What API Standardization Means for Data Breaches

Posted by: Ashley Choate
Business owners have hoped for years to finally get an edge on preventing data breaches and payment fraud. With recent API standardization efforts, their wish may be on the verge of coming true.

An application programming interface, or API, is “a set of programming instructions and standards for accessing a Web-based software application or Web tool.” APIs are coming to play a vital role in payment transactions, now that most currency exchanges are conducted via software through web-based communication channels.

According to PYMTS.com, a group of payment industry leaders, including banks and other financial institutions, recently met to discuss how to standardize API use in order to facilitate both faster payment capabilities and more secure interactions.

This group, called the National Automated Clearing House Association (NACHA) API Standardization Industry Group, intends to join forces in order to review API uses for same-day ACH transactions and other fast virtual payment methods. Their goal is to use that knowledge to facilitate greater collaboration between banks, financial institutions, and businesses to keep payments fast, prevent data breaches, and limit instances of payment fraud.

With the synchronization of APIs in the payment industry, everyone would benefit from easier software interaction and payment processing, as well as greater protection from various cybercriminals.

In their October 5th meeting, the API Standardization Industry Group created a list of 16 APIs to start their standardization effort. They selected three main areas of focus and further determined target APIs within those categories. The full list is as follows:

Fraud and Risk Reduction

  • API: Account Validation
  • API: Federal and State Tax Payment Receiver Account Validation for Credit Payments
  • API: Get Bank Contact Information
  • API: Industry Notification of Account Closure
  • API: Payer and Payee Identity Verification
  • API: Request Account Token

Data Sharing

  • API: Credit Decisions
  • API: Get Account Balance
  • API: Get Account History
  • API: Marketing Purpose
  • API: Single Sign On

Payment Access

  • API: Financial Institution Approval/Enrollment of ACH Originators
  • API: Human-to-Machine (Internet of Things)
  • API: Interoperability
  • API: Real-Time Messaging and ACH Network Interoperability for “Credit Push” Payments
  • API: Transaction Status

While they’re only focusing on five for now, the group plans to expand to touch on each of these issues over time. Considering a study conducted by the federal reserve, which indicated that non-prepaid debit cards are now by far the dominant form of payment (8 percent growth rate between 2012 and 2015) followed closely by credit cards and ACH transactions, quick and secure payment transactions are vital to the success of every business. Standardizing APIs is just a start.

In short, with regard to data breaches, API standardization means increased communication between payment processors, greater interoperability in security measures, and less lag time or confusion when accounts or personal information may be compromised. Maybe, it seems the payment industry is doubling down in its efforts to combat payment fraud and hacking attempts.

By increasing their willingness to work together and their determination to turn technology in their favor, financial institutions may be changing the game in more ways than one—for consumers, by ensuring their purchases and payment methods are safer than ever before; for cybercriminals –  by making their “jobs” a lot harder.