In response to the need to facilitate payment services and expand the public’s access to them, a report from the Bank for International Settlements (BIS) explores the development of an identification and authentication application program interface (API) that could be used to implement privately and publicly administered open finance solutions with seamless scalability.
An open finance ecosystem can benefit financial system participants and society in general by creating an environment in which the competitive advantage of different players can be used to provide people with better financial services.
The Technical Task Force of the Consultative Group on Innovation and the Digital Economy (CGIDE TTF) analyzed the relevance of an efficient and reliable identification and authentication method, and delved into a centralized API implementation for this objective. The report highlights the importance of open finance for the development of the financial system, lists the trade-offs regarding implementation schemes for open finance and serves as background for the other, more technical, documents:
(i) a technical flow diagram of identity validation based on a centralized API architecture
(ii) general hardware requirements to implement the centralized solution
(iii) technical requirements for third parties on the central validator API architecture
Remote and secure identification and authentication of users is the main requirement for parties in an open finance ecosystem to interact, since this ensures different entities that a given request has indeed made by their users. Moreover, an open and standardized API scheme can provide the interoperability needed for all interested parties to participate in the open finance ecosystem. In particular, the CGIDE TTF has been analyzing an API scheme based on mobile devices to support the remote, secure and efficient identification and authentication of users of financial institutions.
The analyzed scheme is based on the establishment of a central validator (CV) that allows secure relationships to be created between financial institutions and third parties, without the need for them to come into direct contact with each other. This is accomplished by establishing secure connections between the CV and third parties on the one hand, and between the financial institutions and the CV on the other.
The security schemes used by the CV would ensure that all connections in the scheme are established between previously certified entities for the orderly provision of financial services through third parties. Furthermore, the CV provides the necessary elements to guarantee that each party involved in the provision of services through this scheme accesses only the user information strictly necessary to allow the provision of a specified financial service.