Secure with Security – API Security in the Context of Open Finance

Since its foundation, the Swiss professional association SFTI has continuously addressed the most diverse aspects of Open Finance. This commitment ranges from cross-industry networking and the joint development of strategy-relevant basic papers to the coordination of cross-company implementation initiatives. With the white paper on API security published today, another central topic is now being addressed.

Following the launch of the Open Banking UK scheme in the UK and the introduction of the PSD2 payments directive in the EU, Open Finance has also increasingly come to the public’s attention in Switzerland. In addition to innovative banking services and answers to the corresponding legal and regulatory questions, the technical aspects of the API interfaces and the associated data security and data protection are critical factors for the success of Open Finance. For this reason, SFTI’s Common API working group has now published a white paper on API security.

In the course of the Open Finance discussions of the last few years, the view is beginning to prevail that bank customers should have largely unrestricted access to “their” data. This leads to technical challenges, especially in terms of data security and data protection. The SFTI whitepaper on API security is intended to address this development and to provide a basis for understanding the new normal.

The whitepaper is based on an overview of the different characteristics of individual interest groups, namely end customers, financial institutions and third parties, including their respective expectations. Against this background, the different aspects of API security are elaborated. Examples of solutions already in use internationally will be presented, followed by use cases for both technical and banking scenarios. The topic of legal & compliance is also touched upon, and an overview of fundamental standards rounds off this white paper. The resulting white paper is another piece in the mosaic on the market-driven path to Open Finance.

Whitepaper_API Security (pdf)