Building a Digital Payments Platform

A large bank needed to build a digital payments platform to create a competitive advantage, comply with PCI, and secure APIs. To do this, they needed the right API platform. They found it with Akana

Akana Helps the Large Bank

Create New Channels

Ensure PCI Compliance

Automate API Security

A large bank did an internal assessment to identify initiatives that would increase revenue. One of those was a next generation digital payments platform.

Create Industry Advantages by Publishing APIs

The bank built a platform to publish APIs to gain competitive advantages. 

Open New Channels

The bank needed to open new channels to stay ahead of competitors. So, the bank identified the clear need for opening new transaction processing channels for Apple Pay, Samsung Pay, and Starbucks. All with a very short turn around.

The bank proactively built a platform that not only addressed current pressures. It also created industry advantages. The team succeeded by innovating, rationalizing, and modernizing the bank’s existing infrastructure.

Keep Up With Technology Trends

The large bank needed to be blockchain ready. At the time of the assessments, at least 40 competitive banks were exploring a digital currency blockchain. The bank’s challenge was to prepare and ramp up initiatives for blockchain and vital real-time transaction processing.

At the same time, banking centers shifted. Transactions at traditional banking centers were fading away. The large bank needed a customized, automated response model to address customer needs. 

Comply With Requirements

The large bank needed to comply with ACH requirements. These were new government mandates for processing payments in virtual real time.

The large bank also needed tokenization for PCI compliance. The bank faced the substantial task. They needed to rationalize and eliminate over 50 applications deployed over multiple platforms. The goal was to establish a foolproof tokenization security strategy. This strategy protects against credit card number theft vulnerabilities.

To create these industry advantages, the large bank needed help. They found it with the Akana API management platform

Akana Made It Easy to Build a Digital Payments Platform

They needed to go beyond API basics. Akana made it easy for the large bank to build out the digital payments platform.

The bank leveraged the following capabilities of the Akana platform to support their objectives.

Lifecycle Management

The industry is moving to API-driven architecture. So, the large bank quickly realized they needed to establish a standardized way to design, create, and document the APIs.

They needed a way to manage the portfolio and API lifecycle. This meant ensuring they were:

They also need to ensure that the governance processes they put in place didn’t slow down their agile development processes.

The bank leverages the Akana platform's API lifecycle management capabilities to establish and enforce standards. Akana also helps them automate their development processes. For example, Akana hooks into their agile tools such as Jenkins.

What Does It Take to Have a Successful Lifecycle?

Learn everything you need to know about the lifecycle of APIs. Explore our content hub.

👉 API Lifecycle Hub

Security

Most of the APIs the bank publishes need to be delivered securely. This includes the infrastructure hosting the API and the API interface itself.

Akana protects the bank’s applications from external threats while providing state of the art API security. The Akana API gateway offers comprehensive protection against OWASP top 10 API threats including:

  • Cross Site Scripting (XSS).
  • Cross Site Request Forgery (CSRF).
  • Injection.
  • Session Management.

It also provides antivirus scanning and strong cryptographic protection.

A couple of examples of the security features the bank implements are:

  • OAuth: A high-performance, scalable OAuth server. The bank uses it to authenticate users and authorize access to all APIs.
  • Throttling: Every app has its own contract with the gateway. This ensures that each app can only consume an agreed up amount of traffic from each API.

PCI Compliant Infrastructure

The large bank needed to establish a PCI compliant infrastructure. The Akana platform received several PCI compliant certifications:

  • At the customer location on-premises.
  • In our own hosted cloud offering.

API Gateway

The bank needs to easily manage several IBM WebSphere® DataPower appliances. The bank leverages the Akana platform with IBM WebSphere® DataPower to automate the administration of APIs and services across several IBM DataPower appliances.

By using Akana, they simplified the administration, reduced the operational costs, and reduced the risk of failures during API rollout. Without the Akana platform, the deployment of and changes to an API had to be configured manually on each IBM DataPower appliance. And that would introduce errors.

The bank additionally leverages the following Akana API gateway features:

  • Mediation: Quickly mediate from SOAP to REST using declarative out-of-the box mediation policies. Mediate between security policies. For example, mediate between a REST API using OAuth to a SOAP service with sophisticated WS-Security policies. Transform from one object type to another using declarative and prescriptive approaches.
  • Orchestration: Create new APIs from scratch. Orchestrate the integration of multiple services together using a configuration not coding approach.

Analytics

Visibility of services and APIs across many IBM DataPower appliances proved to be very challenging for the bank. The Akana platform allow the bank to gain complete visibility of their APIs and services across their IBM DataPower appliances. Akana gives them API analytics on operational, consumer, and business metrics that they never had before.

Developer Engagement

Automating new channel onboarding to the digital payments platform is key to the banks future success. A critical part of any API platform is the ability to provide developers with a self-service platform. This is where developers can use to find and easily consume APIs.

Akana provides a API portal for:

  • Documentation: Dynamically generated Swagger documentation for all the APIs with additional downloadable documents providing helpful implementation guides.
  • App Provisioning: Developers can create their own app definitions and request access to APIs with specific quotas and service-levels.
  • Testing: Developers can send test requests from a custom test client or using the testing features built-in to the API docs.

Why the Large Bank Chose Akana

Portfolio and Lifecycle Management

The Akana platform is the only platform with complete portfolio and lifecycle management capabilities. This is critical as the bank adopts API-first architecture.

Akana makes it easy to:

  • Manage the portfolio of APIs.
  • Maintain auditability and traceability of those APIs throughout the lifecycle.

Gateway Flexibility

The Akana API gateway is unique in supporting the IBM DataPower appliance. And it matches policy driven capabilities.

The bank chose the Akana platform for its scalable software API gateway, which can be used on premises or in the cloud. The bank chose the successful Akana platform because of its ability to easily manage and control APIs within regulatory guidelines — on IBM DataPower appliances.

PCI DSS v3.1 Level 2

The bank needed a partner with extensive knowledge in establishing a PCI certified environment. So, they chose the Akana platform because of its hardened PCI DSS v3.1 and status as a Level 2 certified service provider.

Status

The bank successfully created a secure PCI environment by implementing a tokenization strategy. They eliminated 50 applications on all PCI-compliant scope platforms. The token service is managed by the Akana platform.

The bank also automated the onboarding of new transaction processing channels. Most recently, the large bank enabled Apple Pay. And, they were able to add it in a matter of hours instead of months.

What's Next For the Large Bank?

The bank is rolling out lifecycle governance for its services and API strategies. Once the process is established, lifecycle management capabilities will be configured in the Akana platform. DevOps automation and auditing of the APIs and Services will be provided throughout the full lifecycle.

Be Like the Large Bank

See how Akana can help you create new channels and ensure security and compliance.

Request your free 30-day trial to get started. 

START FREE TRIAL ▶️ WATCH DEMO FIRST