PNC Treasury Management has announced new capabilities that strengthen its corporate banking platform, PINACLE. The newly introduced features – PINACLE Connect and PINACLE Payee Account Validation – remove complexities and address client feedback, specifically related to technology integration and fraud prevention. Through PINACLE Connect, PNC can now seamlessly integrate its treasury management services directly into its clients’ existing Enterprise Resource Planning (ERP) systems, providing an embedded banking experience. PNC clients leveraging this new offering can now initiate payments, track payment statuses, and access their account and transaction information all within their ERP, utilizing their existing PINACLE data access controls. PINACLE Connect provides clients with a streamlined interface, keeping treasurers’ day-to-day activity in one platform – removing the need to switch between systems – and ultimately, eliminating friction in the customer experience. This embedded banking experience is representative of customers’ changing expectations and a broader acceptance of new technologies. In addition, PINACLE Payee Account Validation provides industry first integrated account validation directly within the PINACLE payment workflow. This new capability helps clients more easily transact by confirming payee details, and most importantly, alerting businesses when there are signs of potential payments fraud, such as supplier email account compromise.
Bond Financial Technologies, the enterprise-grade platform for embedded finance, announces the availability of its latest product, Bond Embedded Credit. Current and new customers can now build and launch personalized credit products with a single integration, including underwriting, risk management, servicing, and compliance. Embedded Credit, coupled with other Bond products such as Embedded Accounts, Embedded Cards, and Embedded Money Movement, creates the foundational building blocks that support a wide range of financial use cases. Bond’s suite of credit APIs and services — including KYC, KYB, card issuance, underwriting, risk management, funding, and debt servicing — removes friction for Bond’s customers and their developers, which allows greater speed-to-market, personalization, and oversight. The Bond team brings a wealth of knowledge to build the future of finance by leveraging their experience from institutions such as Square, Goldman Sachs, American Express, PayPal, Affirm, and SoFi. Cledara, a SaaS purchasing and management platform, is Bond’s first embedded credit customer. Cledara selected Bond for their entry to the US market over other Banking-as-a-Service platforms specifically because of Bond’s unique credit and data capabilities. Launching their SaaS Management platform enabled by a credit product was key for Cledara in providing greater value to US customers in the form of access to capital and enhanced rewards incentives.
The Financial Data Exchange (FDX) has announced a major update of its common open finance standards via the release of FDX API version 5.0. The new version of the FDX API significantly increases market standardization of financial data sharing around consent, user control and consumer dashboards, and aligns with other global standards to promote greater interoperability and industry adoption. FDX API 5.0 significantly expands the standardization of consumer data sharing in the financial industry. Some new components of FDX API 5.0 include:
- Consumer Control Dashboard Designs – FDX’s updated User Experience Guidelines 2.0 now include design guidelines for the implementation of consumer dashboards at data providers (i.e., financial institutions), data recipients (i.e., fintech apps) and data access platforms (i.e., financial data aggregators) so that consumers will be empowered with ongoing transparency and control of their financial data sharing activity. Consumer dashboards across the financial industry will give consumers multiple avenues to view and revoke prior data sharing consent and deepen consumer awareness of their data sharing.
- Standardized Consent – FDX API 5.0 includes several mechanisms to further standardize user consent throughout the financial data sharing process. FDX’s new Consent API allows consent traceability and transparency so that user consent can be uniformly read and understood by all entities involved in user-permissioned data sharing. In addition, End User Notification of Consent Grant will provide consistent communication to consumers about their data sharing consent. Finally, FDX is enhancing consent management via previously mentioned ecosystem-wide dashboards for viewing and revoking consent.
- Alignment with Globally Interoperable Standards – The FDX API Security Profile now references, supports and recommends utilization of the Open ID Foundation’s Financial-grade API (FAPI) security standard for securing traffic to APIs and for the authentication of end users (FAPI 1.0 Advanced & CIBA protocols). In addition, FDX API 5.0 aligns annuity data definitions with the insurance industry’s Association for Cooperative Operations Research and Development (ACORD) standards body. FDX alignment with these recognized global standards will further interoperability and adoption of the FDX API.
- Reciprocal “Two-Way” Data Sharing between Data Providers & Third Party Fintechs – FDX API 5.0 is introducing a new paradigm by allowing data recipients and data access platforms like fintechs and data aggregators to share information in the other direction and with data providers when fraud is suspected in a current user session. Such reciprocal data sharing not only promotes data sharing security, but also opens an innovative pathway for future user-permissioned two-way data sharing across the financial industry.
- TotallyMoney, the credit app to help customers move their money forwards, launches new API integration with loan and credit card platform, Lendable. The credit building Level card prioritises simplicity, flexibility and transparency. TotallyMoney’s API integration enables pre-approval and guaranteed rates, meaning that customers can apply with greater certainty. Those with CCJs and defaults may be accepted for the Level card, which if used responsibly can help customers increase their credit score.
- TotallyMoney’s API integration for Lendable’s Level credit card provides greater transparency as customers will be shown the APR they’ll get before application. In addition to this they can find out if they’re pre-approved for the offer, meaning a more personalised experience that helps them move towards their financial goals. This is a stark contrast to the market norm where only 51% get the advertised APR. With the other 49% potentially receiving a higher and more expensive rate after being accepted. Through TotallyMoney’s credit app users can track their live report and score for free, forever and those who use their Level card responsibly, stay within their limit and make repayments on time may see their credit score improve.
- With flexibility at its core, Level customers can add the card to their phone wallet, use it virtually, and manage spending and payments within the app. As well as credit limits of up to £1,500, and guaranteed rates, the Level card comes with zero foreign usage fees. Those with CCJs and defaults who might traditionally be rejected for credit products are able to apply for the Level card, enabling them to rebuild their credit profile.
Plaid is fully venturing on its own into the payments landscape. laid is “launching an ecosystem of payment partners to provide flexible options for any company to make bank payments an option in their checkout flows, and streamline digital account onboarding, top ups, and payouts, all at lower costs.” That ecosystem, spanning Europe and North America, is being built around existing partnerships Plaid has in place with companies like square, and new relationships with companies like Marqeta and Checkout.com, among others. The enhanced data connectivity in the ecosystem, significantly reduces the time to enable account-to-account transactions. Those transactions, Plaid said, historically had not been a “popular choice” as they were slow and cumbersome to set up — users had to look up account numbers or wait to initiate transactions after microdeposits went through. Through Plaid’s direct connectivity, the company said — and with that connectivity spanning 11,000 institutions — the account-to-account activity, and open banking activity, is instant. The transactions will not involve credit or debit cards, which is why Plaid contends that the ecosystem would serve as a complement to, and not a competitor to, the card networks.
New report allows financial services providers to see how customers’ evolving attitudes and expectations are reshaping the industry, changing how banks compete and win in an increasingly crowded and competitive marketplace. Key findings highlight the increasingly diversified and fragmented banking landscape, the financial needs of younger consumers, the complex relationship between digital and “real-world” banking, and the hype surrounding crypto investing. Consumers are embracing the “unbundling” of financial services. While consumers aren’t looking to make a wholesale switch away from traditional banks, over a third (36%) would rather use different financial providers for different needs, including investments and cryptocurrencies, money management and personal financial management and financial education and coaching.
- Thirst for information is growing and Gen Z is leading the charge. This year’s survey identifies opportunities that are based on education and support. Gen Z customers (60%) reported that they would like their bank to give them advice on how to manage their money and would use their bank’s physical branch more often if they were able to offer financial education, talks and interactive tools. Two out of every five are still using their banks’ physical branch at least monthly.
- Ubiquitous banking comes of age. This year’s report shows a leap in the number of people using voice-activated personal assistants to access financial services as well as an increased use of social platforms in financial activities. Over a third of respondents said they had used a personal assistant (e.g., Alexa, Google Home, Siri) for banking in the last year.
- Cryptocurrency: headline hype translates to genuine interest. Alternative investment platforms are now mainstream and there is a latent interest for cryptocurrency investment. Almost two fifths (38%) of all adults are willing to consider cryptocurrency, and over a third (36%) of Gen Z want their bank to offer cryptocurrency investment options.
BaaS platform Contis will be launching variable contactless limits for consumers, driving more flexibility, security, and payments possibilities for everyone. This means that any customer of a business leveraging Contis’ BaaS innovative solutions will soon have full control at their fingertips by setting their own contactless payment threshold. By introducing contactless limit controls for individual accounts, customers will have the autonomy to set their own comfort level and stay in control of their money. The move comes as the joint HM Treasury and FCA decision to increase the contactless threshold from £45 to £100 rolls out across the UK.
- Financial institutions and fintechs can be proactive about security by adopting several key practices to ensure both secure API designs and secure implementations. As a first critical practice, API development must shift security left by considering security earlier in the software development lifecycle. Software and process security must be a primary non-functional requirement, and the team’s API governance model should include risk assessment and threat modeling of all new features. Being able to recognize API security vulnerabilities and knowing how to act is another important practice. Teams should be thoroughly familiar with the OWASP API Security Top 10. Awareness of how security vulnerabilities manifest – and how hackers exploit them – allows teams to build security into their API offerings. Below are some examples of these safeguards.
- Ensure every API operation uses proper authentication: Broken object level authorization and broken user authorization are the most common errors in API services, and can lead to errors such as letting one user download all customers’ records and personal data. Always ensure the API operations require proper authentication and results only include data the caller is authorized for.
- Use strong software to validate all data sent to APIs: Letting invalid data into a system can lead to data exposures or data corruption. A good practice is to enforce such validation automatically, so the engineering team does not have to manually code validation for every API operation’s request body, query parameters and request headers. An automated process helps ensure developers can’t accidentally omit validation. Define the API’s constraints through strict JSON Schema and other declarative methods (available when defining an API with the OpenAPI specification). This enables a more secure development lifecycle, including automatic code generation to validate input data more strictly.
- Protect against automated attacks: It is important to adequately fund the API security practice. Ultimately, an executive leadership team has responsibility for establishing security as a priority and “paying” for security up front. They should assign responsibility for API security to, for example, the chief information security officer or an API security architect. Someone at your organization must have the authority and funding to create and execute (train, build, staff, equip, maintain) the API security strategy.
- Ongoing education is paramount: Provide routine training on API security and general cybersecurity issues not just to the engineering team, but to the business analysts and product team (remember: “shift left”). Continually monitor industry resources to stay on top. Engineering teams should employ tools to scan API designs for common vulnerabilities such as weak input validation. Organizations should also join groups and attend conferences where API security is discussed in depth. Learn from your peers, build the community and maybe even contribute back.
Some banks have turned to ServiceNow’s platform solution that connects processes, systems, and people across the front, middle, and back offices to accelerate a bank’s digital transformation. The software vendor offers several agile platforms that span multiple domains (core operations, HR, risk, security, etc.) that bank employees can access through a portal.
- ServiceNow, described the M&A challenges as fundamentally about people, processes, and technology. For each of these, ServiceNow has platforms that improve visibility; this visibility helps frame potential issues, enhances resiliency and promotes better collaboration during the transition. On the technology front, the ITx platform brings together unconnected data and powers IT workflows across operations management, asset management, business management, DevOps, and Security & Risk.
- This foundational platform lets the bank map its technology environment and facilitates integration. Essentially, the IT platforms allow the bank to 4 move from a 50,000-foot-view of the integration to a ground-level view so management can better understand and manage implementation priorities. The bank can invest now in the ITx platform and add elements in the future when the bank is ready to implement them, such as a loan or payments program. These deployments take less than 12 weeks and can be further modified as needed without compromising resiliency.
- This flexibility and extensibility are made possible by a low-code development platform and an industryspecific data model. In the case of an M&A involving two large, complicated technology environments, the ITx platform gives bank employees greater visibility into operations to improve efficiencies and cost savings. They can identify and eliminate redundant systems, map devices across both organizations and determine if those devices need updating. Moreover, by giving employees a common platform to interact, the new bank helps to facilitate the cultural merger of the two organizations.
Startup Pagos set out to build a SaaS platform with what it describes as API-driven micro-services to help companies optimize their payment processing and execution of it. In the short term, Pagos is offering services such as “immediate” payment data visualizations, automatic notifications on payment trends or problems and up-to-date bank identification number (BIN) details to manage customers and track costs. Looking ahead, the company is planning to offer network tokenization and account updater services. Midsize to large companies are getting reasonable traction on sales online or via their mobile app. Once they start hitting meaningful numbers, their payment infrastructure is holding them back. Pagos want to help them scale, and execute more with less resources.” Since day one, the company has been working with customers on a global scale, from 50-person companies to others that are selling billions of dollars of products and services online. the Pagos offering is unique in both the capabilities of their services and the delivery model to customers. Over time, the team plans on delivering more than a dozen individual micro-services that solve specific payment optimization challenges — all accessible via APIs.