APIs engages corporates, fintechs, aggregators & neo banks
Experts on open banking discuss topics such as API partners, benefits, categorization, role of KPIs, security, analytics, valuables & controls:
APIs provide banks with realtime data that enables them to analyse and look deeper into financial behavior of customers. Using this information, banks are able to provide more personalized products, undertake targeted engagement and cross-sell and do better credit underwriting. This results in enhanced customer experience and the ability for banks to empower them in their financial journey.
PRIMARY & SECONDARY PARTNERS
Kotak Mahindra Bank has enabled APIled partnerships with multiple institutions across industries. The bank has around 250+ partners that leverage its state-ofthe-art API infrastructure to generate business value. Deepak Sharma, President & Chief Digital Officer at the bank, says: “Our API services are used by partners across corporates, fintechs, aggregators, neo banks, etc. Our APIs have also enabled many use cases in government departments. We have a sophisticated API infrastructure servicing multiple use cases of various industries and sectors.”
Prakash Lal, Vice President (Products) at Fino Payments Bank, says the bank’s primary partners are fintech players who are into servicing customers on assisted and/or self-channel. Neo-banks are another segment that we are targeting.”
CATEGORIZATION OF API
For API categorization, banks look at customer on-boarding, service and new product development as their top priorities. It also depends upon the business use case of the partners.
Prakash explains: “We categorize APIs into transaction and account-based. Further, the transactions are categorized into type of transactions, value-based and authentication modes.”
Deepak says Kotak Mahindra Bank makes sure its API infrastructure is ready to cater to the customers needs. “Broadly, we can categorize our APIs into lending, payments + collections, and account service APIs.”
KPI FOR API
An API infrastructure is more about enabling multiple use cases for one’s partners on a real-time basis. The BFSI industry has seen many ground-breaking innovations led by digital transformation. Use cases like UPI, video KYC as well as instant refunds, cash backs, etc, are made possible by the innovative and robust implementation of API-led integrations.
According to Deepak, APIs have been the pathway to achieving operational efficiency and excellence in terms of integration efforts, timelines, and exploring several new use cases. This has empowered the bank to drive its core business in exponential increments that deliver greater customer convenience and delight while at the same time opening new business opportunities.
For Prakash, primary KPI is high transaction processing. Other KPIs include integration time, speed, support, resolution, high transparency, and high uptime.
MAIN VALUABLES & CONTROLS
While digitization has accelerated innovation and opened many new use cases, there has also been a rise in fraudulent activities. Hackers are behind the sensitive customer information and financial institutions need to invest in a world-class robust cybersecurity mechanism to thwart any attacks.
Fino Payment Bank has an SSO-based key mechanism where it has multiple layers of authentications. Says Prakash: “Customer data and transaction data are the most valuable items that hackers are attempting to extract. We have a high level of security on the infra side and a high level of encryption. Currently, this suits best for us. Likewise, organizations can choose what is best for them.”
He adds that data gives deep insights and that analytics can be performed based on various parameters like user patterns and geographical patterns.
Security is the priority at Kotak Mahindra Bank where every API integration passes through the microscopic lens of risk teams, compliance teams and IT security teams, that evaluate not only bank infrastructure but also thoroughly examine partner IT architecture for any vulnerabilities. Says Deepak: “OAuth tokenization, payload encryption, checksum validation, to name a few, are the standards that we follow, and we continuously evaluate and upgrade our security protocols at regular intervals.”