Experts discuss business models and IT security at the Airlock Security Breakfast

From 14 September 2019, European Union banks will need to adopt an open approach towards third-party providers under the new PSD2 Directive. Swiss banks are opening up without regulatory requirements. Standards and platforms are being created with the aim of simplifying access to bank accounts for FinTechs. During the Airlock Security Breakfast, the current situation in Switzerland was examined closely; with both the effects on the banks’ business model and secure access management being discussed.  

Jürgen Petry, New Business Innovator at Raiffeisen Switzerland, and founder of the API Working Group of the Swiss Fintech Innovation Association (SFTI), gave an overview of the numerous API standardisation initiatives currently being undertaken in Switzerland:

It is important to build a knowledge platform across the entire API environment in Switzerland, and to provide full-featured test systems as well as simple sandboxes, so as to enable developers to carry out developments in these sandboxes and gain additional knowledge via the knowledge platform.

In addition, Petry explained why a Swiss API payment standard is needed, and why it is not possible to simply adopt the European NextGenPSD2 API. He explained that there are features of the ISO20022 message standard for payments that are specific to Switzerland and need to be considered. He also noted that the API initiative of the SFTI addresses not only payment transactions but also other business areas in banking (loans, portfolio management, etc.). Finally, Jürgen Petry emphasised that the various national standardisation initiatives must be able to work alongside one another, and also be in tune with international committees so that a sustainable solution can emerge. 

Marianne Wildi, CEO of Hypothekarbank Lenzburg, also presented a business model that has successfully reconciled the modern API economy with the transformation of the Hypothekarbank from traditional bank to digital financial services provider. She pointed out that

technology is important, but in the end you have to know where you position yourself in the market. It all comes together, Open API alone is not enough. The financial institution must know which unique selling propositions it has and on which a business model is based.

The Hypothekarbank Lenzbung has already integrated various Fintechs via APIs and, thanks to innovative providers, is reaching new customer groups who are now depositing their money in Lenzburg.  

Martin Zahner, Business Development Manager at Airlock, spoke of the effects of open banking on IT security and access management:

Banks have to offer their customers an attractive user experience via digital channels, otherwise they migrate to the FinTechs. This requires, among other things, trouble-free authentication. Likewise, as the APIs open up, there are also new weak points that have to be protected. User and identity management, such as the Airlock IAM - part of the Airlock Secure Access Hub - is able to define and enforce accurate access policies. Thus, only authorised persons can call up the data and services – also on the API. Banks have to offer their customers an attractive user experience via digital channels, otherwise they migrate to the FinTechs. This requires, among other things, trouble-free authentication. Likewise, as the APIs open up, there are also new weak points that have to be protected.

Blognews directly to your inbox

The Airlock Newsletter informs you continuously about new blog articles.

Subscribe blognews

No blog posts

This list contains no blog posts.

Information for you

-Our whitepapers-

Executive View: KuppingerCole - Airlock Secure Access Hub for applications and APIs

This KuppingerCole Executive View report provides an architectural and functional overview of the Airlock Secure Access Hub, an integrated platform for secure access management - a multicloud-native security tool for web applications, APIs and beyond.

 

Fill out the form now and receive Executive View!

Whitepaper: Security for cloud-native applications

You can read about how companies can ensure the security of web applications and APIs in Kubernetes in the white paper "Security for cloud-native applications", which was created in collaboration between heise and Airlock.

 

Request whitepaper

Whitepaper: Zero Trust is a journey

The ongoing digital transformation of the world is progressing and having a profound impact on our personal and professional lives in ways that were difficult to imagine just a few years ago.


This white paper discusses the effects of continuous digitalization and its impact.

Request free of charge

Off to DevSecOps

In this white paper, you will learn the most important insights into how you can implement DevSecOps successfully and efficiently, which security components are required for this and the advantages of a microgateway architecture.

 

Request free of charge

Airlock 2FA - Strong authentication. Simple.

Double security - this is what two-factor authentication offers in the field of IT security.


Find out more about strong authentication and the possibilities offered by Airlock in our white paper.

Download for free

Further whitepapers

We provide you with free white papers on these and other topics:

 

  • Successful IAM projects
  • compliance
  • Data protection (DSGVO)
  • Introduction of PSD2
  • PCI DSS requirementsPCI DSS requirements
Request free of charge