While open APIs are extremely attractive and represent lucrative opportunities for your credit union, it's important to understand the quickly shifting regulatory environment and landscape. It's even more imperative you have the appropriate infrastructure in place to protect your members in this more complex cybersecurity environment.
While U.S. consumers, in general, are open to the notion of open banking, the highest level of interest—as most would assume—is with consumers in the younger generations, specifically millennials and Generation Z. Simultaneously, Deloitte research suggests households with over $250,000 in annual income are most receptive to open banking in general and to sharing their information. Behind the groundswell of support for open banking, the Office of Comptroller of the Currency (OCC) released a bulletin in 2021 that highlighted the security benefits of APIs. The bulletin positioned APIs as a secure and efficient portal where financial institutions can share sensitive information with data aggregators.
According to the OCC, credit unions and financial institutions that establish agreements with data aggregators can utilize APIs to limit the utilization of less-effective methods, such as screen scraping. At the same time, APIs can empower members to better manage and define the data they would like to share, and APIs do not require your members to provide their account log-in credentials to third parties. This infuses an extra level of comfort for members who enjoy the convenience of apps like Venmo—but would prefer not to share passwords and usernames beyond core banking.
However, open banking and APIs have been largely unregulated. The non-profit organization, the U.S.-based Financial Data Exchange (FDX), created an API standard to help facilitate safe and secure sharing of data. And this standard has been implemented and adopted by members of the American Banking Association. With so much increasing focus on open banking and APIs, major financial institutions in the US, such as the U.S. Treasury Department and the National Automated Clearing House Association (NACHA) are making major moves toward standardizing protocols and codes that empower APIs to deliver secure and fast exchange of information. Although the area lacks a clear financial regulatory framework for banks and credit unions in the U.S., fintech firms and financial institutions are surging fast ahead.
Credit union member expectations are often driven by culture, which is greatly influenced by financial technology. And to keep up with this trend, credit unions are virtually forced to embrace open banking and partner with third-party providers (TPPs). Doing so can offer members more control, choice, and convenience when sharing their data with TPPs.
Some credit unions are much better positioned to enter the world of open banking. Specifically, credit unions that adopted a cloud-based core were notably more prepared to successfully navigate the pandemic's all-but-mandatory shift to digital banking channels. And these same institutions with a cloud-based core are best suited to take advantage of the benefits of TPP and open-banking offerings. While a cloud-based core isn't a requirement, it simplifies and streamlines the process of connecting to the innovative world of financial service offerings.
In either case, credit unions remain primarily responsible for protecting their member's information and integrity. As such, security must be embedded within the most fundamental framework. More so, the importance of employing fraud detection tools, multi-factor authentication, and protection against cyberattacks has become more important than ever.
When credit unions adopt open banking, it's imperative they have the experienced personnel and tools in place to secure their environments. The most recent data and research from F5 Labs show the number of API security incidents continues to increase year over year. And the majority of API incidents over the last two years were the result of a low level of security maturity.
Even though open banking and APIs open the door to a vast range of benefits—including a more comprehensive view of the needs and life stage of credit union members—these advantages will never outweigh the costs without API-centric security. Fortunately, there are several different technologies that utilize machine learning and artificial intelligence to help sure your member data.
For starters, credit unions that are looking to foray into this arena should look for low-latency, high-performance API management solutions as well as a secure API gateway. This allows credit unions to utilize modern security protocols to support microservice-based apps. Another key solution is adaptive authentication. Adaptive authentication actively uses real-time inputs and adjusts verification methods based on risk levels to provide dynamic protection. These solutions can be implemented whether on-premise or as a service in the cloud. And adaptive authentication solutions are compatible with a vast array of authentication methods to deliver an unencumbered member journey. When paired with fraud mitigation and risk management solutions, zero-day malware and phishing cyberattacks can be prevented well before they ever occur.
One thing is for certain, open banking is the path forward for credit unions and all financial institutions. And FLEX makes it easy with FLEXBridge. This dynamic open API interface allows third-party solution providers and your credit union to access FLEX core data and business rules. As a single API with a customized developer portal, FLEXBridge offers credit unions the best of both worlds. It connects all internal credit union systems while only exposing data to developers in a compliant and secure way.
Because FLEXBridge operates in real time, it actively facilitates the secure passage and updating of data between any connected external source and the FLEX core. This world-class technology unleashes the power of the ever-expanding financial technology marketplace in a safe and efficient manner while providing an array of service opportunities for your credit union and members. Best of all, several third-party integration options already exist within the FLEX framework and FLEXBridge API.
Learn more about some of the existing integrations available through FLEX and FLEXBridge API in our Core Integrations eGuide.
In addition, to help you further understand how important a digital transformation can be for your credit union, take a look at our feature article from the 2022 Callahan Supplier Market Share Guide.