In order to help our clients expand reach throughout Europe, connecting with banks and maintaining a healthy connection is imperative. Our goal is to offer a simple and unified platform for all our clients, regardless of the banks they want to connect with, and connections that work and follow through daily. How do we manage this? We interviewed Hans Vermeijs, CEO and technical expert, to discover his learning points from connecting with banks over the past year.
From a business and technical standpoint, what does ibanXS bring, that is different, when it comes to bank connections?
ibanXS takes a systematic approach. In general, there are two ways to build connections with banks. One is by taking a specification of the bank and building specific software for it, and the other approach implies creating a system that supports the process of connecting with more banks.
What we do differently than the majority of companies in the market is that we approach bank connections as a system; therefore, we developed a smart system and called it dynamic bank connector. With this smart system, we interpret the specifications of each bank and generate the connection dynamically. The reason why we do this in the first place is to make it possible for us to connect with so many banks in Europe in such a short time, with the help of a team of seasoned developers. However, maybe an even bigger reason for this is to make it maintainable; we see that when a bank publishes its specifications, they are usually followed by modifications. If some modifications come up concomitantly, with 5000+ banks to maintain you need an incredibly large maintenance team to make it feasible and keep all the connections alive.
What do you consider are the benefits of the dynamic connector™ of ibanXS?
The main benefit is maintainability, of course, followed by the fact that it makes it possible for us to have a better grip on the quality. What we notice now is that many banks, through sandbox environments, allows us to test all the features and all the happy and unhappy existing flows. However, as soon as we move into production, we don’t have these capabilities anymore for the simple reason that we don’t have bank accounts with 5000 banks. Therefore, what we do is make sure that the dynamic connectors we built in the sandbox are 99% equal to the ones that we use in production. By having only these slight differences between sandbox and production, it makes it possible to move in integrated production only by having the need to check that 1% that is actually different. For us, it’s possible to do that because we can just start the flow with the bank in production. If this flow succeeds, we can already take this 1%. By using this approach, we have a good feeling about the quality level that we raise in production. Actually, what we do is reduce the human factor in the whole process and the errors that come with it.
What are your main takeaways from connecting with the European banks, specifically in Germany, while building our platform?
There are two types of flow when connecting with banks: redirect flow and embedded flow. The main takeaway from the process of connecting the German banks is the fact that not many of them use the redirect flow, which occurs when you integrate with a bank and you are redirected to the bank portal where you need to identify yourself and authorize the transaction there, in a safe banking environment.
What we see with the majority of German banks is that they don’t do that, they do the embedded flow, where you actually have to share your one-time password with the third-party provider. Therefore, the trust that you need to have with those companies needs to be higher because you’re really sharing something with them. It is not necessarily less safe, as the TPPs are under the supervision of the central banks, so they should have the same safety level as the bank. However, for the end-user, it’s a different usability and the recognition for them will be less.
Our platform is supporting both flows, so we are capable of handling this. In addition, we offer our clients the ability to have a hosted solution there so that they don’t need to build all the high security input mechanisms. We can provide it in a secure environment that makes the security risk lower for our clients, making it easier for them to connect with us. We handle it and we will make sure that regardless if it’s a redirect or embedded flow, we just handle it for them in the same way.
Another aspect we noticed is that even though Germany has over 3000 banks, with common behavior, looking at a detailed technical level, all of them are different, and the time you need for developing each individual connection is incredibly long. You need to invest a lot to make those connections work and to keep them alive.
How was the sandbox onboarding procedure for certain banks?
In Germany, the sandbox onboarding, in general, is straightforward; the only thing they need is a certificate, no preregistration. I would say Germany is doing a good job in following the EBA guidelines.
The sandbox onboarding differs between each bank. A lot of time is required to get the first contact with these banks, but there are also exceptions. Unfortunately, there are many banks that did not update their portals since they went live in 2019. At the beginning of our process of connecting with banks, many of them required a preregistration and they still have these forms online. Therefore, if you connect, you want access to the developer portal and you go through a registration form. Sometimes, onboarding is required like a digital machine-to-machine onboarding; you need to develop that specifically for the bank to get the first contact.
In general, sandbox connection is a hassle and differs from bank to bank. There are many specific things you need to go through and even apply additional security measures, which are not applicable to production at all. They really deviate in the sandbox on purpose from the production behavior.
What is the reason for this?
I think the reason for having extra security layers in sandbox is that they really want to make sure that you’re a real TPP. In sandbox, test certificates are allowed, and from the certificate they can’t know for certain that you are a TPP; that’s why they add extra security layers. Therefore, it’s understandable, but it’s harder.
In the context of PSD2, what is the degree of bank readiness that you noticed from the process of connecting with banks?
The large banks are ready, but we see that for the smaller banks there is still a hassle. For instance, we have a couple of banks to integrate with and we got a nice reply when we requested access to production and we were told that they were not ready for production. With another bank, we had trouble connecting in production and discovered that by December 2020 they will discontinue all bank accounts. These are the exceptions, of course.
The banking industry is not stable at all, it’s constantly changing. We get frequent updates from banks that inform us that a merger is upcoming, that one of the banks is being removed, that the name of the bank will be changed, or that the BIC code changes, almost on a daily basis.
Would you care to share a forecast on ibanXS bank connections?
We currently have around 1400 connections, and my expectation is that by the end of September we will be close to 2000. The goal for December is to reach 5000 banks.
What are the challenges in maintaining the connections with banks?
The testing of the connection is one of the biggest challenges. What we have in place is a fully automated testing facility, the connection health check, which is testing each of the 5000 connections within a certain timeframe. Therefore, we have a daily timeline of checking connections to see if they’re still available. As soon as we notice that one of these tests is failing, we increase the frequency with that specific bank to keep a close watch on that connection and see if the stability improves.
As soon as we realize that the stability is not improving, we first notify our clients, obviously, with the automated notifications. Nevertheless, as soon as we see that stability is not improving soon enough, we also adapt the banking list that we provide to our clients. This way, customers see a message when they try to select their bank and that bank is having problems. If the problem is persistent, we disable the bank from selecting to prevent the transactions to continue. This is a continuous service that we have available to all our clients; day and night, we are testing all the connections in this manner.
Moreover, we are applying another more extensive set of tests in our deployment process. Any time we are deploying new versions of our application to our platform internally, but also in sandbox and production, we are running this extensive set of automated tests to make sure that we have a testing code coverage of around 95% and that we reach a success rate of 100%. Therefore, those are the key criteria that we apply for every release into production to make sure the quality is at the highest level.
How does the client perceive the connection with the banks?
For our clients we offer a unified approach, meaning that they have an easy integration with our system, where they can select either or both of our products, be it payment initiation or account information. They don’t need to worry about anything, there are just a couple of endpoints they need to integrate with, before they receive full access.
The best part is that they don’t need to know any specifics about bank behaviors or specific banking implementations – we are covering that, so that they don’t have to. This is a real accomplishment because by doing so, we are removing all the different barriers that exist in the market, and gathering everything in a single place, easy to use for our clients.
As for the integration with our platform itself, the process takes, on average, one day, and we have the best support team at our disposal that will prioritize your integration, as well as assist all throughout the way. Having no corporate strings attached, we can set our roadmap based on your expansion needs. This level of flexibility demonstrates why ibanXS truly makes the difficult easy and can become the right partner for reaching millions of bank consumers all throughout Europe.
What is, in your opinion, the plus factor that ibanXS brings to its clients?
Aside from having a state-of-the-art system in place for connecting with banks, the dynamic connector, and a powerful and effective testing procedure that verifies connections constantly to make sure they are valid, the connection health check, our uniqueness comes from our cooperative approach and our flexibility towards the needs of our clients. So whether the need is to connect with banks in Germany or those in Spain, we will prioritize accordingly to fit the plans of our clients. The internal end goal is to reach the 5000 European banks, obviously; however, more than this, our priority is to help our clients get the best reach out of the banks they have on their roadmap for any product or service expansion plan.
Moreover, our development team is fully flexible to accommodate these plans, as well as to listen and help throughout the way, be it with integration, or simply with clarifying and answering any questions you might have. So if you’re looking at expanding into Europe in the next months and you need a trusted partner in this endeavor, we have the right solution in place. We’re always available if you want to have a chat to learn more on how the dynamic connector works, our list of connected banks, as well as for us to learn your challenges and how we can help you. Drop us a line at hello@ibanXS.eu and let’s get to know each other.