BBVA API Market
With the increasingly sophisticated nature of cybercrime, hacking, and financial fraud, this may be the most important set of issues facing the financial services industry today. San Francisco, at the gateway to the Silicon Valley, was a fitting venue for an expert panel at BBVA’s recent Fintech University. The discussion centered on new strategies to verify identity and keep customer accounts safe.
The panel featured Filip Verley, Sr. Advisor of One World Identity; Johnny Ayers, co-founder of Socure; Ron Atzmon, Managing Director of AU10TIX Limited; and Shamir Karkal, BBVA’s own Head of Open APIs.
The digital age has always presented challenges for authentication. It was so much easier when people’s identities could be verified face-to-face at a bank branch. User names, passwords, and security questions have been among the most common ways institutions try to determine who is at the keyboard. These traditional approaches are quickly becoming outdated, and less secure.
A combination of new tactics and new technology is required to provide protection. At the first layer is a need for more robust authentication. How can banks verify the identity of an accountholder? At the second layer, security measures must protect those accounts from unauthorized access.
The panelists stressed the importance for both banks and fintech companies to verify user information across multiple channels. The contact center, IVR, branch, mobile app, and website should share a single, comprehensive, view of the customer. For banks with legacy IT systems, this is difficult– and it can create vulnerabilities.
Fintech companies are pioneering new approaches to verifying and managing identity. In some cases, the new technology is for sale to banks and other FIs. In other instances, the fintech company simply makes their own product more secure. And in a growing number of cases, authentication is being provided via banking APIs.
In strengthening authentication, one avenue being explored is behavioral biometrics. A good example is the precise tracking of user typing patterns. By looking at factors like typing speed and rhythm, data can be captured for each online or mobile session. This behavioral data pattern becomes one element of a very complex algorithm.
Physiological biometrics use everything from the shape of a person’s face or hands, to retina scans, to voice verification, in order to identify the person. The panel of experts in San Francisco mentioned cool new technology that uses photo selfies to enable a customer to login.
Another set of elements contributing to a robust identity profile might include the attributes of trusted devices (like a unique identifier from a commonly used smartphone), sign-in habits, and the geographic location or time of day that certain devices are used.
And interestingly, social media is even being used to verify identities. For example, are all of a user’s Facebook friends based in another country? Were all of their jobs on LinkedIn held in another country?
As the Fintech University panelists noted, partnerships between fintech innovators and banks are growing. Banks have the depth of experience, security protocols, and nuanced knowledge that would be daunting for a new company to acquire on their own. Using a bank’s APIs is a way that fintech companies can improve security and minimize risk, quickly and cost effectively.
Demographics can be an important starting point when considering how to proceed with managing identity. For example, a service that is targeted to millennials might be a good candidate for making use of social media data.
Key takeaways
The days of the password are numbered. New tech and novel strategies will help us to better safeguard our identities and our accounts.
This article is one in a series from BBVA about the latest in Fintech and banking.
You can read more here
Open finance is expected to be regulated over the next few years, leading to a new open data ecosystem Open finance is making its way into the legal system through the consolidation of several initiatives that will lend it legal protection. Once this is complete, customers will have an open finance framework that protects their data […]
QR code payment is an alternative form of mobile payment that requires no card chip or NFC technology: just a camera and an internet connection Payments with a QR code are increasingly popular among younger consumers and tourists, as well as one of the most demanded forms of payment, especially by Chinese visitors to Spain. […]
ST APIs are an example of an API development architecture increasingly used within companies, partly due to the separation between client and server, the process scalability and reliability, and the low number of resources required by the system. What is a REST API and what architecture examples are available to companies? What can an API […]
