FS-ISAC Enables Safer Financial Data Sharing with API

FS-ISAC Enables Safer Financial Data Sharing with API

FS-ISAC publishes new API to facilitate safer information sharing of consumer financial information between financial institutions and technology companies

RESTON, VA., February 13, 2018 – In an effort to keep consumer financial information and businesses safer from cyberattacks, the FS-ISAC announced today the publication of an updated application programing interface (API) for more secure, tokenized data transfer.  The API is being offered free of charge to the industry.

The API and its associated Control Considerations White Paper, is the culmination of more than one year of activities of the FS-ISAC Data Aggregation Work Group, comprising more than 25 financial services firms and contributions from multiple financial technology (fintech) firms that provide data aggregation tools and services. 

“Creating a standard API for secure data sharing benefits everyone in the data aggregation ecosystem,” said Eric Guerrino, FS-ISAC chief operations officer. “We want to ensure that everyone from the consumer to the financial institution and the data aggregators can share information safely, quickly and accurately. The API gives consumers a more seamless and secure experience enabling greater awareness, control and peace of mind over financial data.”

Over a lifetime, consumer data may be scattered throughout several financial institutions. This creates the need to log into many accounts to access loans, deposits, 401(k) or bill pay transactions. Once a financial services firm adopts and utilizes the API, the consumer will be able to access their own information seamlessly and securely, creating a higher degree of awareness, control and accuracy over sensitive data.

Financial institutions and fintech companies benefit by shifting the aggregation traffic away from the consumer login pages to a more efficient and light-weight secure format. This requires less infrastructure to support and eliminates the risk of storing credentials. Aggregators benefit by eliminating the need to maintain thousands of unique versions of screen-scraping scripts, also significantly reducing risk of stored credentials.

This API supports major enhancements to secure financial data transfer including improvements in speed and error reduction. Through tokenization, the API improves security so that financial institutions can share information with account aggregators more securely. It also facilitates faster secure transfer of tokenized information from point to point.

How it works:

  • When a financial application user wishes to set up or add a bank, brokerage, or insurance account, they will be seamlessly passed to a secure server at the financial institution to begin the enrollment process.
  • The consumer is presented with the financial institution’s consent page, where they authorize the data they wish to share with the financial application, giving consumers control.
  • After authenticating, the consumer is then seamlessly passed back to the financial application. Data sharing between financial application servers and financial institution servers is then done securely via a unique virtual token that identifies the consumer and their respective accounts.

This API is supportive of protections advocated by US and European Union regulators.

How to access the “Durable Data API and the Control Considerations for Consumer Financial Account Aggregation Services Whitepaper, version 2.0”:

This specification is made available and licensed to financial institutions and financial technology firms free of charge to foster universal adoption of a more secure and robust data sharing framework.

FS-ISAC member financial institutions can access the specifications and supporting materials through the secure FS-ISAC member portal.

Non-member firms and fintech firms wishing to receive a copy may contact the FS-ISAC directly: eguerrino@fsisac.com.


About the Financial Services Information Sharing and Analysis Center:
The FS-ISAC is a non-profit corporation that was established in 1999 and is funded by its member firms. With about 7,000 members worldwide, FSISAC is a member-driven organization whose mission is to help assure the resilience and continuity of the global financial services infrastructure and individual firms against acts that could significantly impact the sector’s ability to provide services critical to the orderly function of the global economy. FS-ISAC shares threat and vulnerability information, conducts coordinated contingency planning exercises, manages rapid response communications for both cyber and physical events, conducts education and training programs, and fosters collaborations with and among other key sectors and government agencies. For more about FS-ISAC, follow us on Twitter @FSISAC and join the discussion on LinkedIn or visit www.fsisac.com.


FS-ISAC media contact:
Jane Khodos