Authors: Andrew John Zeller, Artjoms Formulevics

Abstract:

Banking and financial services are rapidly transitioning from being monolithic structures focusing merely on their own financial offerings to becoming integrated players in multiple customer journeys and supply chains. Banks themselves are refocusing on being liquidity providers and underwriters in these networks, while the general concept of ‘embeddedness’ builds on the market readily available API (Application Programming Interface) architectures to flexibly deliver services to various requestors, i.e., online retailers who need finance and insurance products to better serve their customers, respectively. With this new flexibility come new requirements for enhanced cybersecurity. API structures are more decentralized and inherently prone to change. Unfortunately, this has not been comprehensively addressed in the literature. This paper tries to fill this gap by looking at security approaches and technologies relevant to API architectures found in embedded finance. After presenting the research methodology applied and introducing the major bodies of knowledge involved, the paper will discuss six dominating technology trends shaping high-level financial services architectures. Subsequently, embedded finance and the respective usage of API strategies will be described. Building on this, security considerations for APIs in financial and insurance services will be elaborated on before concluding with some ideas for possible further research.

Keywords: embedded finance, embedded banking strategy, cybersecurity, API management, data security, cybersecurity, IT management

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 163

References:

[1] Wilson, G. (2023) Embedded Finance: Unlocking the $500bn Opportunity. Available at: https://www.capgemini.com/us-en/insights/expert-perspectives/embedded-finance-unlocking-the-500bn-opportunity/. Published 07 November 2023. Accessed: 2024-05-01
[2] Future Agenda (2023) Digital Money. Available at: https://www.futureagenda.org/foresights/digital-money. Accessed: 2024-04-30.
[3] European Commission 2024, A digital ID and personal digital wallet for EU citizens, residents and businesses. Available at: https://ec.europa.eu/digital-building-blocks/sites/display/EUDIGITALIDENTITYWALLET/ EU+Digital+Identity+Wallet+Home. Accessed: 2024-04-30.
[4] Singh, A.V., Steif, J., Hyanek, B., Katzenschlaeger, A., 2023: Embedded Payments: Convenience at a cost? Viewpoint, Arthur D. Little Publications.
[5] Maus, S., 2023, Embedded finance: Disrupting the value chain for financial services. https://www.rolandberger.com/en/Insights/Publications/Embedded-finance-Disrupting-the-value-chain-for-financial-services.html Accessed 2024-01-02.
[6] Garg, A., Nunez Maxwell, M., Riba, M., Floetotto, M., and Skau, O. (2024): The state of retail banking: Profitability and Growth in the era of digital and AI banking. Available at: https://www.mckinsey.com/industries/financial-services/our-insights/the- state-of-retail-banking-profitability-and-growth-in-the-era-of-digital-and-ai Accessed 2024-11-18.
[7] Sullivan, T. (2022) What is embedded finance? 4 ways it will change fintech, Plaid, 3rd October. Available at: https://plaid.com/resources/fintech/what-is-embeddedfinance/ Accessed: 26 September 2023.
[8] Jeng, L., 2022: Open Banking. New York, USA: Oxford University Press.
[9] Wood, C., Bush, T., Anthony, A., Hinksmon, S., API Strategy for Open Banking: Insights and case studies from leading open banking experts and API strategists. Kindle Edition. Nordic APIs: 2020.
[10] Rogers, D. L., The Digital Transformation Playbook. Rethink your business for the digital age. Columbia University Press, New York, 2016.
[11] Rohan, P., Open Banking Strategy Formation. Rohan Consulting Services, Dublin, 2017.
[12] Seth, N., Winning in the Digital Age. Seven Building Blocks of Successful Digital Transformation. Penguin Random House India, Haryana, India, 2023.
[13] Sieber, S. and Guibaud, S., 2022: Embedded Finance. When Payments become an Experience. Wiley, Hoboken, New Jersey.
[14] Medjaoui, M., Wilde, E., Mitra, R., Amundsen, M., Continuous API Management. Making the right decisions in an evolving landscape. Sebastopol, CA, O’Reilly Media, 2019.
[15] Newman, S., Building Microservices. Designing fine-grained systems. Sebastopol, CA, O’Reilly Media, 2015.
[16] Atchison, L.: Architecting for Scale. High availability for your growing applications. California, USA, O’Reilly: 2016.
[17] Clements, P., Bachmann, F., Bass, L., Garlan, D., Ivers, J., Documenting Software Architectures. Views and Beyond. Addison Wesley, Upper Saddle River, NJ, 2011.
[18] Kleppmann, M. Designing Data-Intensive Applications. The Big Ideas Behind Reliable, Scalable, and Maintainable Systems. 2017, 1st edn. Sebastopol, CA: O’Reilly Media.
[19] Dotson, C., Practical Cloud Security. A Guide for Secure Design and Deployment. Sebastopol, CA, O’Reilly Media: 2019.
[20] Rice, L., Container Security. Fundamental Technology Concepts that Protect Containerized Applications. Sebastopol, CA, O’Reilly Media, 2020.
[21] Vodeno, Banking as a Service 2.0 – Why Embedded Finance will make its mark in 2023. Available at: https://vodeno.com/baas-trends-2023-and-beyond-our-latest-research/. Accessed: 2024-02-01.
[22] L’Hostis, Aurelie, Wehmeyer, Kerstin (2023) The State of Digital Banking, 2023. Available at: https://www.forrester.com/report/the-state-of-digital-banking-2023/RES179031. Accessed: 2024-05-13.
[23] Identity Theft Resource Center (ITRC) (2022): ITRC Annual Data Breach Report. Available at: https://www.idtheftcenter.org/publication/2022-data-breach-report/ (Downloaded 5 May, 2024)
[24] Deloitte (2022) Cybersecurity and the evolving threat landscape: The role of the mutual fund director. https://www2.deloitte.com/content/dam/Deloitte/us/Documents/strategy/us-advisory-mfdf-cyber-final.pdf. Accessed: 2024-04-30.
[25] Software AG, VansonBourne (2022) Annual APIs and Integration Report 2022. Available at: https://www.softwareag.com/en_corporate/resources/api/ar/apis-integration-microservices-report.html. (Downloaded 5 May 2024)
[26] Dab, S., Dobbeni, J., Malhotra, S., and Jarvis, F. (2022) How platforms are revolutionizing SMB banking. Available at: https://www.bcg.com/publications/2022/smb-banking-embedded-finance-potential. (Downloaded 5 May, 2024).
[27] NVIDIA (2024) State of AI in Financial Services: 2024 Trends. Available at: https://www.nvidia.com/en-us/industries/finance/ai-financial-services-report/ (Downloaded 5 May 2024)
[28] Hirt, J., Jackson, A., and Panday, R. (2024): The Roadmap to Open Finance in the UK. Available at: https://assets.kpmg.com/content/dam/kpmg/uk/pdf/2024/04/the-roadmap-to-open-finance-in-the-uk.pdf. Accessed: 2024-11-18.
[29] Drysdale, B. (2022): Guide to Open Banking and Embedded Finance. https://konghq.com/blog/enterprise/guide-to-open-banking-and-embedded-finance. Accessed 2024-01-05.
[30] Brankas & Whitesight: Banking-as-a-Service. Rearchitecting Financial Services Landscape. Available at: https://whitesight.net/wp-content/uploads/2024/09/WS-Brankas_BaaS-Report_Teaser.pdf. Accessed: 2024-11-18.
[31] SWIFT (2023) Messaging and standards. Available at: https://www.swift.com/about-us/discover-swift/messaging-and-standards. Accessed: 2024-04-30.
[32] Reserve Bank of Australia (2023) Payments System. Available at: https://www.rba.gov.au/payments-and-infrastructure/payments-system.html. Accessed: 2024-4-30.
[33] NatWest Group, 2022, NatWest and Vodeno create strategic partnership. https://www.natwestgroup.com/news-and-insights/news-room/press-releases/our-updates/2022/oct/natwest-and-vodeno-create-strategic-partnership.html. Accessed: 2024-01-02.
[34] Marks & Spencer (2023) Bank and Services. Available at: https://corporate.marksandspencer.com/about-us/our-businesses/bank-and-services. Accessed: 2024-04-30.
[35] JP Morgan Chase & Co. (2023) Strategic Investments. Available at: https://www.jpmorgan.com/technology/strategic-investments. Accessed: 2024-04-30.
[36] JP Morgan Chase & Co. (2023) This $12 Billion Tech Investment Could Disrupt Banking. Available at: https://www.jpmorganchase.com/news-stories/tech-investment-could-disrupt-banking. Accessed: 2024-04-30.
[37] RiskOptics (2022) What Are the Top Operational Risks for Banks? 10 June 2022. https://reciprocity.com/resources/what-are-the-top-operational-risks-for-banks/ Accessed: 2024-04-30.
[38] Zeller, A.J., Pouatcha, F. Adding security blocks to the DevOps lifecycle. World Academy of Science, Engineering and Technology International Journal of Computer and Information Engineering Vol:17, No:11, 2023.
[39] NIST National Institute of Standards and Technology, NIST Special Publication 800-115. 2021, Available at https://www.nist.gov/privacy-framework/nist-sp-800-115 (Downloaded 30 April 2024).
[40] Amazon Web Services 2024: Security in Amazon API Gateway. Available at: https://docs.aws.amazon.com/apigateway/latest/developerguide/security.html Accessed: 2024-3-26.
[41] Amazon Web Services 2024: What is CORS? Available at: https://aws.amazon.com/what-is/cross-origin-resource-sharing/. Accessed: 2024-03-22.
[42] Yu, E. (2023) Human coding error identified as cause of digital bank service outage, ZDNET. https://www.zdnet.com/article/human-coding-error-identified-as-cause-of-digital-bank-service-outage/ Accessed: 2024-04-30.
[43] European Union Agency for Cybersecurity, ENISA Threat Landscape. 2021. Available at: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2021 (Downloaded 30 April 2024).
[44] Richer J., A. Sanso, OAuth 2 in Action. 2017, 1st edn. Shelter Island, NY: Manning.
[45] South Africa Government, Protection of Personal Information Act. Available at: https://popia.co.za/ (Downloaded: 30 April 2024).
[46] Deloitte (2023) Open Banking around the world. Available at: https://www2.deloitte.com/tw/en/pages/financial-services/articles/open-banking-around-the-world.html. Accessed: 2024-04-30.
[47] News Direct (2023) Who Accepts Bitcoin as Payment? 10 Best Online Stores & Companies That Accept Cryptocurrency. https://finance.yahoo.com/news/accepts-bitcoin-payment-10-best-182906936.html. Accessed: 2024-04-30.