ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
Home Community Banking

How Banks Are Using APIs to Balance Security and Openness

May 10, 2017
Reading Time: 4 mins read

By Tyler Mondres

Technology and widespread smartphone adoption is fundamentally changing the ways customers access financial services. Banks and technology firms are increasingly offering digital services that help customers more effectively track and manage their finances. As customers use these digital services, they are creating an unprecedented amount of data. This data can facilitate the creation of new banking products and services and has created a market for consumer financial service data. To enable customers to access these services, banks are actively developing ways to facilitate safe and secure data transmission via application programming interfaces, or APIs, which allow different software components to communicate and exchange information. For example, the Facebook API enables companies to let their users “sign in via Facebook.”

API data portals

Some banks have formed individual partnerships with data aggregators and third-party service providers to facilitate secure data transmission. For example, in early 2017, both J.P. Morgan Chase and Wells Fargo announced a data sharing agreement with Intuit. These agreements will enable customers to authorize their banks to securely share their personal financial data with Intuit’s financial management applications—without forfeiting their username and password. Customers will first be required to authenticate their identity to verify the request. After authentication, a one-use token will be issued to allow Intuit to access the data via an API. Tokenization is used to protect sensitive account credentials and customers have the ability to revoke access at any time.

The creation of a secure portal allows customers to share their data with third parties more securely. The legacy practice known as “screen scraping” requires customers to forfeit their online banking username, password and other account access credentials, exposing them to risk should the third party be compromised. APIs can facilitate a secure connection that provides data aggregators a “read only” portal to retrieve data from a customer’s account that ensures the customer retains control of their data.

API developer portals

In addition to partnerships, some banks are developing secure API developer portals that allow authorized third parties to access specific customer data sets in a secure, bank-controlled environment. The BBVA API Market, for example, currently offers four APIs to developers in the U.S. for applications in the areas of payments, customers, cards and accounts. The payments API allows third parties to access the services required to move money from a BBVA customer’s account. The customers API enables third parties to create, update or retrieve customer profile records. The cards API enables third parties to integrate information regarding the credit and debit cards of BBVA customers and the accounts API returns a list of customer accounts and certain details about each account. The API Market offers three additional APIs exclusively in Spain: for loans, PayStats and notifications.

Providing developers with access to APIs can benefit banks and their customers. However, the protection of sensitive customer data must always come first. To that end, banks require companies to pass a robust due diligence process to receive access to customer data. For example, in order to access BBVA’s API Market, developers have to create an account. The account gives developers access to a “sandbox” testing environment with a set of non-real user data; however, robust due diligence is required to access live customer data in the production environment. Once a company has successfully completed this process, they must receive authorization from the BBVA customer to access their information. All of BBVA’s retail APIs require customer authorization and authentication.

Through API developer portals, developers can leverage banks’ capabilities to build or improve their services. However, banks also stand to benefit from open banking systems. As more companies begin to leverage BBVA’s API Market, for instance, the number and variety of digital services available to BBVA customers could greatly increase. “The great thing about this business is that we can think up some basic uses, and build a service around those uses,” says Raul Lucas, Spain country manager for open APIs at BBVA. “But when we make it available to third parties—the ones who really know their businesses—they come up with uses which would never even have occurred to us.”

The APIs could also provide BBVA with new sources for customer acquisitions and loan originations. For example, through the loans API, third parties can inform customers when they have access to a pre-approved loan from BBVA. Additionally, the API can be integrated into the checkout process to allow customers to finance their purchase of a third party product or service at the point of sale with a BBVA loan.

APIs at community banks

While building API developer portals internally offers ultimate control over how third parties access authorized customer data and enables banks to offer access to a broader group of developers, it can be a more expensive and time consuming option. However, technology firms exist that can provide API-as-a-service support for banks that require technological expertise related to building developer portals. Alternatively, banks can strike individual partnerships with fintech firms that are capable of integrating their services into a bank’s system via individual data portals.

Community banks that receive technology services and support from a core processor may require the coordination of their provider to enable open banking capabilities. Banks should engage in discussions with their core processors to understand what options are available for facilitating safe and secure data transmission.

 


Recent Bank API Developments

As more customers demand access to third party financial services, banks continue to work on methods of safe and secure data transmission. Below are a selection of developments that have occurred in the bank API space:

Capital One DevExchange. In March 2016, Capital One announced the launch of a new developer portal, Capital One DevExchange. The DevExchange currently offers four APIs: SwiftID, Rewards, Credit Offers and Bank Account Starter.

Citi Developer Hub. In November 2016, Citi launched the Developer Hub. The Developer Hub currently has eight APIs available in a closed beta: Accounts, Authorize, Cards, Customer, Money Movement, Onboarding and Pay with Points. Money Movement and Onboarding are currently listed as only available in Australia and Singapore.

J.P. Morgan Chase. In January 2017, J.P. Morgan Chase announced a data-sharing agreement with Intuit that will allow customers to authorize Intuit to download requested customer data for the purposes of their financial services, such as Mint and QuickBooks.

Wells Fargo. In June 2016, Wells Fargo announced a data sharing agreement with Xero to enable small businesses to have their account data poured directly into Xero’s accounting software. In February 2017, Wells Fargo also announced a data sharing agreement with Intuit similar to the deal announced by Chase. Wells Fargo is currently working on a “Developer Gateway.” The program is currently in beta mode and is only available by invitation.


 

Tags: Customer data accessFintech
ShareTweetPin

Author

Tyler Mondres

Tyler Mondres

Tyler Mondres is senior director of economic research at ABA and a frequent contributor on economic and fintech topics to the ABA Banking Journal.

Related Posts

ABA urges FCC to modernize calling rules, strengthen fraud protections

ABA expresses support for strengthening FCC’s Robocall Mitigation Database

Compliance and Risk
July 15, 2026

ABA expressed support for the Federal Communications Commission’s draft proposal to strengthen the Robocall Mitigation Database in a letter sent in advance of a vote on issuing the proposal.

Trump orders creation of AI ‘action plan’

White House announces cybersecurity clearinghouse for software patches

Compliance and Risk
July 15, 2026

The White House has announced a cybersecurity “clearinghouse” that would coordinate scanning for software vulnerabilities and the distribution of vulnerability patches.

ABA nominates officers, board for 2022-2023

ABA nominates officers for 2026-2027

Community Banking
July 15, 2026

ABA's Nominating Committee has finalized the official slate of officers to be presented for election at the association’s annual meeting scheduled for Oct. 27 in Salt Lake City.

Report: Republicans push back against proposed cuts to CDFI Fund

ABA warns against increasing administrative burden for CDFI Fund awards

Community Banking
July 14, 2026

While ABA supports responsible stewardship of federal financial assistance, any changes to how that assistance is distributed should preserve the operational effectiveness of the CDFI Fund for financial institutions, the association said in a letter to the Office...

OCC sees need for regulatory reform in bank merger process

Bank acquisitions announced in three states

Community Banking
July 14, 2026

Proposed mergers announced of banks in Nebraska, Illinois and New Hampshire.

Q&A: Sports banking in a changing universe

Q&A: Sports banking in a changing universe

Wealth Management
July 14, 2026

'This is an incredibly exciting time for college athletics ... For banks, this evolution presents a tremendous opportunity.'

NEWSBYTES

Beige Book: Economic activity ticked up in May, June

July 15, 2026

Vought calls for more CFPB oversight, says open banking proposal coming soon

July 15, 2026

ABA expresses support for strengthening FCC’s Robocall Mitigation Database

July 15, 2026

SPONSORED CONTENT

Why Your Systems Keep Slowing Down — and What to Do About It

Examiners Are Now Looking at Your Non-Core Systems

June 11, 2026
Your Floorplan Audit and Your Credit Decision Are Weeks Apart. That Gap Has a Price.

Your Floorplan Audit and Your Credit Decision Are Weeks Apart. That Gap Has a Price.

June 1, 2026
A Modern Blueprint for Serving High-Net-Worth Families

A Modern Blueprint for Serving High-Net-Worth Families

May 28, 2026
Why Your Systems Keep Slowing Down — and What to Do About It

AI Is in Your Bank. Is Your Cloud Contract Governing It?

May 20, 2026

PODCASTS

Podcast: Understanding the 2025 Home Mortgage Disclosure Act data

July 8, 2026

Podcast: Financing America’s independence

June 29, 2026

Podcast: Talent and innovation in community banking

June 18, 2026

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2026 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2026 American Bankers Association. All rights reserved.