August 3, 2021

Foundation for FinTech Innovation: Securely Sharing Customer Banking Data With GUIDs

by Abel Hernandez in API Management , Banking Core Integration , Digital Transformation 0 comments

Digital transformation can start with a relatively simple project. For some customers, that first project has come in the form of an online banking implementation or a Salesforce integration. One of our credit union customers recently started on its digital transformation journey with one of the simplest implementations – a connection to the digital lending platform, MortgageHippo. In this post, we’ll share some of the details from that project and how the credit union is leveraging this work to simplify future integrations.

Keeping pace with FinTech

The credit union wanted to create a seamless mortgage application experience for its members through an existing online banking portal. MortgageHippo is exemplary of the new age of financial technology companies that community financial institutions (CFIs) can partner with to compete against big banks and digital banks. It has an open API that makes it simple to create a connection. However, the credit union had no way to expose customer data from its banking core to external partners securely. Without this capability, its members would be required to manually input their information such as name, address, and even account numbers into the application form – a bad customer experience considering all of this data existed in the banking core.

Additionally, like many CFIs today, the customer lacked a modern infrastructure that would allow the organization to build reusable assets. For this project, the credit union required that any piece of the solution had the potential to be leveraged on subsequent integrations with other FinTechs and payment networks like Zelle. 

Implementing a GUID (Globally Unique Identifier)

The credit union chose to implement a GUID (globally unique identifier) to mask the real Account Number and other sensitive member information. GUIDs are an industry-standard best practice and relatively simple to implement compared with some of the others projects we’ve completed for clients. Essentially, GUIDs are a relatively small piece of functionality that provides a security measure, protecting the interaction between the banking core and every API that transacts with it.

In parallel with the GUID creation, our team implemented PortX Integration Manager using the API-led approach to create layers of reusable APIs to be leveraged on future projects. Integrating with an API platform benefits the organization with reuse and the flexibility to modernize its legacy systems. With this approach, applications are no longer connected directly. Instead, they integrate via an API layer that consists of System APIs, Process APIs, and Experience APIs. On some digital transformation initiatives, the second project reused up to 75% of the APIs from the initial engagement.

Learn more about our API-led approach to banking core integration with the following resources:

Our website: Banking Core Integration

Case Study: Solarity Credit Union Reduces Core Work Effort by up to 18 Months

Webinar: How Sound Credit Union Built a Foundation for Rapid FinTech Innovation

Creating GUIDs for MortgageHippo with the API-led approach

First, the credit union member logs in via the online banking (OLB) portal. If they click on the “Apply for a Mortgage” button, the OLB application uses the member’s Account Number to initiate the process of obtaining a GUID. This is the only time the Account Number is used in the process. 

At this point, the system invokes the APIs to obtain an ID in the process API layer. The system API looks up the Account Number in the banking core to determine whether it maps to member information in the SQL Server database via a second system API. If there is a match, the member information is returned to the process API where it is masked with the GUID and sent to the online banking portal via the user experience API. 

Here, the GUID is passed directly to MortgageHippo to initiate the application without ever obtaining access to the Account Number. From there, Mortgage Hippo uses the GUID to communicate directly through the API layers to obtain the required user information to complete the application.

Start simply

The MortgageHippo integration and GUID creation project proved to be a relatively simple implementation. The true beauty of the engagement was building an infrastructure that will allow the credit union to reuse the APIs on its next project. The customer is currently planning an integration with a popular US-based payment network and has plans to reuse the process API and GUID to give them a head start.

We help financial institutions accelerate their innovation cycles by unlocking access to banking core data and creating a system of reuse. It doesn’t have to be complicated. If you would like to learn more about our process and how other CFIs have digitally transformed through similar engagements, contact a member of our team today.


Leave a comment