SlideShare a Scribd company logo

FDX API Overview (Dinesh).pdf

D
DeepChandi2

The document summarizes an organization called the Financial Data Exchange (FDX) and its work developing standards for consumer access to financial records. FDX operates independently under FS-ISAC and aims to promote interoperable standards for securely sharing consumer financial data. The document outlines FDX's mission and membership, its API portfolio including the FDX API specification, and provides an overview of FDX's technical workgroups. It also summarizes FDX's standards for authentication, authorization, account coverage, and communication security.

Technology
1 of 11
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
The Industry Standard for Consumer Access to Financial Records FDX API and Security Overview Dinesh Katyal – 7/20/20
The Industry Standard for Consumer Access to Financial Records FDX Confidential. All rights reserved. Agenda 2 Organization Overview The FDX API Portfolio - FDX API 4.1 - Control Consideration for Consumer Financial Account Aggregation 3.1 - User Experience Guidelines – Account Information 1.0 - Use Cases Q & A
The Industry Standard for Consumer Access to Financial Records FDX Confidential. All rights reserved. Mission 3 The Financial Data Exchange (FDX) mission is to promote and enhance a common interoperable standard and operating framework to efficiently and securely share consumer and business financial data. FDX operates as an independent subsidiary of the Financial Services Information Sharing and Analysis Center (FS-ISAC) and took up the work of the FS-ISAC Aggregation Working Group. FDX launched on 18 October 2018.
Financial Data Exchange (FDX) The current Board comprises 11 Financial Institutions, 5 Permissioned Parties, 5 Aggregators, 2 Industry Groups & the FS-ISAC. The Industry Standard for Consumer Access to Financial Records Open Membership | ¼ of members are Fin-Tech firms | 2/3 are not banks | FDX is not a policy or lobbying group. 118 Member Organizations
The Industry Standard for Consumer Access to Financial Records FDX Confidential. All rights reserved.
The Industry Standard for Consumer Access to Financial Records FDX Technical Organization Security & Authentication User Experience & Consent API / Data Structures Qualification & Certification OFX Working Groups Every Working Group, Committee and the Board are co-chaired by a Financial Institution and a Non-Financial Institution Technology Review Committee E2E Encryption Task Forces Cert Model Directory Tax Forms Intermediary ID UX Guidelines Taxonomy Money Movement FDX Staff Director Product +
The Industry Standard for Consumer Access to Financial Records FDX Confidential. All rights reserved. FDX API 7 • Secure authentication - Tokenized access to data - No login credentials used/ held by aggregator/ apps • Authorization and consent standard - Owner approves what is shared, its use, and duration - UX guidelines 1.0 will cover consent for account information services • API specification - Replaces screen scraping - JSON/ REST - Comprehensive coverage of account information services and tax forms (US) - Free to access and royalty free to use
The Industry Standard for Consumer Access to Financial Records FDX Confidential. All rights reserved. Supported Accounts and Documents ■ Deposit: ■ Lines of Credit: Checking (DDA) Credit Cards Savings LOC (retail) Money Market Accounts LOC (Commercial) Time Deposits (CD) HELOC Other Other ■ Loans: ■ Investments Loans (Installment) IRA Mortgages TAXABLE Loans (Commercial) TRUST Other Other ■ Insurance: ■ Annuities: ● Statements ● Tax Documents: US Tax Forms ● Images (receipts or check images)
The Industry Standard for Consumer Access to Financial Records • FALL 2020 Release Timeline • Sep 7 – RFC cutoff for release inclusion • Sep 21: • Spec 4.2 (tax ‘20) – 14-day member notice • Spec 4.5 (non-tax RFCs) – WG notification • Oct 5 (60 days prior) – • Spec 4.2 (tax ‘20) - GA • Spec 4.5 (non-tax RFCs) – 60-day member notice • Dec 3 – Spec 4.5 GA Note: Tax and non-tax will be aligned from Fall 2021 onwards shifting general release schedule up by 2 months Release Calendar
The Industry Standard for Consumer Access to Financial Records FDX Confidential. All rights reserved. Control Considerations 10 • Conceptual security architecture stack - Federated user authentication interoperability with OpenID Connect 1.0 - Delegated user authorization using OAuth 2.0 - Specific user identification pattern using FIDO 1.2 UAF • Communication; - TLS for all communications - NIST recommended encryption algorithms - Recommended key lengths and host name verification enabled • API Security Profile - Normative references to FAPI part 1 – read only security profile - FAPI part 2 – read-write security profile OAuth 2.0
The Industry Standard for Consumer Access to Financial Records FDX Confidential. All rights reserved. Questions

More Related Content

PPTX
apidays LIVE New York 2021 - Security Design Patterns that Protect Sensitive ...
apidays
 
PDF
apidays New York 2023 - CATTS out of the bag, Jean-Paul LaClair, FDX
apidays
 
PDF
apidays New York 2022 - Discussing the significance of API standardization, D...
apidays
 
PPTX
Secrets of the Enterprise Buyers with Plaid's Global Finance Lead and Laika's...
saastr
 
PPTX
Finance Industry Innovations
Lina Waiganjo ACCA
 
PPTX
Data Fraud Analytics Industry
Cole Secor
 
PPTX
TMT SA Presentation
Cole Secor
 
PPT
PCI Compliance 101
pgalletta
 
apidays LIVE New York 2021 - Security Design Patterns that Protect Sensitive ...
apidays
 
apidays New York 2023 - CATTS out of the bag, Jean-Paul LaClair, FDX
apidays
 
apidays New York 2022 - Discussing the significance of API standardization, D...
apidays
 
Secrets of the Enterprise Buyers with Plaid's Global Finance Lead and Laika's...
saastr
 
Finance Industry Innovations
Lina Waiganjo ACCA
 
Data Fraud Analytics Industry
Cole Secor
 
TMT SA Presentation
Cole Secor
 
PCI Compliance 101
pgalletta
 

Similar to FDX API Overview (Dinesh).pdf (20)

PDF
Fintech Software Development: A Comprehensive Guide in 2024
SeasiaInfotech2
 
PPTX
What is FinTech- Technology in Finance
Mobcoder
 
PDF
Moving To MicroServices
David Walker
 
PDF
CloudCamp Chicago April 2015 - Patrick Kerpan's talk "What Financial Cloud Sh...
CloudCamp Chicago
 
PPT
Su10 ceo workshop_supporting slides
mcgowaUSA
 
PDF
10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...
amadhireddy
 
PDF
Unlocking Financial Data: An Introduction to the FIDA Framework
TechnoXander - Open Finance
 
PPTX
Blockchain and the investment industry stack
David Taylor
 
PDF
ICUL Credit, Debit and Prepaid Services
Kenneth Bator
 
PDF
Financial server blue print - Blueprints.pdf
Ropiudin5
 
PPT
David Whitaker: Managing Your Vendors
Electronic Signature & Records Association
 
PDF
Banking Software
Gaurav Bhatia
 
PDF
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
Miminten
 
PDF
Fintech Cyber Security Survey Hong Knog 2018
Entersoft Security
 
PDF
Financial Services: A Comprehensive Guide
centurion wealth
 
PPTX
IBM Cloud for Financial Services Overview
Suzanne Livingston
 
PPTX
FinTech
Lee Schlenker
 
PDF
apidays LIVE London 2021 - Tech adoption in finance and banking by Christina ...
apidays
 
PPTX
Sgsits cyber securityworkshop_4mar2017
Anil Jain
 
PDF
Collaborate and Build Solutions for the Bank and Fintech Industry.pdf
Techugo
 
Fintech Software Development: A Comprehensive Guide in 2024
SeasiaInfotech2
 
What is FinTech- Technology in Finance
Mobcoder
 
Moving To MicroServices
David Walker
 
CloudCamp Chicago April 2015 - Patrick Kerpan's talk "What Financial Cloud Sh...
CloudCamp Chicago
 
Su10 ceo workshop_supporting slides
mcgowaUSA
 
10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...
amadhireddy
 
Unlocking Financial Data: An Introduction to the FIDA Framework
TechnoXander - Open Finance
 
Blockchain and the investment industry stack
David Taylor
 
ICUL Credit, Debit and Prepaid Services
Kenneth Bator
 
Financial server blue print - Blueprints.pdf
Ropiudin5
 
David Whitaker: Managing Your Vendors
Electronic Signature & Records Association
 
Banking Software
Gaurav Bhatia
 
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
Miminten
 
Fintech Cyber Security Survey Hong Knog 2018
Entersoft Security
 
Financial Services: A Comprehensive Guide
centurion wealth
 
IBM Cloud for Financial Services Overview
Suzanne Livingston
 
FinTech
Lee Schlenker
 
apidays LIVE London 2021 - Tech adoption in finance and banking by Christina ...
apidays
 
Sgsits cyber securityworkshop_4mar2017
Anil Jain
 
Collaborate and Build Solutions for the Bank and Fintech Industry.pdf
Techugo
 
Ad

Recently uploaded (20)

PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
PPTX
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
Encapsulation theory and applications.pdf
gurumoop
 
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
A Presentation on Artificial Intelligence
memembruh336
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Ad

FDX API Overview (Dinesh).pdf

  • 1. The Industry Standard for Consumer Access to Financial Records FDX API and Security Overview Dinesh Katyal – 7/20/20
  • 2. The Industry Standard for Consumer Access to Financial Records FDX Confidential. All rights reserved. Agenda 2 Organization Overview The FDX API Portfolio - FDX API 4.1 - Control Consideration for Consumer Financial Account Aggregation 3.1 - User Experience Guidelines – Account Information 1.0 - Use Cases Q & A
  • 3. The Industry Standard for Consumer Access to Financial Records FDX Confidential. All rights reserved. Mission 3 The Financial Data Exchange (FDX) mission is to promote and enhance a common interoperable standard and operating framework to efficiently and securely share consumer and business financial data. FDX operates as an independent subsidiary of the Financial Services Information Sharing and Analysis Center (FS-ISAC) and took up the work of the FS-ISAC Aggregation Working Group. FDX launched on 18 October 2018.
  • 4. Financial Data Exchange (FDX) The current Board comprises 11 Financial Institutions, 5 Permissioned Parties, 5 Aggregators, 2 Industry Groups & the FS-ISAC. The Industry Standard for Consumer Access to Financial Records Open Membership | ¼ of members are Fin-Tech firms | 2/3 are not banks | FDX is not a policy or lobbying group. 118 Member Organizations
  • 5. The Industry Standard for Consumer Access to Financial Records FDX Confidential. All rights reserved.
  • 6. The Industry Standard for Consumer Access to Financial Records FDX Technical Organization Security & Authentication User Experience & Consent API / Data Structures Qualification & Certification OFX Working Groups Every Working Group, Committee and the Board are co-chaired by a Financial Institution and a Non-Financial Institution Technology Review Committee E2E Encryption Task Forces Cert Model Directory Tax Forms Intermediary ID UX Guidelines Taxonomy Money Movement FDX Staff Director Product +
  • 7. The Industry Standard for Consumer Access to Financial Records FDX Confidential. All rights reserved. FDX API 7 • Secure authentication - Tokenized access to data - No login credentials used/ held by aggregator/ apps • Authorization and consent standard - Owner approves what is shared, its use, and duration - UX guidelines 1.0 will cover consent for account information services • API specification - Replaces screen scraping - JSON/ REST - Comprehensive coverage of account information services and tax forms (US) - Free to access and royalty free to use
  • 8. The Industry Standard for Consumer Access to Financial Records FDX Confidential. All rights reserved. Supported Accounts and Documents ■ Deposit: ■ Lines of Credit: Checking (DDA) Credit Cards Savings LOC (retail) Money Market Accounts LOC (Commercial) Time Deposits (CD) HELOC Other Other ■ Loans: ■ Investments Loans (Installment) IRA Mortgages TAXABLE Loans (Commercial) TRUST Other Other ■ Insurance: ■ Annuities: ● Statements ● Tax Documents: US Tax Forms ● Images (receipts or check images)
  • 9. The Industry Standard for Consumer Access to Financial Records • FALL 2020 Release Timeline • Sep 7 – RFC cutoff for release inclusion • Sep 21: • Spec 4.2 (tax ‘20) – 14-day member notice • Spec 4.5 (non-tax RFCs) – WG notification • Oct 5 (60 days prior) – • Spec 4.2 (tax ‘20) - GA • Spec 4.5 (non-tax RFCs) – 60-day member notice • Dec 3 – Spec 4.5 GA Note: Tax and non-tax will be aligned from Fall 2021 onwards shifting general release schedule up by 2 months Release Calendar
  • 10. The Industry Standard for Consumer Access to Financial Records FDX Confidential. All rights reserved. Control Considerations 10 • Conceptual security architecture stack - Federated user authentication interoperability with OpenID Connect 1.0 - Delegated user authorization using OAuth 2.0 - Specific user identification pattern using FIDO 1.2 UAF • Communication; - TLS for all communications - NIST recommended encryption algorithms - Recommended key lengths and host name verification enabled • API Security Profile - Normative references to FAPI part 1 – read only security profile - FAPI part 2 – read-write security profile OAuth 2.0
  • 11. The Industry Standard for Consumer Access to Financial Records FDX Confidential. All rights reserved. Questions