Experts discuss business models and IT security at the Airlock Security Breakfast

From 14 September 2019, European Union banks will need to adopt an open approach towards third-party providers under the new PSD2 Directive. Swiss banks are opening up without regulatory requirements. Standards and platforms are being created with the aim of simplifying access to bank accounts for FinTechs. During the Airlock Security Breakfast, the current situation in Switzerland was examined closely; with both the effects on the banks’ business model and secure access management being discussed.  

Jürgen Petry, New Business Innovator at Raiffeisen Switzerland, and founder of the API Working Group of the Swiss Fintech Innovation Association (SFTI), gave an overview of the numerous API standardisation initiatives currently being undertaken in Switzerland:

It is important to build a knowledge platform across the entire API environment in Switzerland, and to provide full-featured test systems as well as simple sandboxes, so as to enable developers to carry out developments in these sandboxes and gain additional knowledge via the knowledge platform.

In addition, Petry explained why a Swiss API payment standard is needed, and why it is not possible to simply adopt the European NextGenPSD2 API. He explained that there are features of the ISO20022 message standard for payments that are specific to Switzerland and need to be considered. He also noted that the API initiative of the SFTI addresses not only payment transactions but also other business areas in banking (loans, portfolio management, etc.). Finally, Jürgen Petry emphasised that the various national standardisation initiatives must be able to work alongside one another, and also be in tune with international committees so that a sustainable solution can emerge. 

Marianne Wildi, CEO of Hypothekarbank Lenzburg, also presented a business model that has successfully reconciled the modern API economy with the transformation of the Hypothekarbank from traditional bank to digital financial services provider. She pointed out that

technology is important, but in the end you have to know where you position yourself in the market. It all comes together, Open API alone is not enough. The financial institution must know which unique selling propositions it has and on which a business model is based.

The Hypothekarbank Lenzbung has already integrated various Fintechs via APIs and, thanks to innovative providers, is reaching new customer groups who are now depositing their money in Lenzburg.  

Martin Zahner, Business Development Manager at Airlock, spoke of the effects of open banking on IT security and access management:

Banks have to offer their customers an attractive user experience via digital channels, otherwise they migrate to the FinTechs. This requires, among other things, trouble-free authentication. Likewise, as the APIs open up, there are also new weak points that have to be protected. User and identity management, such as the Airlock IAM - part of the Airlock Secure Access Hub - is able to define and enforce accurate access policies. Thus, only authorised persons can call up the data and services – also on the API. Banks have to offer their customers an attractive user experience via digital channels, otherwise they migrate to the FinTechs. This requires, among other things, trouble-free authentication. Likewise, as the APIs open up, there are also new weak points that have to be protected.

Blognews directly to your inbox

The Airlock Newsletter informs you continuously about new blog articles.

Subscribe blognews

Comments 0

More interesting articles

5 security challenges in an open banking ecosystem
Banking

5 security challenges in an open banking ecosystem

Security in concrete terms - 2FA in the banking world
2FA

Security in concrete terms - 2FA in the banking world

Securing the Payment Services Directive 2 (PSD2)
Banking

Securing the Payment Services Directive 2 (PSD2)

Information for you

-Our whitepapers-

Zero Trust is a journey

The digital transformation of the world continues to progress, and it is profoundly affecting private life and job profiles in a manner that was hard to imagine just a few years ago.

This whitepaper covers the effects of continuous digitization and its implications.

Request free of charge

Toward DevSecOps

In this whitepaper, you will learn the most important insights into how you can successfully and efficiently implement DevSecOps, which security components are required for this, and what benefits a microgateway architecture brings.

Request free of charge

Airlock 2FA - Strong Authentication. Easy.

The two-factor authentication in the area of IT security offers double the security.

Find out more about strong authentication and the possibilities that Airlock offers in our whitepaper.

Request free of charge

Further whitepapers

We provide whitepapers on these and other topics free of charge:

  • successful IAM projects
  • Compliance
  • Data protection (GDPR)
  • Introduction of PSD2
  • PCI DSS requirements
Request free of charge