This was the first time that FinDEVr has been held in London, the venue was the Tobacco Docks in the East End of London, the building was constructed around 1811 and served primarily as a store for imported tobacco, hence the name. FinDEVr is the only conference series focused exclusively on showcasing a new tool, platform, API or case study from a leading technology company designed to help developers of Fintech create better innovations faster.
eWise was on stage June 13th presenting the Aegis SDK and discussing how we help Fintechs and Financial Institutions to transition to the coming Open Banking and PSD2 XS2A (account aggregation) landscape.
Our solution is designed to address two big issues with PSD2 open APIs :
The scope of Access-to-Accounts data access under PSD2 is limited to designated payment accounts (e.g. current accounts and credit cards): with Aegis, we can aggregate non-payment accounts to offer end-users a truly global view of all their financial accounts.
Un-unified API structure: each bank will implement their own API standard and structure. The Aegis SDK takes away the heavy lifting of target institution API development and maintenance allowing you to focus on leveraging standardised data in your user engagement. The Aegis SDK harmonises data being aggregated from various target sources into a consistent data structure.
At the end of the demonstration, there was a short Question & Answer session which covered a range of topics:
If the device is lost, the encryption key that unlocks the PDV can be remotely deleted. The user will have to re-enter their credentials on a new device.
In an ideal world we see a common industry standard for API implementation by ASPSP's. While we are seeing some collaboration in this area, particularly in Germany, it is unlikely that we will see any standardisation in the short-to-medium term. In the meantime, the eWise mission is to manage the underlying complexity of connectivity, authorisation, aggregation and data harmonisation for our customers.
Mint (in the United States) is a direct-to-consumer personal money management service owned by Intuit. Mint provides a range of money management features including spending analysis, budget and goal setting and most importantly, the ability to aggregate accounts from all your bank providers.
"When you use the “Add Accounts” feature of the Services, you will be directly connected to the website for the third party you have identified. Intuit will submit information including usernames and passwords that you provide to log into the Site. You hereby authorize and permit Intuit to use and store information submitted by you to accomplish the foregoing"
"For purposes of this Agreement and solely to provide the Account Information to you as part of the Services, you grant Intuit a limited power of attorney, and appoint Intuit as your attorney-in-fact and agent, to access third party sites, retrieve and use your information with the full power and authority to do and perform each thing necessary in connection with such activities, as you could do in person."
In terms of how eWise is different to Mint, there are three main differences:
1. eWise is not a direct-to-consumer business (B2C), we only work with banks and FinTech organisations (B2B)
2. Our patented "client-side" aggregation platform means that the end-user never discloses their online banking credentials to a third-party. All credentials are stored securely on the Personal Data Vault residing on the end-users device using AES256 encrpytion.
3. All aggregation is performed from the end-users device NOT a server. This means that data is never shared with a third-party unless the end-user consents via privacy controls.
In many financial services markets, regulators and data privacy groups favour the client-side model of data aggregation.
We work with both Banks and Fintechs. We have customers across Europe, Asia and Australia & New Zealand.
We have a native mobile SDK for both iOS and Android, but not a mobile app. Our customers (Banks and Fintechs) integrate our Aegis SDK into their mobile applications.
We are a B2B company, licencing our SDK to businesses who need Account Aggregation to perform their service.
End-User credentials are stored locally on their own device (mobile, laptop...) within the eWise Personal Data Vault (PDV). All data within the PDV is secured using AES256 encryption and the encryption keys are held on eWIse servers. In terms of safety, our platform is routinely verified by independent security firms and is subject to penetration and vulnerability tests annually. Because our architecture is distributed (everything done from the end-user device) the platform does not present a single large target for malicious attacks or hacks, this reduces the threat risk to an extremely low probability.
We have developed a number of techniques over the past 17 years of implementing our solutions that enable our connectors to navigate changes to 3rd party websites without "breaking". There are of course times when changes cannot be managed internally by the connector and in these instances the changes will be detetected by our automated testing tools. Enhancements to connectors are made by our team and deployed quickly to eWise customers.
It is certainly easier to work with APIs, but we have 17 years of working with Banks that haven’t opened up their APIs via our highly developed HTML parsing method.
We are covering 250+ institutions including banks, building societies, brokerage companies and utility providers.
Yes, and many other forms of single and multi-factor authentication models.
This would be expected to be updated in the same day. This is rolled out seamlessly to the customers and without a fresh compile having to take place.
Using the eWise Aegis SDK you can orchastrate many aspects of how aggregation is performed. This includes when to aggregate, what to aggregate and whether aggregated data is shared with service providers. This is all on a per institution basis.
We don’t currently have one, but it’s something we’re looking at. We do have a phone gap wrapper.