BBVA API Market
Let’s not be naive: banking has arrived at its digital transformation almost out of obligation. It’s not a phenomenon exclusive to financial organizations. The Internet has changed the world and the old structures transform themselves slowly, usually accompanied by a great deal of bureaucracy and slow processes. This has happened with the media or the automobile industry, for example. Today, almost all banks believe that the future lies in being a platform as a service (PaaS), the more open the better. There is no other way to compete with fintech companies.
In the origin of this transformation, first to bring it about and then to guide it, application development interfaces have become one of the keys of the process. Traditional banking made money by looking after and managing the wealth of their customers. Today, financial institutions can make more money by offering access to large volumes of data and services to third parties which in turn offer other services to their customers. APIs are the main entrance to this business as an open, hybrid or paying PaaS.
It’s not only a matter that affects the way of doing business, it’s also a change in the methods with which the teams work, interact and focus their activity with respect to the bank and its customers. In this aspect, Agile methodologies play a key role through the process of innovation and internal transformation of banks to arrive at optimized and open development and operational models that improve customer experience. The chart below, which is included in the ‘Going Digital: The Banking Transformation Road Map’ report by the consultancy firm AT Kearney, explains the banking change process. Obviously, APIs have a special place in the creation of the new value proposition for the customer and the refounding of the current financial model.
The arrival of the new regulation PSD2 (Revised Directive on Payment Services) completely changes the financial scenario in the European Union. This framework requires that banks provide mandatory access to both data and payment services by third parties. Each regulated bank in any of the Member States of the European Union must join this regulation by January 2018. And this requires some changes, but also offers a field awash with opportunities for doing business.
PSD2 leads to banking offering two types of services: on the one hand, payment initiation services (PIS), and on the other account information services (AIS). In both cases, customer authorization and, obviously, prior authentication is required. Both individuals and companies. This will provide access to two service providers outside banking: payment initiation service providers (PISPs) and account information service providers (AISPs).
With PSD2, the EU aims to unify the payments market in Europe and open control of this environment to new players, not only banking institutions, but fintech companies. For this it is essential to create open standards for financial service APIs, where the sector’s developers can launch platforms that meet customer needs.
We have already talked in more than one occasion in BBVAOpen4U of security standards, currently based on OAuth2, a protocol that lays the foundations for the authentication processes in the creation of access tokens. An on the other hand we have XS2A (Payment Initiation and Account Information Services), which established how the banks can and should provide access to the accounts of their customers to third parties. The security standards in this process will depend on the regulation technical standards (RTS), supported by bombproof customer authentication. They will be determined by the European Banking Authority (EBA).
With the transformation of the old commercial banking into the new banking of the digital age and the arrival of the European regulation PSD2, financial institutions will have to do an introspection exercise and decide in what commercial areas they want to compete with the new players in the financial scenario. The regulation places them in their natural position as payment account service providers (PSP), but they can also play a role as PISPs and AISPs. In this scenario, their revenue increases thanks to data and APIs.
There are some banking institutions that are exploring all the possibilities:
– Open platform of Capital One. A portal as prestigious as Programmable Web, known for its API directory, termed this project in March 2016 as “the first really open banking platform in the U.S.”. Capital One now has three application development interfaces on its open platform for developers. A project called SwiftID, a two-factor web-based security and authentication system with all the required functionality related to the name and password of each user; Rewards, an API that enables the user account balance to be looked up, as well as any product related to that relationship, for example, reward points, or help users achieve saving goals or make shopping decisions; and Credit Offers, an API that displays a customized offering of financial products, specifically credit cards.
– BBVA API Market: The Spanish banking institution now has several APIs linked to transfers, accounts and cards, but also to identification and authentication processes or bank payment data. This is based on BBVA Connect, an API that provides a secure connection with the application development interfaces of third-party customers (access to fintech company data) and which is based on an OAuth protocol.
Banks have accelerated their digital transformation as a result of the COVID-19 pandemic. In this new ecosystem, open banking and integrated finance are booming, facilitating banking operations and improving the customer experience.
PRETA is one of the leading bodies in the European Union in terms of intra-Community payments and financial transactions. Following the implementation of PSD2, the body has focused its efforts on ensuring compliance by providing a number of services and documentation that suppliers need.
Open banking simplifies the request for information about loans and mortgages and facilitates the buying process for the user, which can be carried out in the actual search process.