Managing User Credentials
Users are managed through the Financial Institution’s (FIs) existing user management system, and are not managed through Apiture’s embedded banking components.
The existing user management system does not require any changes in order to be used with an embedded banking component. When a user logs in, the application follows the same login process that it would use when logging into the FI directly. The embedded banking component not handle the user log in screen or validation; the component uses the FI’s log in process whether for online banking or embedded banking components.
What to Expect when Logging In
Embedded Banking Components can be placed anywhere within a secured area of the non-bank partner’s website or application. The secured area of the website or application must require the user to authenticate using the non-bank partner credentials. The user will also need to separately log into the Embedded Banking Component with their FI’s credentials.
For example, an auto shop lets the customer log in to the website to schedule maintenance appointments. This auto shop customer logs in, naturally, is not at all tied to a FI: it is only for the auto shop and no banking is required to do most things.
However, an auto shop customer may want to check the funds in their bank account in order to check their finances for an upcoming major repair. The customer already has an account at Tiburon Community Financial (TCF), an FI that has a partnership with the auto shop. The Auto Shop has put a few Embedded Banking Components on their website that let customers of TCF easily access their banking information within the auto shop’s website.
Currently, when the customer views the auto shop’s website, the Embedded Banking components ask if the customer would like to log in to TCF. The customer cannot view any of their personal financial information until they log into TCF via the Embedded Banking Components with their TCF user credentials.
Even if the customer is logged into their FI account on the FI’s own website, that log in does not carry over into the Embedded Banking Components on the auto shop’s website. The customer must log in through the Embedded Banking Component on the auto shops website for security purposes.
Once the customer is logged in, they can check their account balance(s) and feel comfortable scheduling the auto repair appointment knowing their full financial picture.
At no point in time does the auto shop’s website have access to the customer’s banking information with TCF. The Embedded Banking Components are only displayed within the authenticated part of the auto shop’s website; the auto shop’s website is not processing any financial information.
The only information the auto shop has access to is a secured note that the user’s auto shop account is connected to the user’s validated banking account at TCF. For security purposes, this connection is automatically disconnected after a period of time, or the user can choose to disconnect from the FI at any time.