Running ATMs in an Open Banking world
KAL and Open Banking
Open Banking is a financial revolution that is sweeping the world where banks share their customers’ data with third parties. For banks to thrive in this open market, it is vital they implement an Open API, which enables third parties to access that customer data securely.
In this article, KAL CEO Aravinda Korala explains how KAL’s Open Banking product, API-Server Powered by KTH, enables banks to implement that essential API and become a part of this new era in banking.
Financial-IT: To begin, please describe briefly in your own words what is KAL and the problem(s) that you look to solve?
Aravinda Korala (AK): KAL is a world leader in ATM software products. Among our clients are the largest global banks, such as Citibank, ING, UniCredit and China Construction Bank. We have presence in more than 80 countries. Our main suite of products is called Kalignite Software. It is a multivendor solution and supports a wide range of host protocols. We help banks to stay compliant, enhance their functionality and make sure that payment transactions are made easily. KAL’s ATM Software supports 40 ATM manufacturers and over 250 different ATM model types, including NCR, Diebold, and Wincor Nixdorf. Globally, there are over 300,000 ATMs running on KAL’s ATM Software today.
Financial-IT: The second Payment Services Directive (PSD2) — the Open Banking initiative of the European Union (EU) — came into effect in January. What, in your view, is the likely impact of the new regulations on the banking industry and e-commerce in the next three-to-four months? Are there any remaining uncertainties for banks, PSPs and consumers under the new regulation?
AK: Although PSD2 came into force in January, there will be delays in implementation as the Euro Banking Association (EBA) has to come up with final regulatory technical standards (RTS) around PSD2.
This is especially true in relation to Strong Customer Authentication (SCA) and a lot of discussions around that are taking place at present. Banks have another 15 months to comply with the new law. SCA means that banks need to compare the details which involve PIN cards and cross-border transactions. Imagine that you try to buy something on the Internet and you have to swipe the card in your PC.
Such a transaction would be very secure because your card can not be duplicated easily and because the provider of the hardware technology is good – and compliant with SCA, which applies to every transaction that is worth more than €30.
The problem is that banks don’t know how to do that. Another issue with implementation is multiple specifications from different banks, involving perhaps 30-40 different host protocols. SCA will be a big deal in the short-to-medium term. I suspect that it will not be until 2020 that we see PSD2 properly established in European banking.
Financial-IT: How does KAL’s KTH help European banks to comply with Opening Bank regulations?
AK: We have software that is called Kalignite Terminal Handler (KTH) for driving bank ATMs. It is designed to be installed on servers within the bank’s data center and connects ATMs to a wide range of host computer systems: this enables the bank to deliver the widest possible range of transactions to its customers. For banks to thrive in this open market, it is vital they implement an Open Application Program Interface (API), which enables third parties to access customer data securely using strong customer authentication (SCA).
KAL’s API-Server product enables banks to implement that essential (API) and to provide PSD2-driven services to customers from other banks.
Financial-IT: Please give us an example of applying KAL’s KTH solution within the bank.
AK: One of our largest clients in Eastern Europe is Česká spořitelna, the biggest bank in Czechia (formerly the Czech Republic), with almost five million customers and assets of over $45 billion. Česká spořitelna provides its customers with the broadest range of banking services in Czechia via a branch network of over 550 and more than 1,600 ATMs.
KAL began providing its ATM software to Česká spořitelna in 2016. KTH is used as a front-end to the bank’s host system on the ATM channel. This meant that KTH could be deployed by Česká spořitelna to offload a significant amount of work that the old ATM host system had been handling. KTH is also highly customizable, allowing Česká spořitelna to deploy new, innovative features to the market much faster than was previously possible. What’s more, KTH can connect the ATMs to many bank back office systems using multiple messaging protocols at the same time.
The nexo ATM Messaging Protocol was integrated into the KAL ATM Software to standardize the communication between the ATM and KTH. The role of KTH is to convert the nexo message it receives from the ATM into the messaging format required by the other host / central systems at Česká spořitelna that support the ATMs. Česká spořitelna has reduced its costs by using a single, common standard protocol, rather than one of the hundreds of bank-specific, vendor-specific and country-specific protocols currently in use around the world.
Unlike these legacy standards, nexo standards provides open messaging protocols that allow better interoperability between ATMs and Česká spořitelna’s host computers. We don’t have clients for API-Server yet.
Financial-IT: What is the most challenging aspect(s) when applying the solution for one of your clients?
AK: The most challenging is that banks have different methods of doing transaction banking or online banking: there are multiple methods, channels and protocols that need to be supported and integrated.
Financial-IT: Are there any rival products to the API-Server powered by KTH solution?
AK: There are a lot of providers saying that their solutions are compliant with PSD2: however, the hype exceeds the reality. We have been searching the market for rival products, but haven’t seen any relevant ones so far. We know that banks like Nordea are enabling their own solutions, like their Open Banking Portal platform, to comply with PSD2 requirements.
Financial-IT: What are your suggestions for banks in relation to the challenges and opportunities that arise from PSD2?
AK: First, the banks have to hurry up and be compliant with PSD2, if they are not already, as it is mandatory now. Second, banks and TPPs should consider PSD2 as an opportunity to share and provide transactions and customer data with other banks. It remains to be seen whether companies like Amazon and Google move in that direction as well.