Current Situation
Currently, there is no standardized, secure access for third parties to data. There are various mechanisms to share and access data, but security, clear access controls and authentication mechanisms, efficiency, data quality, and standards are all missing.
Goals and Objectives
- Improve security in the ecosystem by making sure only authorised/ certified parties can access data.
- Define clear rules and agreements on data access, data storage, and certificates to increase clarity and accountability in the ecosystem.
- Increase transaction security and reduce fraud through tokenization.
- Ensure that customer consent applies at any time and has not been withdrawn.
Technology Deployed
- API Gateway, XS2A Platform
- Identity management platform
Use Case Summary
Third parties accessing internal infrastructure via APIs are identified based on a certificate issued by a qualified certification authority or in compliance with the bank’s own rules. This includes definition, monitoring, and access management of unlicensed third parties. With API monetization, this will also be essential for billing and tracking of traffic.