As Open Finance progresses globally, financial institutions are required to implement and operate advanced API security. In the leading ecosystems such as the UK, Australia, Brazil, and Saudi Arabia, banks are required to verify that they have correctly implemented FAPI, an extension of OAuth/OIDC, through the OpenID Foundation’s “OpenID Certification” program. In addition, more specifications are expected to become mandatory in the future, such as CIBA, which provides decoupled authentication for improved security and convenience, and FAPI 2.0, the next version of FAPI.
There are a number of Open Finance solutions are currently on the market today. They are often marketed as “turnkey solutions” that will solve all compliance issues. But there are pitfalls. In some cases, these solutions are designed to replace existing user authentication capabilities or duplicate and synchronize customer data, which can lead to drawbacks such as an inconsistent user experience and increased complexity in customer identity management.
Compliance with industry-standard security specifications such as FAPI and CIBA is critical to achieving security and interoperability is very important. At the same time, however, an Open Finance infrastructure should be built with the control and agility to deliver the best “Open Finance experience” as a consistent part of the overall financial services user experience.
Authlete is the world’s first solution to achieve all “Certified FAPI OpenID Providers” conformance profiles, including UK Open Banking, Australia CDR, Brazil Open Banking / Insurance, and KSA Open Banking. Its “OAuth/OIDC Component as a Service” architecture provides maximum flexibility for financial institutions.
Banks can comply with API security regulations as Authlete continues to support the latest identity and API authorization standards.
Banks can quickly implement industry standards in a matter of days by leveraging Authlete's intuitive APIs and your programming language of choice.
Banks can easily integrate Authlete APIs with their existing infrastructure, such as user authentication services and API gateways.
Banks can choose deployment options for Authlete, either managed cloud or on-premises, to meet their security, performance, compliance, and other requirements.