Trust is at the forefront of the FISPAN business model. We realize that making banking products work deeply within a client’s ERP creates a sensitive trust chain, and a special duty of care for FISPAN to ensure end-to-end trust. This delivery model also challenges some of the incumbent thinking around authorization and authentication when it comes to wholesale banking.
We employ a wide range of infrastructure design and tools to ensure end-to-end trust and security is maintained at all points of the data lifecycle, and that the data is collected and used in a transparent and trustworthy manner.
Let’s talk more about the 3 core nodes in the FISPAN trust chain, our End Users Business Application (ERP), the FISPAN Platform and our Bank Product Systems.
Our End Users
End-user trust drives the success of all FISPAN programs, with all of our clients. Our goal is to always approach end users as partners to their bank, with the understanding that we are supported by, and held accountable, by their bank. FISPAN allows end-users to maintain constant control over the data we’re able to access and use. We’ve developed processes to help our end users understand why we’re requesting the data and permissions we are, and how exactly this data will be stored and used. The ability to opt-in or out of services ad-hoc is available to the end-user at any time.
The implementation and onboarding processes developed by FISPAN ensure that all data usage requests are transparent and understandable. At the authorization level, access management and user entitlements are central to these processes. We provide the ability for clients to control who can access and act on each functional page within the majority of FISPAN’s products. FISPAN is also able to hold payments and force user-level approvals by means of tertiary applications or biometric authentication.
At the authentication level, communication between FISPAN and the client’s ERP is generally established over encrypted REST APIs. This channel is enabled by two-way tokens and contextual IDs owned by the client in order to establish a completely unique, and otherwise inaccessible connection between FISPAN and the ERP. FISPAN receives information from the user’s ERP, and in-turn speaks to their bank using credentials established between FISPAN and the bank. These credentials are maintained and endorsed by the client’s bank and are manageable through a variety of client- or bank-driven mechanisms.
FISPAN also aims to be malleable in how we develop client-facing security and permissioning protocols as the infrastructure develops at the banking level. As banks embed more robust protocols, such as OAuth or SSO, we will work on migrating FISPAN programs to leverage this new infrastructure at no additional cost to the bank. We seek to always meet the highest level of security standards provided by the client’s bank.
The FISPAN Platform
A long term vision of FISPAN is “to be the world’s most trusted financial data exchange.” We’ve set out to create a platform that can support this vision from day one. The FISPAN Platform enables a set of robust data transformation microservices to interact with exterior services through a secure interfacing layer. This interfacing layer allows for data to be exchanged between a wide range of sources and destinations, such as multiple bank systems or client accounting software, while the internal processing services are used to format and normalize data.
Data stored within the FISPAN internal layers are secured with 256-bit encryption, or AES-256, which is the current industry standard for at-rest data. When information is exchanged between FISPAN and external systems through the interfacing layer, FISPAN takes careful attention to encrypt this data with a variety of standards, dependent on the communicating party. Most commonly, FISPAN communicates with bank systems and accounting software, both of which leverage some of the most secure technology available to encrypt and decrypt messages as they enter and exit transit.
The platform’s infrastructure is versatile in its ability to integrate and communicate with various data sources in the ecosystem that surrounds it. Its design enables seamless communication with other third-party fintechs that contribute to the data exchange. This versatility means the platform can be thought of as an aggregator that’s able to interpret and transmit data received in various forms. In summary, the FISPAN Platform embodies the industry standards at the forefront of design to create a platform that’s built for security and versatility.
Our Bank Clients
Trust is central to the relationships banks work to establish and maintain with their clients. In a data-driven digital world, this has become a make-or-break aspect of the bank/client relationship. This notion extends to vendors, like FISPAN. At the core of FISPAN’s philosophy is the intention to be a true partner to the banks we work with. This philosophy influences everything we do, from pricing to product road mapping, and extends to how we establish and maintain trust with our partners.
From our earliest days, FISPAN knew that the trust of its bank clients would be core to its success, which is why we set out to obtain industry-standard security certifications as early as possible. FISPAN is a SOC 2 Type 2 compliant organization, currently undergoing a GDPR compliance audit, and seeking to obtain our ISO 270002 designation. These designations involve following strict information security procedures that encompass the security, availability, processing, integrity, and confidentiality of customer data. We work hard to pursue and maintain these designations to ensure that we’re held to the highest possible security standards, and demonstrate to our banks that trust is at the core of what we aim to achieve.
Conclusion
Trust is our central promise to the banks we work with, and the customers they serve. FISPAN earns and maintains this trust through industry-leading security and infrastructure. Doing so has enabled us to bring our platform to market leaders, and will enable us to one-day cement contextual banking as the industry standard.