In this blog, we will detail how modern banking can be viewed in terms of three fundamental concepts: the businesses, the infrastructure, and open banking.
These concepts are forming what we call the ‘three pillars’ of modern banking and as such, they need to be fundamentally addressed, understood, and provided with the right foundations in terms of security.
Table of Contents
Overview
Modern banking is at the crossroads between what we can call ‘traditional’ banking and the revolution initiated by the PSD2 directive which is to be understood in the vaster project of “open banking”.
To better understand the situation, we can view modern banking as supposed by ‘three pillars’:
The Business (the profitable activities realized by banking), the infrastructure (the network, the hardware, and software needed to realize the business, especially in automated ways) and the open banking (the world brought by PSD2 with the open APIs, etc.)
In what follows we will explain in detail these three fundamental concepts and finally, we will explain why it is so important to have a unified way to provide to all them with security, protecting their cryptographic operations.
The First Pillar: The Bank Businesses
The first pillar is the most important and fundamental for banks. This is how they make money. The main subcategories are:
Money Transfer. This includes all non-card transactions such as SWIFT or ACH transfers but also money transfers from other networks such as Western Union for instance
Loans, credits, mortgages, insurances. This includes as well, besides loans, all sorts of financial services (or products) that a bank usually provides, and there can be many of them, like mobile recharge, etc.
Asset management. This includes all sorts of capital management, risk management for assets, financial services, and products for trading, etc.
Card transactions. This includes the ‘traditional’ business of automated transactions involving Automatic teller machines (ATMs) or EFTPOS terminals (terminals found typically in shops) and credit or debit cards (EMV and non-EMV), issuing and acquiring. Banks can also typically operate processing gateways.
That pillar is the ‘tradition’ of the bank, its business which developed with the time and became automatically interconnected with other banks by means of networks and information systems.
To be able to conduct business in a connected world, banks need infrastructures, mainly networks, and machines interconnecting their business with other businesses from other banks or other third parties.
This network infrastructure can be divided into several categories
Mainframes Traditionally banks have been buying and operating a lot of mainframe systems for their business. Mainframes require specially trained operators and have a philosophy of their own. Mainframes or “Big iron” as they are often named have a long relationship with banks and in general with financial institutions. Mainframes provided by different integrators such as IBM, Unisys, or Bull offered important computation power, a solid and robust all-in-one solution to manage and solve all the problems of a bank in terms of IT, computer security, and processing of transactions. As such, they also can be part of a bank private loop payment network or be endpoints in a card payment network (as an issuer or acquirer bank for instance)
Mainframes can also be ‘big systems’ such as HP nonstop servers, dedicated to financial transaction processing. They host the bank backends.
Online Banking. Online banking includes the category of online services, web services, and bank APIs which can be integrated by other financial providers. Online banking traditionally offers bank customers a way to realize a wide variety of services such as money transfer or requiring loans. This also includes the bank front-ends to the internet.
Payment networks. This represents the card payment network. Traditionally made with bank switches and zones.
Here we define more precisely the payment network environment.
Card Acceptor
A card acceptor is defined as an ATM or a merchant that accepts payment cards and processes the transaction data then sends it to an acquirer.
Acquirer Bank
An acquiring bank (or, simply, an acquirer) is a financial institution (usually a bank) that allows a merchant to offer credit or debit card payments.option to their customers.
Issuer
An issuing bank (or simply ‘issuer’) is a financial institution (usually a bank) that issues payment cards (debit, credit, or prepaid) to their customers.
Payment Switch
Payment switches are specific financial transaction processing systems, usually extremely secure.
And finally, there is a third pillar, a newer one, which is the future of banking. This is represented by the ‘open banking’ world as introduced by the PSD2 directive.
The last pillar represents the world of the new ‘open banking’. It is a conception where customers are in charge of their data and can master their bank account as they wish, without an opaque and close system.
Open banking is often seen linked to newer technologies and concepts such as the Internet of things (IoT), cloud computing, and blockchain.
For now, Open Banking is being actively developed in the Eurozone but it is a global concept and is to be developed in the USA as well as part of a general change of culture and practices in banking.
The fundamental concept is that banks must open their data to third parties (TPPs) via open APIs and allow payment applications to interact with such APIs.
This is to be understood in the framework of a more ‘fluid’ banking which can be much more transparent and flexible as well as open to competitive services. This is specially true for banks that offer accounts for college students who might want to have more fluidity in how they manage their money or banking services.
We see here three subcategories:
The OpenAPIs. They are to be managed by the banks. For example, licensed startups can have direct access to their data down to the level of transaction-account transactions. These APIs must implement some mandatory strong authentication.
eIDAS. eIDAS (Electronic Identification, Authentication and Trust Services) is a regulation issued by the European Union on electronic identification and trust services for electronic transactions in the European Single Market. It is a regulation for electronic signature and to be used in the context of open banking. It is the equivalent of the US NIST Digital Signature Standard (DSS) but with much more regulation power.
TPPs, payment Applications. These are often mobile payment applications that connect to the open API of banks to perform financial services, including money transfer and payment of goods, outside a card payment environment.
Here we described what we named the ‘three pillars’ of modern banking. As we see this often involves cryptographic operations to provide security.
Of course, the Payment network is traditionally provided with HSMs because it is mandatory but open banking requires very good and very secure authentication for the open API access and, as well, open banking which exposes servers over the web requires strong cryptographic protection, eventually with PKI.
The ‘temple’ supported by these three pillars needs a solid and strong foundation and powerful cryptographic servers to perform securely cryptographic operations.
Acodez is a renowned web development company offering software development using Emerging Technologies. We offer all kinds of web design and web development services to our clients using the latest technologies. We are also a leading digital marketing company providing SEO, SMM, SEM, Inbound marketing services, etc at affordable prices. For further information, please contact us.
Looking for a good team
for your next project?
Contact us and we'll give you a preliminary free consultation on the web & mobile strategy that'd suit your needs best.
Rithesh Raghavan, Co-Founder, and Director at Acodez IT Solutions, who has a rich experience of 16+ years in IT & Digital Marketing. Between his busy schedule, whenever he finds the time he writes up his thoughts on the latest trends and developments in the world of IT and software development. All thanks to his master brain behind the gleaming success of Acodez.
