As Open Finance progresses globally, financial institutions are required to implement and operate advanced API security. In the leading ecosystems such as the UK, Australia, Brazil, and Saudi Arabia, banks are required to verify that they have correctly implemented FAPI, an extension of OAuth/OIDC, through the OpenID Foundation’s “OpenID Certification” program. In addition, more specifications are expected to become mandatory in the future, such as CIBA, which provides decoupled authentication for improved security and convenience, and FAPI 2.0, the next version of FAPI.
There are a number of Open Finance solutions are currently on the market today. They are often marketed as “turnkey solutions” that will solve all compliance issues. But there are pitfalls. In some cases, these solutions are designed to replace existing user authentication capabilities or duplicate and synchronize customer data, which can lead to drawbacks such as an inconsistent user experience and increased complexity in customer identity management.
Compliance with industry-standard security specifications such as FAPI and CIBA is critical to achieving security and interoperability is very important. At the same time, however, an Open Finance infrastructure should be built with the control and agility to deliver the best “Open Finance experience” as a consistent part of the overall financial services user experience.
Authlete is the world’s first solution to achieve all “Certified FAPI OpenID Providers” conformance profiles, including UK Open Banking, Australia CDR, Brazil Open Banking / Insurance, and KSA Open Banking. Its “OAuth/OIDC Component as a Service” architecture provides maximum flexibility for financial institutions.
Nubank turned to Authlete to build their authorization server to meet the latest industry standards required to comply with the Brazilian Open Banking Directive. They soon realized the Authlete solution worked well with their architecture, and decided to leverage it for another service, “NuPay” as well.
Minna Bank, the newest subsidiary of Fukuoka Financial Group, is the next generation of digital banking, created from a digital perspective and designed from scratch. Authlete enables API security for one of the most advanced digital banks.
BTG Pactual operates in the Investment Banking, Corporate Lending, Sales & Trading, Wealth Management and Asset Management markets. The largest investment bank in Latin America chose Authlete to build API the authorization infrastructure for BTG+ business.
Authlete enabled Cora to meet the new requirements while maintaining its existing digital banking user interface and experience. Cora integrated all of its existing customer authentication and risk management assets into the app2app mechanism.
au Jibun Bank selected Authlete to implement OAuth 2.0 authorization functionality for APIs exposed to its business partners. The bank valued Authlete's FAPI support and architecture to complement existing systems, as well as its smooth integration with an API gateway.
ISID and Authlete provide an OAuth 2.0 compliant API authorization server for Seven Bank, enabling collaboration with various fintech services in a secure cloud environment, and supporting the development of an open API infrastructure.