Introduction to Risk Insights


Risk Insights offers a concise, powerful approach to understanding and mitigating financial risks. By providing real-time access to an end-user's transactional data, it delivers critical insights into their finances and stability. This product is essential for organizations looking to automate credit scoring, enhance fraud detection capabilities, and offer personalized financial advice. Risk Insights leverages cutting-edge algorithms to analyze transaction histories and aggregate financial behaviour. It provides a multi-dimensional risk assessment that accounts for various factors, including income stability, spending behaviour, and financial commitments.

Data-Access Types

Onetime Account Access

The one-time account access is used by customers who want to verify or access certain information only once at one point in time.

For this use-case, Qwist will store the financial data of an end user for one hour. During this time the customer can fetch the financial data from Qwist’s database as often as needed, but after one hour the financial data will be automatically deleted.

Ongoing Account Access

Ongoing account access is used whenever customers want to access information over a longer period of time.

For this use-case, Qwist automatically adds new connected bank accounts to a background service that runs an automatic transaction synchronization process (“autosync”) up to 4 times a day until the Consent of the user expires (usually after 180 days). This allows the customer to fetch updated financial data for its users up to 4 times a day from Qwist’s database without any additional interaction on their side. After max. 180 days the consent of the user expires and they need to renew the consent by providing a Second Factor for Strong Customer Authentication (SCA), e.g. a TAN.

In order to activate the autosync, the users must save their credentials during the login process. This is done via a checkbox on the Widgets UI or by setting the save_secrets parameter to true in the Ongoing access API call. The credentials are stored in an encrypted database that can only be accessed and decrypted by the finX API when communicating with the banks.

Qwist will not delete any financial data of the end user until the customer explicitly uses the Delete user endpoint to delete a user and all their financial data.


API Access & Authentication

The finX API is a restful API that is accessed using HTTP Basic Authentication with a Client ID as username and a Client Secret as password. Therefore each customer receives a Client ID and Client Secret from Qwist to access the finX API, which has a specific set of Scopes attached to it. Scopes define the usage rights of each Client ID on the finX platform.

If you want to get started with your dedicated credentials, please reach out to us!

Widget Integration

Before continuing with the implementation guide, please view our Widget Integration best practices.