open payment transaction apis without compromising security
DESCRIPTION
The idea of banks using APIs to 'open' their systems to third party developers is really popular now. That's fine when it comes to informational apps like Google maps. But with transaction data like card and other payments the security issue mean open APIs are not practical. PSPs have used hosted payments pages to circumvent this problem - OK but very limited control for the page developer often means poor UX. Tokenisation also helps but is quite limited and not suitable for interactions between user and app. This presentation explains a new approach by Ixaris which could revolutionize third-party development of transactional payments applications without compromising security.TRANSCRIPT
![Page 1: Open payment transaction APIs without compromising security](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5470477faf795991308b4696/html5/thumbnails/1.jpg)
Open Payments Without Compromising Security
![Page 2: Open payment transaction APIs without compromising security](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5470477faf795991308b4696/html5/thumbnails/2.jpg)
• Reduced Interchange
• More Regulation
• Need for New Revenues
• Increased Compliance Burden
The future brings challenges
![Page 3: Open payment transaction APIs without compromising security](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5470477faf795991308b4696/html5/thumbnails/3.jpg)
“Platforms that provide private and public Web APIs enable banks to respond quickly to new opportunities, and third-party developers to build the banking solutions they need”
Key Recommendations
• Use apps to deliver new services• Provide private and public Web APIs to quickly pursue
new revenue opportunities and facilitate market expansion
Respond by opening up payments
![Page 4: Open payment transaction APIs without compromising security](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5470477faf795991308b4696/html5/thumbnails/4.jpg)
Open APIs are starting to happen
![Page 5: Open payment transaction APIs without compromising security](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5470477faf795991308b4696/html5/thumbnails/5.jpg)
openbut with permission
permissionless
closed
But what does “open” really mean?
![Page 6: Open payment transaction APIs without compromising security](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5470477faf795991308b4696/html5/thumbnails/6.jpg)
Legacy systems
Payments Application Platform
Corporate Purchasing
Steps to opening up
Web / Mobile UI
Enterprise
systems
Client’s own
services
Expense Management
APIAPI API
Incentive Payments
![Page 7: Open payment transaction APIs without compromising security](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5470477faf795991308b4696/html5/thumbnails/7.jpg)
Legacy systems
Payments Application Platform
DIY products
Steps to opening up
Web / Mobile UI
Enterprise
systems
Client’s own
services
Off-the-shelf
APIAPI API
Apps built by trusted developers
![Page 8: Open payment transaction APIs without compromising security](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5470477faf795991308b4696/html5/thumbnails/8.jpg)
Legacy systems
Payments Application Platform
API
Product X
Crowd
?API
But do you really want open APIs?
![Page 9: Open payment transaction APIs without compromising security](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5470477faf795991308b4696/html5/thumbnails/9.jpg)
Secure vs Flexible?
![Page 10: Open payment transaction APIs without compromising security](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5470477faf795991308b4696/html5/thumbnails/10.jpg)
Legacy systems
Payments Application Platform
PayML
Product X
Open secure access without APIs!
Mash-ups
Mobile Apps
Web-based tools
Payment ‘tags’ added to standard HTML, to specify
payment directives
Pages automatically scrubbed to allow only safe content
HTML/PayML pages submitted by external
developers but run within secure bank environment
![Page 11: Open payment transaction APIs without compromising security](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5470477faf795991308b4696/html5/thumbnails/11.jpg)
• more compelling products
• enhanced by Clients and Developers
Competitive advantage through:• Add a (cloud-based) payments
application platform over legacy systems to facilitate service innovation
• API-enable payment products, but only give APIs to trusted customers and partners
• Open up access through safe methods like PayML to tap the broad developer community for your own app store of myriad payment apps and services…
The future is here…get busy!
![Page 12: Open payment transaction APIs without compromising security](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5470477faf795991308b4696/html5/thumbnails/12.jpg)
Thank you
Alex MifsudFounder & CEO
Ixaris Systems Ltd22 Long Acre
London WC2E 9LY
www.ixaris.com