Consumers want choice, but rarely does it mean they choose one institution for all their financial services needs. More common than not, each consumer has an eclectic mix of different tools they use from different financial services institutions (FSIs). This is especially true in the age of prolific and growing FinTech offerings. Consumers now have more choices than they’ve ever had before, and it is reshaping the financial services sector.
FSIs are adapting to consumer needs for seamless integration between their traditional accounts and the smorgasbord of FinTech apps—and as FinTech popularity grows, the importance of APIs and FinTech data aggregators are growing with them.
This new and exciting frontier in financial services is leading to better overall experiences for consumers, and even strengthening value propositions through synergies for legacy organizations and FinTechs alike.
Unfortunately, this increasingly complex ecosystem is showing new cracks in traditional cyber defenses, and criminals are ready to pounce. Thus, new security efforts must be taken into consideration, and not only for both the financial institution and the FinTech data aggregator, but the customer in the middle as well.
FinTech Explosion and Implications
Per the State of FinTech report by CBInsights, Global FinTech funding more than doubled to reach record $132B in 2021. This growth is a clear sign of the more prominent role nontraditional financial services offerings are playing for consumers.
Financial services executives are taking notice as they face loyal customers choosing FinTech apps for specific requirements over their comparable digital offering. This especially stings for many in the financial sector after years of investing in developing consumer-first apps that really have captured best-in-class digital experience status. However, many FSIs are now partnering with or acquiring FinTechs strategically, since individual FinTechs often serve a niche customer need traditional FSIs don’t necessarily focus on.
APIs and FinTech Data Aggregators Grow in FinServ
The fast, flexible, and secure financial services support on an anytime, anywhere basis that consumers demand can no longer be handled by HTTP, the protocol on which the Internet was founded. Instead, APIs are playing a critical role connecting traditional FSIs with FinTech apps. This is not a trend but the new reality in modern times. Between 2020 and 2021, major financial institutions, like Citi and Wells Fargo, reported billions of API calls since launching their API connectivity platforms.
Simultaneously, there has been significant growth and adoption recently of FinTech data aggregators. No longer merely the personal finance management tools they were at inception 20 years ago, they have evolved toward helping provide much needed connectivity between FinTechs and traditional FSIs.
FinTech data aggregators streamline open banking offerings, allowing FSI customers the freedom to choose from a wide selection of apps, all while creating new revenue and intel streams by opening their business to APIs. So, it’s even more than a win-win. It’s a win-win-win. FSIs are happy. Their customers are happy. And the FinTech data app community is happy. These key solutions are reimagining the rich and diverse connection possibilities between account holders, FinTech apps, and FSIs.
Potential Challenges Associated with FinTech Data Aggregators
FinTech data aggregators have helped add tremendous value to a flourishing modern financial sector ecosystem—like accelerating customer onboarding and providing the right connectivity for Venmo payments—but they do come with serious challenges that should not be overlooked.
Since service, security, and trust are more important than ever in financial services, when evaluating FinTech data aggregators it is crucial to review and understand the associated risks. Here are four key considerations:
- Mitigating aggregator risk is a subset of bot defense—if you can't identify and defend against bots, you won't be able to identify and manage aggregators. Make sure you have the right bot defense solution in place, first and foremost.
- The goal for any business should be to get all automation off of consumer login portals for web and mobile and onto a dedicated API gateway.
- If you allow aggregators to access accounts via a consumer login flow, they will have unrestricted access to do anything within that account unless you're able to identify and restrict their activity. An API gateway allows the business to better restrict what data and actions are available to a 3rd party, but remember that many 3rd parties will only use an API if they're forced to.
- Credential stuffing via an aggregator is absolutely a thing you need to be worried about. You need to be tracking behavior over time: number of unique accounts being accessed by the aggregator, and the overall login success rate (i.e., 98%+). If those numbers start fluctuating significantly, you're under attack.
Meet Account Holder Demands While Mitigating Risk
Consumers have never had so many choices for improving their financial lives. Ease of use and powerful insights are now at the fingertips of so many. FSIs that are properly embracing the element of consumer choice in a modern financial services ecosystem through FinTech data aggregators and APIs will have a leg up on the competition, but new associated cyber risks must be properly evaluated and addressed.
Learn more by downloading our new eBook, Top Ways FinTech Data Aggregators are Impacting FinServ in 2022.
Chad Davis
Senior Manager, Industry Practice Group, F5
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...