It means the computation of encrypted data. I.e. operating with protected information without exposing said data. Without viewing the information.
How does that benefit users?
For users this means greater privacy in the cloud. They can grant third parties access to their information, a tax declaration for example, and allow them to operate using the same while not being able to view the data.
And for businesses?
The possibilities are much greater. It allows companies to outsource things that previously they could not. For banks, which cannot disclose information to third parties by law, it offers the potential to encrypt said information in order to allow an external operator to use the same without having access to the content. For banks it allows enormous flexibility to reduce costs and escalate cloud services.
What costs are involved?
Such encryption would require only a low-cost software program. The problem is that the current investment is more scientific. Work is ongoing to ensure that the algorithm is more secure and faster. The latter objective will be attained by improving mathematical processes.
You no longer need to go to a bank branch to open a bank account. APIs allow you to complete this and any other banking operations without leaving your company's own platform, with a fully integrated experience.
The real estate sector is becoming digitized by investing in technological solutions to adapt to a user looking for simple processes and transparent documentation in the purchasing processes.
Checkout financing is a digital alternative to credit cards that boasts advantages such as flexibility, creating one credit facility per customer and ensuring their future loyalty, thus improving the customer lifetime value.