The Financial Services Information Sharing and Analysis Center today unveiled an updated API — available to banks free of charge — to facilitate secure, tokenized transfer of customer data. An API — short for application programming interface — is a protocol that allows different software and systems to exchange data. The new FS-ISAC API is an industry-led effort to help customers manage their financial lives by securely integrating data from multiple financial institutions’ systems.
“Creating a standard API for secure data sharing benefits everyone in the data aggregation ecosystem,” said Eric Guerrino, COO at FS-ISAC. “We want to ensure that everyone from the consumer to the financial institution and the data aggregators can share information safely, quickly and accurately. The API gives consumers a more seamless and secure experience enabling greater awareness, control and peace of mind over financial data.”
The use by many financial aggregators of “screen scraping” — a technique by which third parties retain bank customers’ login credentials in order to display account information — has raised security concerns throughout the industry. The use of an API like FS-ISAC’s can facilitate this information exchange more securely. In the American Bankers Association’s advocacy, the association has emphasized that the financial industry is developing private-sector solutions to the technological challenges of customer data access.
Under the new FS-ISAC API, when a financial app user wishes to import an account at a financial institution, he will be “seamlessly passed to a secure server at the financial institution to begin the enrollment process,” FS-ISAC said. The customer will be shown the bank’s consent page and authorize the data he wishes to share; after authentication, the customer will seamlessly return to the original app. Authorized data sharing servers will be conducted securely via a unique virtual token. For more information, contact ABA’s Rob Morgan. Download ABA’s white paper on understanding APIs.