Application programming interfaces (APIs) continue to pose significant security risks to all businesses. High-profile security breaches are happening constantly, and nearly all of them trace back to an API as the point of entry.

According to The API Security Disconnect 2023, 78% of cybersecurity professionals say they have experienced an API security incident in the last 12 months.

Twitter (now X) fell victim to an API breach in 2021 that exposed the private information of 5.4 million of its users. The following year, Dropbox experienced a breach as the result of a phishing scam, in which hackers gained access to its GitHub internal code repositories, as well as customer and employee information.

Countless other examples of API-enabled data breaches and cyberattacks just like these exist. These types of incidents will continue to dominate headlines and create financial and reputational damage for organizations until they sufficiently address API security. Organizations are accumulating financial assets with more sensitive information by the day, and robust API security plays a critical function in keeping it safe.

Thankfully, companies have taken notice, and API security is more of a priority than it was a year ago for many security professionals and IT decision-makers. Many view API security as a key business enabler.

This recognition and heightened awareness come at an opportune time. API security incidents are increasing year-over-year across many key industries, including healthcare, financial services, retail and ecommerce, and the government and public sector. This raises the question: What are the effects of this rise in API-related security incidents? The report found that it is causing problems like customer churn, loss of productivity, and incurred fees.

Let’s explore what makes securing APIs challenging, as well as tips and strategies any business can implement to better protect its banking data.

API Security: An ongoing Challenge

It’s no secret that modern enterprises heavily rely on APIs; they’ve become indispensable. In fact, API traffic now represents more than 80% of the current internet traffic. APIs serve as intermediaries, facilitating interactions between software components, whether within the same application, on the same device, or over a network. Unfortunately, APIs also act as both  gateways and getaway cars for hackers aiming to steal private information, including critical corporate data.

Safeguarding APIs is challenging due to their pervasiveness. Data from 451 Research revealed that companies have an average of 15,564 APIs in use at any given time. For large enterprises with more than 10,000 employees, that number jumps to a staggering 25,592 APIs. Attack surfaces have expanded dramatically in recent years due to factors like digital transformation initiatives, the internet of things (IoT), and the shift towards remote work. As a result, most organizations are simply unaware of the extent of their APIs

Safeguarding Financial Data from API-Related Threats

1. Close the API gap with real-time testing

One effective strategy to bolster API security is to ensure that APIs are secure from the outset. Most API defects—including security issues—are introduced during development, typically in the initial coding phase. It is far more cost-effective to identify and address vulnerabilities during the testing phase rather than after deployment, underscoring the importance of  conducting real-time testing.

Financial organizations are increasingly adopting real-time vulnerability testing, with some conducting tests at least once per day. While this represents progress in closing the API gap, continuous testing will be critical for ongoing vulnerability elimination, particularly as attack surfaces continue to expand. Fortunately, modern tools have emerged to facilitate fast, efficient, and scalable API testing without adding undue burden on developers.

2. Gain visibility into your API footprint

Many organizations struggle with a lack of visibility into their API footprint. Some admit to  having only a partial view of their inventory, while others have a full inventory but lack insight into which APIs handle sensitive data. At its core, every organization requires visibility into its APIs to accurately assess risk and exposure levels.

The most effective approach is to leverage tools that create a comprehensive catalog of an organization’s APIs. This enables companies to identify APIs that interact with sensitive data and ensure they’re properly secured and monitored. Understanding the flow of sensitive data through APIs also aids in compliance with regulations such as PCI DSS, GDPR, and HIPAA.

3. Designate an API champion

Determining responsibility for API security within an organization can be challenging. Is it the developers’ responsibility? Security teams? Product teams? Or perhaps a combination of these roles? Without a clear answer, oversights and suboptimal security measures may occur. Unfortunately, many organizations only address API security after experiencing the consequences of a breach.

Designating API champions or Centers of Excellence clarifies responsibility and empowers organizations to take a strategic and proactive approach to security. These designated individuals can assess the organization’s current security posture, identify vulnerabilities, and create a preemptive strategy. Additionally, they can serve as advocates, educating other teams on best practices to ensure that API security is integrated into every stage of the application development process.

As cybercriminals become increasingly sophisticated and attack surfaces continue to grow, API breaches are likely to become more prevalent. Therefore, it’s important for companies to prioritize API security now to safeguard banking and financial data. By implementing the strategies outlined above, businesses can effectively secure their attack surface and drive positive business outcomes.

The post Protecting Corporate Financial Data with API Security appeared first on PaymentsJournal.

In the late 1990s, Linus Torvald launched Linux as a way to democratize source code. Shortly thereafter, other companies released their own source code, and from there, the radical notion of sharing your software for all the world to use took off like wildfire.

The actual term “open source software” (OSS), was coined later in the decade at a conference in Palo Alto, California. There, advocates worked together to create a strategy for continuing this new model of software innovation. The group introduced the term “open source” in an effort to move away from the negative implications of the term “free software” and to set a more inclusive tone. Shortly after, its followers began to grow exponentially.

Today, according to Forrester, more than 50 percent of Fortune 500 companies use open source software (OSS) for their development projects. As it was from the beginning, the appeal is the community nature of the software. People like to belong to a community, and developers are no exception. OSS allows them to work on projects they’re most interested in and put their talents in the spotlight for all to see, appreciate and benefit from.

As programming code created by software developers and offered publicly to anyone who wants to modify and build upon it, OSS has one clear rule of the road. If you use it to build a product, you must pay it forward by offering that product as open source as well.

Yet, while most people believe OSS is always free, that’s no longer always the case. Many forms of OSS, such as MySQL, require you to purchase a license, which includes upgrades and support. For some forms of OSS, a purchasing a license is not required, but if you require support from the developer, then you need to pay a fee for support services. And, most often, fees paid to OSS developers are only used to improve the code base.

Part of the appeal of OSS is that it’s everywhere – many of the websites and devices you use daily are built upon open source. It’s used by Meta (formerly Facebook) via MySQL. Android is based upon the open source programming language Java, so there’s a good chance your phone is built upon OSS. In addition, many of the popular video games nowadays are built using Python, another open source programming language. But the ubiquity of OSS isn’t just in the consumer world; leading business applications are built upon open source, and the apps just continue to get better as more innovators apply their craft to improving them continuously.

Open Source Software in the Finance and Payments Industries

Within finance and payments markets, which are competing for a greater share of customers, open source software offers an affordable way to build scalable solutions that provide their customers with greater flexibility and options. Mobile apps allow customers to conduct banking transactions whenever and wherever they choose. It also allows retailers to provide all of the popular payment platforms that their customers are accustomed to. These applications can be customized to meet the unique needs of particular companies… and all can be built using the same open source code.

Why Consider OSS Today

The attraction of OSS is nothing new, and we will continue to see its incredible growth in the coming years for three key reasons:  financial uncertainty, rising cybersecurity challenges and a tech talent shortage.

There are signs that the U.S. and many other countries are on a steady path to a recession due to rising inflation, the war in Ukraine and other factors. Companies are looking for ways to tighten their belts and leveraging (mostly) free source code is a way to keep digital transformation on track in the most cost-effective manner possible. 

Why OSS Can Be More Secure Than Proprietary Software

As mentioned earlier, cybersecurity threats continue to plague companies everywhere. Take, for example, the recent SolarWinds cyber attack. Last year, the company made a routine software update to its network management system that was pushed out to its customers. Hackers believed to be directed by a Russian intelligence service slipped malicious code into the software and used it as a vehicle for a massive cyberattack against America.

OSS software, which is completely transparent and visible to everyone, can provide a greater level of security because so many people can view it and identify anomalies. In fact, according to an article in Digitalogy, Linus Torvalds said, “Given enough eyeballs, all bugs are shallow.” This means that the more people look at code and test it, the greater the probability of finding problems and uncovering suspicious business.

Additionally, open source fulfills a great need at a time when software engineers and other tech talent is at a minimum. A 2021-2023 Emerging Technology Roadmap report from Gartner Inc. noted that 64% of IT executives had cited talent shortages as the most significant barrier to adopting emerging technology. Companies are able to get a leg up on software development when they use existing source code and customize it to meet their unique needs.

The Challenges of Open Source

Despite its appeal, there are many developers who are not into it quite yet, but that too will change. For software developers looking to reach their professional goals, having OSS contributions listed on GitHub certainly puts them to the top of the candidate list, and it’s fast becoming essential to any good resume.

OSS, however, is not the answer to every company’s software development needs. Due to the competitive nature of business, OSS will never supplant proprietary systems. Additionally, for many companies, the software they have now works well and is scalable.

Another issue is that typically, software developers love to write code, but hate to write documentation. OSS detractors complain about the dearth of documentation for open source software. A lack of documentation increases the time it takes to understand and implement the source code.

Despite these challenges and others, Red Hat’s 2022 State of Enterprise Open Source report found that 77 percent of IT leaders have a more positive perception of enterprise open source than they did a year ago, and 82 percent of them are more likely to select a vendor that contributes to open source.

From its early roots, OSS has embraced collaboration and innovation and can be the answer to the finance and payments industries’ quest for secure and reliable software that helps them compete in a complex and competitive marketplace.

The post Innovation and Community: Why the Time Is Right for Open Source Software appeared first on PaymentsJournal.

Open banking usage has skyrocketed since its inception in 2018. Now, with more than five million active users, its rapid adoption speaks to consumer desire for better control over their financial preferences and an improved digital customer experience.

Open banking allows customers to easily evaluate competing banking services. Consumers can quickly compare credit cards based on interest rates or see what type of savings account offers the most interest. Conversely, financial service providers also have access to consumer financial data, so they can serve up the most appropriate solutions for an individual’s particular circumstances. Open banking facilitates new use cases for personal finance management, credit risk assessments, and customer onboarding, among others.

Open banking requires APIs to function

Application programming interfaces (APIs) enable the needed connectivity for the transfer of financial data inherent to open banking. Banks provide access to their proprietary APIs in open banking systems, so that third-party developers and fintech providers have access to financial data. This data can then be used to build additional applications and services, effectively creating partnerships rather than competition between stakeholders. 

To standardize these initiatives, all open banking APIs are designed and documented to support open banking regulations, including authentication and authorization protocols like OpenID Connect (OIDC) and OAuth 2.0. The result is a more collaborative and connected approach to the exchange of data between financial providers.

However, while these standards define how APIs should be structured to enable predictable integrations, they fall short in addressing key API security challenges. Because of their unique logic, APIs make it difficult to create regulations for how to secure them, which has been a driving factor in the lack of standardized security practices for open banking APIs. 

Increasing API attacks put open banking APIs at risk

Open banking’s reliance on APIs has made them prime targets for cyber attacks. API security threats have increased in frequency and complexity. The Salt Labs  State of API Security Report Q1 2022 found that API attack traffic has increased 681% in the past 12 month – more than double the amount of overall API traffic.. The potential value of banking, financial services, and fintech data makes these institutions particularly desirable prey for attackers.

With the safety of critical financial information at stake, these organizations need to be increasingly conscientious of API security best practices to directly address security needs until requirements can be standardized.

Legacy security tooling presents low barrier for open banking attacks

Most organizations within the global open banking ecosystem rely on basic security processes – authentication, authorization, and encryption – to keep sensitive and personally identifiable information (PII) safe. However, access control is only one facet of protecting APIs, which presents a low barrier for access by hackers that use brute force attacks and phishing to break authentication protocols. Once a hacker has access to an authenticated account, encryption does little to protect data since its primary function is to protect data from unauthenticated access. 

In this scenario, with authorization (or even multi-factor authentication) as the last line of defense, hackers can launch man-in-the-middle or Broken Object Level Authorization (BOLA) attacks to breach a system and obtain the valuable information they seek. Vulnerabilities found at this stage are often the result of the unique and complex logic of APIs, along with their frequent and shifting updates and functionalities, making API security challenging. 

Systems that rely on legacy security tooling, such as web application firewalls (WAFs) and API gateways, have also proven ineffective at protecting open banking APIs. These solutions use a proxy architecture that looks for known attacks and can only validate API transactions one at a time, limiting their ability to correlate reconnaissance activities over time. Bad actors tend to launch a number of subtle probing attacks in reconnaissance to learn the unique business logic of an API and propagate a successful API attack – making legacy tools incapable of providing comprehensive API security.

Open banking APIs need intelligent and automated security

Adopters of open banking can more effectively harden their security posture against future attacks with a holistic approach to API security that is better suited to protect modern architectures. By utilizing intelligent technologies, like artificial intelligence (AI) and machine learning (ML), APIs can be secured across their entire lifecycle. 

Intelligent capabilities for discovery can enable security teams to uncover and have visibility into all APIs, including shadow and zombie APIs that run without their knowledge and can be prone to overlooked vulnerabilities. For robust discovery of APIs, the incorporation of automation is key, as organizations (especially in the realm of SaaS) often create more APIs than they can manage and update manually. Once APIs are discovered, they can be understood, which can in turn support systems in defining each API’s intended functionality. This act brings everything full circle and alerts security teams to what is “normal” for their system. 

With AI and ML, this baseline can also be monitored automatically, with insights provided for activity that is outside of it (a potential attacker), even at the most granular level. When organizations can correctly identify attacks, they are also able to keep documentation up-to-date for reference with key stakeholders at any point in time – a critical component for open banking, which typically sees a decline of accurate documentation in this area. 

As a last piece of advice, there is no replacement for system testing. While developers do their best to code applications correctly and securely, they are human, and vulnerabilities can present themselves. This is why runtime protection is so vital, and coupled with real-world insights from AI and ML, a deep analysis and testing of system health should be conducted on an ongoing basis to eliminate found security gaps.

Defining a Secure Future for open banking

Targeting APIs now dominates today’s modern threat landscape, with bad actors propagating the attacks outlined in the OWASP API Security Top 10 list and other abuses. With the connective and personal nature that is tied to financial data usage in open banking, the hardening of APIs is essential for businesses and consumers alike. Utilizing best practices along with intelligent technologies can help prepare an organization to confidently meet security demands for API-based attacks, limit the vulnerabilities that attackers seek to find, and remediate security gaps with proactive API discovery and testing for a more protected approach to open banking.

The post API Security Best Practices to Protect Open Banking appeared first on PaymentsJournal.

API Technology Challenges Practioners Want Solved in the Near Future:

Don’t miss another episode of Truth In Data! Click on the red bell in the lower-left of your screen to receive notifications as soon as the episode publishes.

Data for today’s episode is provided by Mercator Advisory Group’s Report: Treasury Automation: Adapting to Increased Expectations

API Technology Challenges Practitioners Want Solved in the Near Future:

• 52% of API practitioners surveyed in 2021 say that standardization is a top API technology challenge they hope to solve in the near future.
• 40% of API practitioners surveyed in 2021 say that security is a top API technology challenge they hope to solve in the near future.
• 36% of API practitioners surveyed in 2021 say that scalability is a top API technology challenge they hope to solve in the near future.
• 36% of API practitioners surveyed in 2021 say that versioning is a top API technology challenge they hope to solve in the near future.
• 34% of API practitioners surveyed in 2021 say that authentication is a top API technology challenge they hope to solve in the near future.
• 34% of API practitioners surveyed in 2021 say easier integration between tools is a top API technology challenge they hope to solve in the near future.

About Report

Automating treasury operations has been a steady goal in corporate finance since at least the mid-2000s. The increasing technology capabilities of the past several years, along with the pandemic, which has refocused the corporate world on liquidity, have combined to help shift treasury automation into a higher gear. In a new research report, Treasury Automation: Adapting to Increased Expectations, Mercator Advisory Group reviews the traditional and now changing role of treasury management into a more strategic resource for the CFO. Forward-thinking financial institutions, traditional treasury management solution providers, and latest generation fintechs are striving to assist their corporate clientele to optimize their capabilities in treasury operations. Companies are looking to their providers to help move them to a new level of effectiveness.

“Treasury management has traditionally been a specialized and lightly resourced area of corporate finance. This began to change after the global financial crisis as the role of treasury began to expand in the planning and execution of corporate financial imperatives,” commented Steve Murphy, Director of Mercator Advisory Group’s Commercial and Enterprise Payments Advisory Service, author of the report. “That adaptation through technology advancements continues and, of course, received a boost from pandemic-generated issues when the recognition of digitized financial processes as a catalyst for improved financial operations became quite clear to many, especially lagging organizations.”

The post API Technology Challenges Practitioners Want Solved in the Near Future: appeared first on PaymentsJournal.

This was posted on the SWIFT site and describes a payments pre-validation service that network users can access via APIs to eliminate unnecessary formatting errors, which SWIFT suggests is part of the systemic friction causing more than $2 billion annually in added costs.  The way it works is that an upfront API is used to check payment formatting details for the beneficiary and receiving country prior to the actual initiation and clearing process so any errors can be corrected, eliminating costly investigations.

‘Whether a multinational corporate, small business or an individual sending money to family abroad, the world heavily depends on the smooth flow of transactions every day. Payments travel across borders, through jurisdictions and in and out of accounts, but throughout this journey delays can occur. These create friction, sending ripples of disruption through our daily lives. They stop shopkeepers from getting the supplies they need on time, impact international supply chains and prevent loved ones from receiving the funds they need, when they need them…..While there are many causes of this friction, including carrying out essential compliance checks and the limitations of legacy technology, we found that 72% of payment exceptions on the SWIFT network are the result of formatting errors, account issues and invalid data. And that can be frustrating, as many of these errors could be avoided – all that’s required is that payments are checked or ‘pre-validated’ before they’re sent so that mistakes can be fixed immediately instead of later down the line. This saves time, reduces delays and most importantly gives customers the best payments experience possible.’

We did not receive a briefing but there is no detail about fees, although the article has links to videos where fee transparency is discussed.  It is also not clear as to whether the pre-validation service performs a format or data repair automatically, although we assume not, at least for now.  This is something that certain payment hubs, for example, can execute on behalf of the initiating institution. We reviewed this in recent member research.  In any event, this is further indication that SWIFT continues to improve the cross-border payments experience for network participants, which began a few years back with gpi then continued with the cooperative’s business decision to offer additional layered services to members.

‘So far, almost 100 banking groups have joined our pre-validation community, using the service to eliminate errors and mistakes in their payment messages. They’re already benefiting from the rich data we provide, and that data will only get richer as more users sign up….And we have plans to keep evolving Payment Pre-validation. We’ll continue to grow our community, introducing new features that enhance the scope of the service and provide more and more value. These include a further expansion into the world of financial crime compliance and fraud prevention, and increased fee predictability.’

Overview by Steve Murphy, Director, Commercial and Enterprise Payments Advisory Service at Mercator Advisory Group

The post Saying Goodbye to Unnecessary Errors with Payment Pre-Validation appeared first on PaymentsJournal.

Digital commerce continues to grow. The COVID-19 pandemic heavily influenced how consumers shopped, driving consumers to online shopping for safety and simplicity. While pre-pandemic, consumers might only have used certain services every month or two, the need to avoid in-person purchases led to weekly or even daily use of online options. Merchant categories that experienced the highest frequency of use included meal delivery, entertainment subscriptions, and grocery shopping. For safety and simplicity, consumers have turned to online shopping in droves, and it is only natural that those same consumers seek the most seamless shopping experience possible.

Credential on File Can Accelerate Digital Commerce

What is Credential on File (or Card on File)?

Credential on File refers to a process in which a cardholder explicitly authorizes a merchant to save their payment information. Any time someone re-orders from the same online merchant and does not have to re-enter their payment information, that is because the merchant has their card or credentials on file.

Credential on file simplifies checkout and will continue to fuel digital commerce growth. When consumers use saved payment credentials, the shopping experience is faster and more convenient, making consumers more likely to shop with that merchant again in the future.

To take an in-depth look at why Credential on File is crucial for digital commerce and how it can improve the consumer experience, Mastercard partnered with Ipsos to release a recent whitepaper, “Credential on File: The Digital Commerce Growth Engine.”

Credential on File Opportunity for Card Issuers

Using a Credential on File is now widespread among consumers when they shop online, and it is more important than ever to become consumers’ default card for digital.  While consumers like the convenience of saving credentials on file, to capture their interest, issuers need to understand and address their security concerns. 40% of consumers today still use guest checkout due to security concerns.¹ Issuers who give consumers transparency, convenience, and security have a stronger chance of gaining that top of wallet position.

Mastercard Token Connect API can ease consumer’s security concerns

Mastercard is offering the Token Connect API, which enables issuers to create an experience that gives consumers a convenient and secure way to push tokenized card credentials directly from the issuer environment to participating digital endpoints. Online checkouts, wearable IoT devices, digital wallets, and participating merchants can all receive tokenized credentials via Mastercard Token Connect. To enable speedy online checkouts on merchant websites, Token Connect helps consumers easily push card credentials to Click to Pay, which features multiple layers of security, easy-to-use digital interface, and interoperability with tokenization and authentication standards. Additionally, Token Connect is now integrated with Samsung Pay, allowing cardholders to push provision their eligible Mastercard into their Samsung device and conveniently pay in-app, online or in-person.

Mastercard Token Connect can drive card preference and other benefits

Token Connect enables card issuers to provide their cardholders with an easy and secure way to save their card as default to multiple destinations, increasing engagement and reinforcing their brand as a trusted source. Issuers also obtain access and ability to provision credentials into all participating digital endpoints with a single integration into Token Connect. As for cardholders, they get a convenient, secure, and digital first way to push tokenized card credentials. 77% of consumers agree that saving their payment card details makes it more convenient to make purchases or payments.² Mastercard Token Connect provides a way for issuers to drive more card on file, win the top of wallet race, and generate increased spend and revenue.

The future of e-commerce

Online purchasing is continuing to increase. Most consumers plan to continue using e-commerce as their preferred channel even after the pandemic ends. It is reasonable to expect that cardholders will continue to gravitate towards Credential on File transactions. Mastercard Token Connect offers a convenient and secure way to push tokenized credentials to participating digital endpoints to enable frictionless CX and drive loyalty.

To learn more about the current e-commerce consumer trends, what strategies issuers can deploy to become and remain the default card, and why Mastercard Token Connect offers the best solutions, consider reading Mastercard’s whitepaper.  

Access Mastercard’s whitepaper, “Credential on File: The Digital Commerce Growth Engine,” by filling out the form below. 

1. Mercator: 2019 Customer Merchant Experience, August 2019​
2. Mastercard Credential on File Research, February 2021

The post Digital Commerce and the Effect of COVID-19 appeared first on PaymentsJournal.

Application Programming Interfaces (APIs) – software intermediaries that allow different platforms, applications, and systems to talk to each other and share information – are quickly being integrated across Latin America (LATAM), especially in the payment industry. This movement towards embracing APIs is otherwise known as APIfication. 

LATAM is ready to embrace this technology as the region has recently become a fertile field for financial and technical development. The market potential for fintech projects and tech startups has increased exponentially, and COVID-19 accelerated digital services’ adoption.

But despite the rapid rise of fintechs and neobanks, they have hardly reached the locally-driven demand and financial need. With untapped opportunities in the region, what’s next? 

LATAM on the edge of financial inclusion 

Some of LATAM’s traditional financial institutions still follow outdated methodologies and have manual operators. This can occasionally mean a lack of automated and standardized infrastructure for payments and money management, which can explain why nearly half of LATAM’s population are unbanked or have difficulty opening bank accounts. But this doesn’t mean they are financially inactive; they need loans and want to open savings accounts. Open banking APIs are the solution as they give third-party providers access to data from financial institutions in a safe and efficient way to speed up financial processes. 

LATAM’s middle class has grown by more than 50% in the past decade, so there’s a huge demand for better financial products and services. APIs allow siloed systems to communicate with each other to develop products more agilely that are personalized to users.

The open finance wave means that banks, insurance firms, fintechs, and lending companies are innovating and integrating APIs to help with financial inclusion and initiate conversations around end-user management. 

The growth in this industry won’t be slowing down anytime soon with governments taking regulation seriously across Colombia, Mexico, Brazil, Chile, and Uruguay. 

Fintech-bank partnerships facilitating API integration

Fintech-bank partnerships have progressed drastically over the last two years due to fintech growth. This is also because API-driven collaboration between fintechs and traditional financial institutions is not a one-way street. 

Banks have recognized how partnering with fintechs can modernize their offerings, without building the tech infrastructure themselves. At the same time, banks support a compliance and regulatory structure that helps fintechs establish appropriate security and regulatory frameworks. Their new products can be brought to the market faster and more efficiently, and they can benefit from a wealth of data. 

In Mexico, the fintech Credijusto just bought a regulated bank. The deal reflects a global trend of fintech firms acquiring banks to enable more diversified product offers. Rappi also partnered with a Mexican bank, Banorte, to launch a financial services company. 

Due to COVID-19 and the drastic digital transformation, the pressure for banks to innovate across the world has never been higher. 

Empowering women to take control of their finances 

In LATAM, women power the economy and are often the managers of household budgets. However, there is a lack of financial products designed for women. And when they were already less likely to get access to credit, COVID-19 further impacted their economic autonomy. However, LATAM’s fintechs using API are beginning to address gender inequality in credit. 

Jefa, founded by Emma Sanchez Andrade Smith, is an up-and-coming challenger bank questioning the financial services available for women and encouraging a female presence in LATAM’s fintechs. Ana Barrera, Co-founder and CEO of Aflore, a female-led financial inclusion channel, gives access to financial products for the underbanked through a network of informal financial advisors. 

In the microfinance landscape, there’s always been awareness about the role women play within their families. Microfinance institutions have often targeted individuals and small businesses with restricted access to conventional banking, which has led to female empowerment by influencing their decision-making. But API technology used by fintech companies is offering more opportunities to help women by increasing transparency in microfinance and allowing lenders to review client applications quickly.

Lastly, the huge caravan of immigrants currently making their way across LATAM, from Cuba to Venezuela to Argentina, has resulted in a wave of digital and crypto wallets and cross-border payment solutions. The ability to integrate all these different payment solutions via APIs is essential. It will allow alternative banking arrangements to have scalable operations, offering more flexibility and support to the millions of customers in the unbanked population. 

The post Why LATAM Is Poised for API Integration appeared first on PaymentsJournal.

COVID-19 led to accelerated digitization globally, which subsequently and unsurprisingly resulted in an increase in fraudulent activity. To combat the rise in fraud, Refinitiv recently combined World-Check, its risk intelligence solution, with GIACT’s EPIC Platform, which Refinitiv acquired in late 2020, via single API. Not only will the combined solution make organizations (along with their customers and vendors) more secure, but will also help streamline operations and create a better, faster customer experience. 

To further discuss why many businesses are choosing a single API solution for their fraud and risk mitigation needs, as well as the current state of fraud in the marketplace, PaymentsJournal sat down with James Mirfin, Global Head of Digital Identity and Fraud Solutions at Refinitiv, and Tim Sloane, VP of Payments Innovation at Mercator Advisory Group.

Epic Platform integrates with World-Check

Refinitiv recently announced the integration of GIACT’s EPIC Platform with Refinitiv World-Check, a risk intelligence data set used by corporates, companies, and financial services firms around the world to help them scope out regulatory risk. “We’ve brought that together through the platform, and they’re now making it available via a single API,” said Mirfin.

The combined solution can assist customers in taking a holistic approach to managing fraud and risk, while supporting these customers throughout their entire lifecycle. With this integration, the merged capabilities can help with enrollment and onboarding, securing payments, addressing change events as well as compliance and due diligence.

“[Refinitiv] believe[s] that bringing this together through one platform—combining the unique data sets that we have as LSEG, Refinitiv, and GIACT—can really help clients, whether it’s around consumer or business identity, payments, [or] compliance risks throughout the lifecycle,” added Mirfin.

Additionally, customers in the market have reported that it is unique to be able to bring data assets and capabilities together through a single API and a single integration. “This single API with a broad availability of data gives [customers] lots of flexibility,” concluded Sloane.

Benefits of a single API solution

APIs are a hot topic, both for industry professionals and non-technologists. They are important because customers are looking to consolidate vendors and make it easier to work with a smaller number of partners who can support their businesses across a variety of challenging verticals.

“[It’s really important to bring] broad sets of capability together through that single API in a way that it’s easily understood by the teams that are looking to implement it on the development side, but also the business users that are trying to solve real use cases and real problems, helping them understand the power of the data and the technology that sits behind that API,” offered Mirfin.

Whether it is solving identity verification challenges during onboarding, making sure account takeover by a bad actor is not a possibility, or adding new products to an existing relationship, Refinitiv makes sure its customers understand how they can use its API to protect both their assets and their customers across all offerings. “The single API is a great way to help our customers: it makes it easier to manage that integration, [and] it helps them think about different ways that they can go and roll out new products in a confident way,” continued Mirfin.

Implementing Refinitiv’s single API solution properly can also be an enabler of growth, a result of the support customers receive in new areas such as onboarding their clients.

Addressing fraud concerns

The newly integrated platform supports multiple verticals and use cases, which is only one of the benefits Refinitiv offers. However, it can be challenging at times because it is so expansive. “I think about customers we’ve talked about [recently] and the challenges that they’re having: it’s cut across everything from crypto, to payments, to banks, to insurance and lending to SMEs, to real estate,” explained Mirfin. And it seems these challenges have also been fueled by the pandemic, with companies being forced to rapidly digitize their business models.

This rapid digitization creates opportunities for fraudsters. Fraud grew nearly 50% from 2019 to 2020, with over $700 billion in lost revenue in 2020. Some industry professionals estimate that this year will see around $770 billion, which Mirfin views as being on the lower end of the spectrum: “[The industry is] realistically heading towards a trillion-dollar problem here, or a trillion-dollar fraud industry for the criminals and the fraudsters.” This is expected to impact every business, with a multitude of different types of fraud hitting the market.

One example of a popular variation of fraud is business email compromise. For a business experiencing email compromise, the inauthentic payment can cost the company into the seven figures. It is different than consumer fraud, which is often only a few hundred dollars.

Fraudsters become more creative every day, which illustrates the challenges of implementing point solutions as opposed to implementing a platform. The crypto space is a particularly challenging arena, as there tends to be a lot more collaboration and information sharing amongst players. However, crypto is a newer branch of the payments industry, and its leaders are coming to market each day to share intelligence around fraud and discuss how to solve those problems.

The future of Refinitiv

The integration of GIACT’s EPIC Platform with Refinitiv World-Check is a big step forward for Refinitiv, and the global provider worked quickly to bring each of the capabilities together. But Refinitiv is always looking toward the future, both for the success of the business and for the success of its customers.

Refinitiv plans to continue with innovation and the consideration of where fraud is heading next. This will allow Refinitiv to provide the protection its customers need while making it easy for them to benefit from the capabilities on the market. Users of Refinitiv’s technologies can expect more exciting announcements through the second half of 2021 involving additional capabilities that are being added to the platform.

Fraud will continue to be a challenge for all businesses, but Refinitiv is determined to deliver world-class solutions to help customers across industries, functions, and job roles protect their own organizations and customers from increasingly costly and complex types of fraud.

The post Refinitiv: Managing Risk Throughout the Customer Lifecycle appeared first on PaymentsJournal.

This piece was dropped in The Scotsman, which seems apt given that the 2018 Oslo-based startup fintech Eedenbull has operations in Edinburgh. The company develops products for corporate banking entities in the payments space and has a platform banking solution. It seems that Eedenbull will be incorporating Mastercard Track into their offering.

The Mastercard Track network was first announced in late 2017 as a B2B information sharing system and has been evolving into a broader range of services, most recently the Mastercard Track Business Payments Service announced last year. Eedenbull will become a member of the network and utilize the BPS to enhance its’ own offerings to bank constituents.

‘One of the first open-loop B2B commercial networks, Mastercard Track automates payments-related data exchange between buyers and suppliers….Consisting of a portfolio of B2B solutions, it helps businesses increase simplicity, flexibility, and efficiency, optimizing the best option of paying or getting paid for every invoice across multiple payment rails….As a result of the tie-up, Oslo-headquartered EedenBull says its fast-growing network of banking partners will benefit from reduced complexity, driving down costs and enhancing the end-user experience for their business and corporate customers….The integration demonstrates EedenBull’s commitment to drive modernisation of the B2B commercial payment ecosystem.’

So it seems that the Mastercard Track network is starting to gain some traction, given the recent announcement that Barclaycard Payments will also be a participant. Eedenbull distributes through banks, which often do not have the technical resources to keep up with all the latest-gen tech that is available for corporate customers to consume. 

As we see the acceleration of digital payments and processes, we also have the corresponding workplace and demographic changes happening simultaneously, which increase demand for easier B2B payments experiences, in line with how people conduct their personal lives. So we’ll keep an eye on these developments.

‘Nicki Bisgaard, CEO and co-founder of EedenBull, said: “The global pandemic is accelerating a move towards automated B2B payments and shifting business’ digital expectations in the process….“As a result, banks need help optimising their offering to not lose out on customer loyalty or the huge opportunity that lies ahead. This collaboration underpins our commitment to delivering optimised B2B payment solutions to our banking partners, allowing them to meet the complex needs of their business customers.”…He added: “EedenBull is delighted to continue its excellent relationship with Mastercard. By joining Mastercard Track, we believe our solution helps to solve some of the most urgent B2B payment challenges today.”…Eedenbull will use Track Business Payment Service as a Buyer Payment Agent (BPA) by integrating with Mastercard APIs and it will be actively offering the service to its partner banks.’

Overview by Steve Murphy, Director, Commercial and Enterprise Payments Advisory Service at Mercator Advisory Group

The post EedenBull Integrates Mastercard Track To Drive Modernization of B2B Payments appeared first on PaymentsJournal.

Introduction of a single API solution offers a holistic approach to fraud and risk, covering the customer lifecycle across enrollments, payments, change events, compliance, to ongoing KYC and due diligence

London and New York: Refinitiv, one of the world’s largest providers of financial markets data and infrastructure, today announced that the EPIC Platform from GIACT and World-Check are now together and accessible via a single API. The integration brings together the comprehensive risk intelligence from World-Check with the unprecedented capability of GIACT to deliver a multi-dimensional view of consumer and business identity, payments, and compliance risk, across the customer lifecycle.

Nearly half (47%) of U.S. consumers were impacted by identity theft in the past two years, with resulting losses increasing 42% year-on-year to $712.4 billion in 2020, according to Aite Group. Concurrently, both traditional and emerging fraud risk, alongside complex compliance requirements, has delivered record financial losses and reputational risk to organizations across almost every industry. 

The integration announced today is set to address all manner of fraud and risk-related threats and inefficiencies by combining industry-leading solutions into a single API that can be deployed across an organization.  

“For over a decade, legacy solutions have failed to adequately protect financial institutions, businesses and consumers from identity and payments fraud,” said James Mirfin, Global Head of Digital Identity and Fraud Solutions at Refinitiv. “Until today, no one has been able to deliver a fraud and risk mitigation solution that spans the customer lifecycle. Refinitiv responded to the industry’s calls by combining the power of the EPIC Platform and World-Check into a single comprehensive solution that eliminates gaps in the fraud prevention process; helps protect financial institutions, businesses, government entities and others against the latest fraud threats; and improves customer experience through real-time, fact-based decisioning.” 

Through a customizable, single API, organizations will be equipped with the following advances: 

• Refinitiv’s cutting-edge technology and access to an unparalleled real-time network of identity verification, authentication services and compliance screening
• Access to a holistic set of enrollment, payment, identity, compliance, screening, and mobile solutions built on a single platform
• Ability to proactively identify and mitigate both traditional and emerging risks, including payments, identity and vendor fraud; money laundering, bribery and corruption; as well as enforcements and fines
• Ability to address newer, more sophisticated fraud threats, including identity theft; synthetic identity fraud; true name fraud; account takeover; business email compromise; and others 
• And the capability to better attract and retain customers, safeguard their reputations, and protect supply chain and vendor relationships.

To learn more about the combined power of the EPIC Platform and World-Check, click here. 

About GIACT

GIACT, a Refinitiv company, is the leader in helping companies positively identify and authenticate customers. Since 2004, GIACT has been empowering businesses across all industries with data-driven insights to prevent identity and payments fraud and improve compliance procedures, all through a single platform — the EPIC Platform. For more information, visit www.giact.com 

About Refinitiv

Refinitiv, an LSEG (London Stock Exchange Group) business, is one of the world’s largest providers of financial markets data and infrastructure. With $6.25 billion in revenue, more than 40,000 customers and 400,000 end users across 190 countries, Refinitiv is powering participants across the global financial marketplace. We provide information, insights, and technology that enable customers to execute critical investing, trading and risk decisions with confidence. By combining a unique open platform with best-in-class data and expertise, we connect people with choice and opportunity – driving performance, innovation and growth for our customers and partners. For more information visit: www.refinitiv.com 

The post Refinitiv Combines Giact’s Epic Platform With World-Check To Help Protect the Consumer Lifecycle appeared first on PaymentsJournal.