Citi Mobile Challenge - Integrating Mobile with Legacy
For years, customers of banks have struggled to get a single view of their own data across multiple banks or even within banks. With the new mobile world, it has become more complex with different apps required for different banks, different passwords and still no single view.
Ostia’s proposed app would enable customers to securely see all of this information in one simple mobile application and show how other data from insurance companies or utilities could be combined into the same application.
The ability for a customer to use a single application with one single sign in to view all of their financial information, and more, will have enormous appeal to consumers today fed up of switching between apps each requiring a different sign-ins.
Our application would use Citi as the primary Identity Provider (IDP) who would authorise users in the first instance. Once authorised, Citi would issue a token, uniquely identifying the user and their accounts in other institutions who would have registered to be part of the Citi secure federated environment.
Benefits of Mobile API
The benefit for the client would be that they would be able to use one app to see all of their financial data in once place.
A subsequent logical step would be to enable that data to be updated using the same mechanism so that customers could pay bills or banks could implement a simple and cost effective switching mechanism where clients wish to switch.
Ostia would use IBM’s Bluemix environment to create the mobile app while using our Portus platform to create the required additional services and our partner Grid Tool’s technology to make this a reality as follows:
- The Citi APIs would be used to authenticate a user and get details of a customer’s accounts that are with Citi.
- Ostia would set up two further virtual banks (Ostia Bank and Bank of Portus) to simulate how this would work with other banks. These virtual banks would be set up with data from our partner Grid Tools.
- Ostia and Grid Tools would set up exhaustive test packs for each api, based on traffic recorded by Portus and then Grid Tools modelling it to create a covered set of API tests inputs (to test the Citi API to death) and outputs (test packs for people that want to use the Citi API or other APIs that Portus would create ).
- Citi would act as an Identity Provider (IDP) to ensure that the person using the mobile device could login using their Citi credentials.
- The customer could use the app to link their other accounts into this Citi secure federation.
- The mobile application would use the services Portus exposes from those other banks to bring all of the details into Ostia’s single service securely based on the identity confirmed by Citi.
We would have our mobile application running on IBM’s Bluemix pulling all of the information together on one mobile device and then we would dive deeper to show:
- How we would set up the additional services to create our virtual banks.
- How we would populate these services with synthetic data.
- How we would create tests cases to test the APIs fully.
- The security standards employed.