Chris Skinner's blog

Shaping the future of finance

If you’re API and you know it, block aggregators

Chris Skinner Author Avatar
by

I bumped into a real API marketplace the other day.

It gained a few nice comments like:

“So people could stock up on spaghetti code and sandbox toys” from Alex Kuznetsov; and

“It doesn’t actually stock anything. Just lets you connect to other stores more easily to get what you need” from Ron Miller

Regardless of the humour, APIs are in vogue and in controversy after JPMorgan Chase made a decision that third parties can now only access customer data via APIs.

The decision is an interesting one, as it’s in keeping with the idea of Open Banking as per the UK and EU approach. In particular, Europe resisted the idea of the Yodlee aggregator view of the world, where customers give their passwords to third parties. America allowed this, and screen scraping cut and paste, but the security of such access has always been questionable for many.

Therefore, it does not surprise me that a major bank like JPMC is setting a deadline for moving away from screen scraping to APIs. According to Reuters, third party payments providers (TPPs) must sign a deal with the bank by July 30 committing to API access, and dropping password access, if they want to continue providing services to JPMC’s clients.

It does not mean the customer has to drop aggregators who use password access by July 30. Just that their providers must commit to transition across by that date.

“We’ve been working on this with aggregators and fintechs since 2016 because our secure API is the best way to help our customers make smart money decisions more easily and safely,” Paul LaRusso, managing director of digital platforms at Chase, said in a written statement to Reuters. “Customers can still use their favourite apps and websites while these companies migrate to our API.”

Interestingly, a few folks are making a big deal out of this.

FinTech Futures spoke to Canadian start-up Cinchy, which is trying to eliminate the replication of data in banks. CEO Dan DeMers says “even APIs create a spaghetti infrastructure” which is susceptible to security breaches because the technology still has to replicate data like the bank’s siloed, legacy systems.

He may have a point as, over the last two years, there has been a dramatic shift in the number of cyber-criminals targeting APIs in an effort to bypass security controls, according to the new State of the Internet report that Akamai released today. Akamai’s report observed an astonishing 85 billion credential abuse attacks in the two-year period from December 2017 to November 2019. A significant proportion of these attacks were against hostnames clearly identified as API endpoints, which totaled over 16 billion hacking attempts.

The report indicates that APIs are being used primarily as a weapon against the financial services industry, with almost 500 million attacks targeting financial organisations. In addition, the attacks against the finance sector in this two-year period were not exclusively API focused; Akamai recorded the single largest credential stuffing attack against a financial services firm in the company’s history, consisting of over 55 million malicious login attempts.

The solution?

According to Cinchy it is to use a networked approach, where all data is available to all without replication.

Interesting idea, but probably resisted by many today. A bit like the idea of using cloud a decade ago, the idea of networked data rather than replicated data is a difficult cultural barrier to overcome. Longer-term maybe Cinchy’s idea will work … but today, this is a tough sale.

Chris Skinner Author Avatar

Chris M Skinner

Chris Skinner is best known as an independent commentator on the financial markets through his blog, TheFinanser.com, as author of the bestselling book Digital Bank, and Chair of the European networking forum the Financial Services Club. He has been voted one of the most influential people in banking by The Financial Brand (as well as one of the best blogs), a FinTech Titan (Next Bank), one of the Fintech Leaders you need to follow (City AM, Deluxe and Jax Finance), as well as one of the Top 40 most influential people in financial technology by the Wall Street Journal's Financial News. To learn more click here...

Intelligent Money: Our Future Is Where We Do Not Think About Money, As Our Money Thinks For Us

What is the future?

Learn more

Learn more about Chris

About Chris Skinner

The Past, Present And Future Of Banking, Finance And Technology

Fintech expert Chris Skinner: countries need digital transformation to remain competitive

Join me on Linkedin

Follow Me on X!

Hire Chris Skinner for dinners, workshops and more

Learn directly from from one of the most influential people in technology, gain insights from the world's most innovative companies, and build a global network.

Chris’s latest book

Order now

Chris Skinner’s ‘Intelligent Money’ Book Launch Event

Top 50 Global Thought Leaders and Influencers on Finance 2024

Global Awards

Lifetime Achievement Award

Global 100 - 2024 Winner

Chris Skinner - Financial Markets Advisor of the Year - The Finanser - UK 2023

Best Financial Markets Advisor of the Year 2023

30 Best Regtech Blogs and Websites 2023

Kids creating the future bank | TEDxAthens

Captain Cake and the Candy Crew

Captain Cake Winner of a Golden Mom’s Choice Award

TWO-TIME WINNER OF A MOM’S CHOICE GOLD AWARD!

Alex at the Financial Services

Gaping Void's Hugh MacLeod worked with the Finanser