ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
ADVERTISEMENT
Home Community Banking

How Banks Are Using APIs to Balance Security and Openness

May 10, 2017
Reading Time: 4 mins read

By Tyler Mondres

Technology and widespread smartphone adoption is fundamentally changing the ways customers access financial services. Banks and technology firms are increasingly offering digital services that help customers more effectively track and manage their finances. As customers use these digital services, they are creating an unprecedented amount of data. This data can facilitate the creation of new banking products and services and has created a market for consumer financial service data. To enable customers to access these services, banks are actively developing ways to facilitate safe and secure data transmission via application programming interfaces, or APIs, which allow different software components to communicate and exchange information. For example, the Facebook API enables companies to let their users “sign in via Facebook.”

API data portals

Some banks have formed individual partnerships with data aggregators and third-party service providers to facilitate secure data transmission. For example, in early 2017, both J.P. Morgan Chase and Wells Fargo announced a data sharing agreement with Intuit. These agreements will enable customers to authorize their banks to securely share their personal financial data with Intuit’s financial management applications—without forfeiting their username and password. Customers will first be required to authenticate their identity to verify the request. After authentication, a one-use token will be issued to allow Intuit to access the data via an API. Tokenization is used to protect sensitive account credentials and customers have the ability to revoke access at any time.

The creation of a secure portal allows customers to share their data with third parties more securely. The legacy practice known as “screen scraping” requires customers to forfeit their online banking username, password and other account access credentials, exposing them to risk should the third party be compromised. APIs can facilitate a secure connection that provides data aggregators a “read only” portal to retrieve data from a customer’s account that ensures the customer retains control of their data.

API developer portals

In addition to partnerships, some banks are developing secure API developer portals that allow authorized third parties to access specific customer data sets in a secure, bank-controlled environment. The BBVA API Market, for example, currently offers four APIs to developers in the U.S. for applications in the areas of payments, customers, cards and accounts. The payments API allows third parties to access the services required to move money from a BBVA customer’s account. The customers API enables third parties to create, update or retrieve customer profile records. The cards API enables third parties to integrate information regarding the credit and debit cards of BBVA customers and the accounts API returns a list of customer accounts and certain details about each account. The API Market offers three additional APIs exclusively in Spain: for loans, PayStats and notifications.

Providing developers with access to APIs can benefit banks and their customers. However, the protection of sensitive customer data must always come first. To that end, banks require companies to pass a robust due diligence process to receive access to customer data. For example, in order to access BBVA’s API Market, developers have to create an account. The account gives developers access to a “sandbox” testing environment with a set of non-real user data; however, robust due diligence is required to access live customer data in the production environment. Once a company has successfully completed this process, they must receive authorization from the BBVA customer to access their information. All of BBVA’s retail APIs require customer authorization and authentication.

Through API developer portals, developers can leverage banks’ capabilities to build or improve their services. However, banks also stand to benefit from open banking systems. As more companies begin to leverage BBVA’s API Market, for instance, the number and variety of digital services available to BBVA customers could greatly increase. “The great thing about this business is that we can think up some basic uses, and build a service around those uses,” says Raul Lucas, Spain country manager for open APIs at BBVA. “But when we make it available to third parties—the ones who really know their businesses—they come up with uses which would never even have occurred to us.”

The APIs could also provide BBVA with new sources for customer acquisitions and loan originations. For example, through the loans API, third parties can inform customers when they have access to a pre-approved loan from BBVA. Additionally, the API can be integrated into the checkout process to allow customers to finance their purchase of a third party product or service at the point of sale with a BBVA loan.

APIs at community banks

While building API developer portals internally offers ultimate control over how third parties access authorized customer data and enables banks to offer access to a broader group of developers, it can be a more expensive and time consuming option. However, technology firms exist that can provide API-as-a-service support for banks that require technological expertise related to building developer portals. Alternatively, banks can strike individual partnerships with fintech firms that are capable of integrating their services into a bank’s system via individual data portals.

Community banks that receive technology services and support from a core processor may require the coordination of their provider to enable open banking capabilities. Banks should engage in discussions with their core processors to understand what options are available for facilitating safe and secure data transmission.

 


Recent Bank API Developments

As more customers demand access to third party financial services, banks continue to work on methods of safe and secure data transmission. Below are a selection of developments that have occurred in the bank API space:

Capital One DevExchange. In March 2016, Capital One announced the launch of a new developer portal, Capital One DevExchange. The DevExchange currently offers four APIs: SwiftID, Rewards, Credit Offers and Bank Account Starter.

Citi Developer Hub. In November 2016, Citi launched the Developer Hub. The Developer Hub currently has eight APIs available in a closed beta: Accounts, Authorize, Cards, Customer, Money Movement, Onboarding and Pay with Points. Money Movement and Onboarding are currently listed as only available in Australia and Singapore.

J.P. Morgan Chase. In January 2017, J.P. Morgan Chase announced a data-sharing agreement with Intuit that will allow customers to authorize Intuit to download requested customer data for the purposes of their financial services, such as Mint and QuickBooks.

Wells Fargo. In June 2016, Wells Fargo announced a data sharing agreement with Xero to enable small businesses to have their account data poured directly into Xero’s accounting software. In February 2017, Wells Fargo also announced a data sharing agreement with Intuit similar to the deal announced by Chase. Wells Fargo is currently working on a “Developer Gateway.” The program is currently in beta mode and is only available by invitation.

ADVERTISEMENT

 

Tags: Customer data accessFintech
ShareTweetPin

Author

Tyler Mondres

Tyler Mondres

Tyler Mondres is senior director of economic research at ABA and a frequent contributor on economic and fintech topics to the ABA Banking Journal.

Related Posts

Marketing automation drives value for bank marketers

Retail and Marketing
June 23, 2025

Automation can assist bank marketers with lead analysis, scoring and pipeline reporting when built into a bank's CRM or automation platform.

FBI: Crypto-related fraud losses increased 45% in 2023

Justice Department seizes millions of dollars linked to alleged crypto investment scams

Compliance and Risk
June 20, 2025

The Department of Justice announced it has seized $225.3 million in funds linked to cryptocurrency investment scams. The action marks the largest cryptocurrency seizure in Secret Service history.

Podcast: Staying close to clients amid tariff-driven volatility

Podcast: Staying close to clients amid tariff-driven volatility

ABA Banking Journal Podcast
June 18, 2025

Amid tariff-related volatility, how are small and midsize businesses and the banks that serve them faring?

FDIC, OCC tighten policy considerations for bank merger applications

Report: Bank merger activity continues at steady pace

Community Banking
June 18, 2025

While there was a temporary stall in bank merger activity in early 2025 because of the economic fallout of tariffs and other Trump administration policies, overall quarterly deal announcements have held steady, according to a new analysis by...

Senate Democrats seek proposals for regulatory changes following recent bank closures

Stablecoin bill clears Senate

Newsbytes
June 17, 2025

The Senate voted in favor of legislation to establish a regulatory framework for payment stablecoins, with proposed amendments to establish routing mandates and interest rate caps for credit cards left out of the final bill.

OCC sees need for regulatory reform in bank merger process

Bank acquisitions announced in Ohio, Florida

Community Banking
June 17, 2025

FSB Financial has applied to buy Republic Banking Co. in Ohio. Commerce Bancshares has agreed to buy FineMark Holdings in Florida.

NEWSBYTES

House passes ABA-backed ‘trigger leads’ bill

June 23, 2025

Fed removes reputational risk from bank exams

June 23, 2025

OCC: Bank trading revenue $15B in Q1 2025

June 23, 2025

SPONSORED CONTENT

AI Compliance and Regulation: What Financial Institutions Need to Know

Unlocking Deposit Growth: How Financial Institutions Can Activate Data for Precision Cross-Sell

June 1, 2025
Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

April 25, 2025
Outsourcing: Getting to Go/No-Go

Outsourcing: Getting to Go/No-Go

April 5, 2025
Six Payments Trends Driving the Future of Transactions

Six Payments Trends Driving the Future of Transactions

March 15, 2025

PODCASTS

Podcast: Staying close to clients amid tariff-driven volatility

June 18, 2025

Podcast: Old National’s Jim Ryan on the things that really matter

June 12, 2025

Podcast: What bankers need to know about ‘First Amendment audits’

June 5, 2025
ADVERTISEMENT

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2025 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2025 American Bankers Association. All rights reserved.