Earlier this month, banking giant Capital One launched a new initiative to expose some of its banking services for third party use, through a set of APIs and a developer portal. Capital One wants to move beyond its services beyond its own apps and Web site, DevExchange.
Of the initial three APIs released, one, in particular, seems like it could have wide applicability, the SwiftID two-factor authentication service.
At the SXSW conference in Austin, The New Stack caught up with a number of Capital One personnel who are working on the project: Jamie Ashfield, who is the Capital One product manager for authentication; Keith Hamburg, who is a product manager for Capital One’s consumer identity team, and Margaret Mayer, who heads up the company’s consumer identity and identity messaging platforms for the company.
In this podcast and accompanying video, we learn about how Swift ID came about, which was first developed as an internal service for managing identities of Capital One customers. “The same authentication capabilities could apply for any kind of consumer engagement,” Hamburg explained.
Being in the heavily regulated banking industry, Capital One has built up considerable processes in identifying their users and the devices they use, which third-party app developers can now leverage for their own services. “We’re able to get a unique, deep-signature” about each user device, Ashfield explained.
The company uses webhooks as to convey customer approvals back to the third-party apps and OAuth is used for user authorization and consent management. The service is free, and developers can learn more through the developer portal.
For an audio-only download, go here:
Capital One is a sponsor of The New Stack.
Feature Image: Left to right: Jamie Ashfield, Keith Hamburg, Margaret Mayer.