FS-ISAC updates API for financial data sharing

The Financial Services Information Sharing and Analysis Center (FS-ISAC) released an updated version of the Durable Data API for secure, tokenized data transfer. The application programming interface and accompanying white paper are available free of charge to the industry and represent the culmination of a year-long effort by the FS-ISAC Data Aggregation Work Group and multiple fintech firms to devise an advanced standard for secure data sharing.

"Creating a standard API for secure data sharing benefits everyone in the data aggregation ecosystem," said Eric Guerrino, Chief Operations Officer at the FS-ISAC. "We want to ensure that everyone from the consumer to the financial institution and the data aggregators can share information safely, quickly and accurately."

With the API, financial institutions and fintech firms are able to shift aggregation traffic away from consumer login pages to a more efficient and light-weight secure format, which requires less infrastructure to support and eliminates the risk of storing credentials, according to the FS-ISAC. And through tokenization, financial institutions can share information with account aggregators more securely.

More seamless consumer experience

As consumer data enters different financial institutions, the need to log into different accounts to manage loans, deposits, investments or even make bill payments has become burdensome to users.

"The API gives consumers a more seamless and secure experience enabling greater awareness, control and peace of mind over financial data," Guerrino said, noting that once a financial services firm adopts the API, consumers can access their own information securely using a simple three-step process:

1. When a financial app user decides to set up or add a bank, insurance or other account, the individual is directed to a secure server at the financial institution to begin enrollment.
2. The user is presented with the financial institution's consent page, where he or she can select and authorize which types of data to share within the financial app.
3. Once authenticated, the user is redirected to the financial app. Authorized data sharing is executed via a unique virtual token that identifies the user and respective accounts.

Free industry access

FS-ISAC offers two ways to access the Durable Data API and the Control Considerations for Consumer Financial Account Aggregation Services Whitepaper, version 2.0. FS-ISAC member financial institutions can access the specifications and supporting materials through the secure FS-ISAC member portal. Non-member firms and fintech companies interested in receiving the materials can contact the FS-ISAC directly at eguerrino@fsisac.com.

Editor's Note:

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.