I recently read a great article in Payments Source that reminded me of some of the problems we were trying to solve when we first architected FI.SPAN. FI.SPAN is meant to answer some of the issues that banks face when dealing with API development and FinTech collaborations. Specifically, the security, monitoring, implementation and standardization issues around these APIs are hard for banks to tackle on their own. We have taken these issues and created a platform that is secure, scalable, and optimized for banks’ needs. Our goals of making APIs reliable, reducing implementation costs and saving time have made FI.SPAN into the product it is today.
The article brings up a few interesting issues:
It Starts Design but Ends With Security
“Developing APIs is only one part of the equation. Equally important is testing them for performance and security, more so considering that the various data masking and restrictions at play make bringing live data into test environments difficult.”
API design and management is a very specific development practice. Banks (with some notable exceptions) aren’t known for developing world-changing APIs. Even once an API is designed, there remains the issue of testing how it looks before even testing its security. By using FI.SPAN, banks don’t need to waste time and resources developing, testing and revising in-house APIs. FI.SPAN has already done the hard work of generalizing functionalities and designing the optimal protocols. All banks need to do is plug in.
Banks also need to resolve API security, once the functionality is under control. But, banks don’t do APIs every day. Most banks don’t use APIs externally and have little experience exposing APIs externally over the internet. To deal with API security concerns, traditionally a bank’s IT team would have to research and implement the appropriate security measures. With FI.SPAN, stringent security measures are already in place and have held up to the best practices and scrutiny of multiple bank and FinTech partners.
Continuous Monitoring is Key
“Open APIs will require comprehensive and proactive monitoring around availability, performance, security and other dimensions.”
Banks have to answer to both customers and regulators. As a bridge between banks and FinTechs, FI.SPAN ensures that availability is never compromised, and issues of downtime are managed strategically to minimize customer disruption. Companies like Google and Amazon invest a lot of money in getting this technology right, since it is central to their business model. These big companies have the luxury of hiring hundreds of developers to work on monitoring and performance once APIs are designed and enabled. A bank doesn’t necessarily have these resources. FI.SPAN is a smaller player, but we specialize in this technology so that banks don’t have to, but they can still play with the big guys.
Implementation Must Be Seamless
“Going forward, banks should embrace a Microservices framework of loosely coupled services that can be built, tested and deployed on a standalone basis.”
Most banks are too large to be agile in new technological deployments. When banks do implement technology improvements, they aren’t easily scalable. FI.SPAN was built to be scalable on demand. Our platform leverages the power of microservice architecture & cloud infrastructure to allow banks to scale our solution to fit their unique needs. The FI.SPAN layer provides a bank with the agility that their current stack likely does not today.
Historically, banks have been in charge of their own datacenters. When the time came to upgrade or add additional machines, it could take up to six months to get the technology needed to support additional traffic. Banks’ systems just aren’t easily scalable. FI.SPAN uses the power of cloud infrastructure to enable scalability on demand. When you need additional power to handle the greater workload, you put in the request, and your additional capacity is ready in seconds, not months.
Standardization is Paramount
“Finally, ensuring standardization and integrity of customer data, while complying with relevant regulations, will necessitate adoption of industry-wide standards on data interoperability.”
Banking is a highly regulated industry, and for good reason—no data is more precious than customer data. All customer data that interfaces with FI.SPAN is encrypted. We employ specialized firewalls to protect against DDoS attacks. What’s more, we rely on secure API-based data access, which eliminates the necessity of using screen scraping to retrieve customer data (no more password sharing is required). Open APIs are a more efficient way of communication between banks and FinTechs where the bank remains in control.
Regulating access to customer data through API is a more efficient use of a bank’s technology resources. When customer data is provided through user access (also known as screen scraping), banks have to deal with huge amounts of traffic to retrieve very specific pieces of information. Think of it like downloading a ten-page report, when all you need is one line of text. APIs communicate more efficiently, only retrieving the necessary information and nothing else.
A Plug-and-Play API SolutionHere at FI.SPAN, we love helping banks add value to their customers with new technology. This is why FI.SPAN was born - to allow banks and FinTechs to work together. FI.SPAN’s technology lets banks access innovative FinTech offerings without worrying about high implementation costs or lengthy procurement procedures. We truly believe APIs will change the banking industry for good, and we’re so excited to see where this evolution will take us.