Building a Digital Payments Platform
In 2014, a large bank performed an internal assessment to project necessary infrastructure changes. The team’s challenge was to anticipate current and future market trends and opportunities. The bank’s resources focused on revenue strategy and tactical development to roll out profitable, new initiatives. Energy was directed into exploring successful channels for its core competencies. This action lead to creating a successful and profitable next generation digital payments platform for the strongest areas of the bank: Business and Retail Banking as well as Wealth Management.
Akana Helps With...
Creating New Channels
Create Industry Advantages
The bank built a platform to publish APIs for:
- Open New Channels – In order to keep ahead of its competitors, the bank identified the clear need for opening new transaction processing channels for Apple Pay, Samsung Pay, and Starbucks, all with a very short turn around.
- Blockchain Ready – At the time of the assessments, at least 40 competitive banks were exploring the trend for a fast, projected rollout of digital currency blockchain. The bank’s challenge was to prepare and ramp up initiatives for blockchain and vital real-time transaction processing.
- Banking Centers Shift – A customized, automated response model was a more practical method of addressing a customer’s needs, rather than transactions at traditional banking centers.
- ACH Requirements – The new government mandates for processing payments in virtual real time had to be met.
- Tokenization for PCI – Due to the PCI compliance scope, the bank faced the substantial task of rationalizing and eliminating over fifty applications deployed over multiple platforms. The goal was to establish a foolproof tokenization security strategy for protecting credit card number theft vulnerabilities.
- Action – The bank proactively built a platform that not only addressed current pressures but also created industry advantages. The team succeeded by innovating, rationalizing, and modernizing the bank’s existing infrastructure.
The Akana Solution
The bank selected the on-premises deployment of the Akana API management platform to build out the digital payments platform. The bank leveraged the following capabilities of the Akana platform to support their objectives:
With the movement to an API-driven architecture the bank quickly realized they needed to establish a standardized way to design, create, and document the APIs. They needed a way to manage the portfolio and lifecycle of the APIs to ensure they were building the right APIs, at the right time, in the right way according to their regulatory standards and they could easily locate them. They also need to ensure that the governance processes they put in place didn’t impede their agile development processes.
The bank leverages the Akana platform's API lifecycle management capabilities to establish and enforce standards and to automate their development processes by hooking into their agile tools such as Jenkins.
Most of the APIs the bank publishes need to be delivered securely, both in terms of the infrastructure hosting the API, and the API interface itself. The API management solution protects the bank’s applications from external threats while providing state of the art API security. The Gateway offers comprehensive protection against OWASP top ten threats including Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Injection, Session Management, and more. It also provides antivirus scanning and strong cryptographic protection.
A couple of examples of the security features the bank implements are:
- OAuth – a high-performance, scalable OAuth server that the bank uses to authenticate users and authorize access to all APIs.
- Throttling – every app has its own contract with the gateway ensuring that each app can only consume an agreed up amount of traffic from each API.
PCI Compliant Infrastructure
Working with payment data requires the bank to establish a PCI compliant infrastructure. The Akana platform has been through several PCI compliant certification at customer location on-premises and in our own hosted cloud offering.
The bank has several IBM WebSphere® DataPower appliances that needed to be easily managed. The bank leverages the Akana platform IBM WebSphere® DataPower to automate the administration of APIs and services across several IBM DataPower appliances simplifying the administration, reducing the operational costs, and reducing the risk of failures during API rollout. Without the Akana platform, the deployment of and changes to an API had to be configured manually on each IBM DataPower appliance which would introduce errors.
The bank additionally leverages the following Akana API gateway features:
- Mediation – quickly mediate from SOAP to REST using declarative out-of-the box mediation policies. Mediate between security policies, for example between a REST API using OAuth to a SOAP service with sophisticated WS-Security policies. Transform from one object type to another using declarative and prescriptive approaches.
- Orchestration – create new APIs from scratch by orchestrating the integration of multiple services together using a configuration not coding approach.
Visibility of services and APIs across many IBM DataPower appliances proved to be very challenging for the bank. The Akana platform allow the bank to have complete visibility of their APIs and services across their IBM DataPower appliances giving them API analytics on operational, consumer, and business metrics that they never had before.
Automating new channel on-boarding to the digital payments platform is key to the banks future success. A critical part of any API platform is the ability to provide developers with a self-service platform they can use to find and easily consume APIs. The bank’s API management platform provides an API portal for:
- Documentation – dynamically generated Swagger documentation for all the APIs with additional downloadable documents providing helpful implementation guides.
- App Provisioning – developers can create their own app definitions and request access to APIs with specific quotas and service-levels.
- Testing – developers can send test requests from a custom test client, or using the testing features built-in to the API docs.
Portfolio and Lifecycle Management
The Akana platform is the only platform in the industry providing complete portfolio and lifecycle management capabilities. As a bank moves to an API-driven architecture, it needs the ability to manage the portfolio of APIs and have auditability and traceability of those APIs throughout the lifecycle.
The Akana platform is the only platform in the industry, which supports both an industry-leading software-based API Gateway and the IBM DataPower appliance, with matching policy driven capabilities. The bank chose the Akana platform because of its ability to have a scalable software API gateway on premises or in the cloud. The bank chose the successful Akana platform because of its ability to easily manage and control APIs within regulatory guidelines, on IBM DataPower appliances.
PCI DSS v3.1 Level 2
The bank required that the API platform vendor had extensive knowledge in establishing a PCI certified environment so they chose the Akana platform because of its hardened PCI DSS v3.1 and status as a Level 2 certified service provider.
The bank has successfully completed the creation of a secure PCI environment by implementing a tokenization strategy. It has eliminated fifty applications on all PCI-compliant scope platforms. The token service is managed by the Akana platform. The bank has been able to successfully automate the onboarding of new transaction processing channels. Most recently, it has enabled Apple Pay and was able to seamlessly add it in a matter of hours instead of months.
The bank is rolling out lifecycle governance for its services and API strategies. Once the process has been established, lifecycle management capabilities will be configured in the Akana platform. DevOps automation and auditing of the APIs and Services will be provided throughout the full lifecycle.