When hearing the terms “big data” or “open data” you might not think of banking. Evolving digital ecosystems, omnipresent digitization, and other perks of the twenty first century have seemingly left the old, traditional, and inertial banking system untouched, save for banking apps.
Hope you didn’t agree with this statement, because nothing could be further from the truth. According to the PwC report, in the UK, 71% of small and medium businesses will adopt open banking by the year 2022. And you personally might’ve not heard it, but “open banking” is the new buzzword.
We talked to Alexey Shliakhouski, the CTO of Elinext – a global software company operating in HealthTech and FinTech – and learned about the security risks that open banking presents, and ways in which technology can deal with these risks.
What is open banking?
Open banking (also known as “open bank data”) is a banking practice that allows third party financial service providers (i.e. tech startups and online financial service vendors) to access consumer banking and financial data via application programming interfaces (APIs).
Open banking is exactly the type of innovation that revolutionizes everything: the ways banks compete with each other and sell their services, the way banks utilize data analytics, the ways customers manage their finances and treat their savings, and the relationship between banks and consumers.
In practice, this means that banks can show their customers the best financial products and services for each specific individual, offer a savings account that has a higher interest rate or a credit card with a lower interest rate. Lenders can get a more accurate picture of a person’s financial situation and their risk level, which will help lenders offer more suitable loan terms. Customers, in turn, can better understand their own financial situation and control their finances better.
Financial software, such as Mint and You Need a Budget (YNAB), are the typical budget solutions that help the users take care of their spendings. They connect to the user’s financial accounts via the said API, track spendings and categorize expenses. Financial apps can do even more than that. PocketGuard, for example, shows how much is available for everyday spending by subtracting upcoming bills, savings goal contributions, and pre-budgeted money from your estimated income. Another app, Goodbudget, allows you to portion out your monthly income toward specific spending categories. Financial apps differ in their features, but are generally recognized as useful and popular among the users. Our own Elinext also developed financial software. You can take a look at the case study to discover challenges and solutions that our developers faced.
Open banking, when it becomes widespread, is expected to stir the existent power dynamics in the banking industry. Established banks are likely to reduce costs and improve their services because of the new-found competition with smaller and newer banks. The latter are more likely to be apt and used to implementing financial technology in their services. However, this might also mean that established banks will find more expensive and better ways to connect to their customers and increase customer retention even further.
The risks of open banking
Everything that involves open data also involves risks related to open data. Open banking isn’t an exception. Financial privacy and the security of consumers’ finances are the main concerns for anyone involved in the open banking environment. Customers understand this very well: research on consumer sentiment toward open banking found that 40% of consumers were positive and 48% listed data and cybersecurity concerns as their reasons for negative opinions. Really, danger seems to be everywhere: malicious third-party apps could access a customer’s account, data breaches could happen, fraud, hacking (Hacking by the Russians!), insider threats ― all are possible. With the open banking, customers are expected to transfer their trust from financial institutions that have dealt with security issues for ages and have proven themselves to be safe, to apps that have no such record. Smaller startups might not even have the means to ensure the needed level of security, and frauds could mimic FinTech apps to get the information they need.
Do customers have a say in this? Their task seems to be simple: to grant some kind of consent to let the bank allow access, such as checking a box on a terms-of-service screen in an app. It seems that if they want all the benefits of the open banking environment, they have to accept the risks. How big are the risks? What are banks doing to decrease them? Can open banking ever be secure? When working on our own financial solutions, we did our best to find out.
How can open banking be secure?
There are a number of ways banks can ensure the best level of security for their customers.
- Regulation and standardization
Financial regulators, such as the United Kingdom’s FCA, and government bodies create standards that all third-party providers (i.e. FinTech) and banks have to live up to if they want to be a part of the open banking environment. For a third-party provider to access open banking APIs, they must undergo an independent review to ensure that all processes, systems and security controls conform to the FCA’s standards. To retain authorization, third-party providers go through regular security checks and FCA auditing. At the same time, open banking regulation, such as the European PSD2, and local and regional protection law, such as GDPR, create equal rules for everyone and enforce a high level of security.
- Putting the customer in control
Different kinds of online services have become more and more open and transparent in the past few years. Just look at Facebook, finally telling us why we see those ads.
Open banking security encourages putting the customer in control: they should be aware of how their data is being used, how they can control it, how it is being stored, and how the company is regulated. The regulations are already in place. Lately, financial services, such as FinTech apps, are also being proactive in letting the customer know all about their data and encouraging them to engage with it. Promoting data openness and transparency gains trust among the users and ensures they are in control.
- The growing power of AI
Spotting unusual patterns in transaction monitoring that signal illegal activity or money laundering is one of the biggest challenges that open banking faces. Banks already employ KYC ― the mandatory process of identifying and verifying the client’s identity when opening an account and periodically over time. Rigorous customer identification is the first step to preventing financial crime and money laundering. AI, however, can do more.
With open banking, AI becomes more knowledgeable and more powerful. It learns based on more data, develops a more accurate picture of a typical customer and their transactions. That makes it easier for the AI systems to spot and flag suspicious activity among money transfers. Transaction monitoring becomes more accurate, and, therefore, more secure.
- Evolved authorization and authentication
IT security has significantly evolved in the past few years. Now we have multifactor authentication (MFA) and biometrics technology, which changes a lot. Multifactor authentication requires the user not only a strong password (which is also important), but also another step to enter into an account. These can include an additional question, for example a text sent to the holder’s phone, or a biometric scan like using the fingerprint to unlock an account. Studies have shown that MFAs block 99.9% of all potential hacks.
Open banking also forced APIs to become more secure. Access to APIs must be secured using specific standards, which require technical authorisation, user authentication and consent management. This, in turn, requires integration with Web Single Sign-on and Identity and Access Management (IAM). All of these provide extra layers of security.
It’s vital to note that creating APIs requires significant effort and expertise. Poor or inefficient coding is an API risk, and anyone from FinTech or dealing with FinTech should make sure the app meets standards for best practice in coding.
- Cybersecurity becomes proactive
Cybersecurity isn’t just resilient. It constantly evolves to become better. It proactively seeks threats and weak points, looks for vulnerabilities, and flags the issues before they even become the issues.
Information sharing across companies and collaborative intelligence across the banking environment enhance this process. They make the whole thing quicker and more effective, the levels of automated threat response increases, and changes to the security service are implemented almost immediately after the problem is detected.
Evaluating the present and preparing for the future
With all its weaknesses and uncertainties, open banking can be secure; in fact, it is the open banking environment that provides the security services with the means to become better. And the good news is ― both for the end users and for us as FinTech developers ― that banks are already the ones to take security very seriously. According to Statistics Canada, banks are much more likely to have security requirements in place compared to any other businesses surveyed.
In its heart, open banking and financial software really is there to build safe, transparent and trustworthy relationships between banks, consumers, and businesses. It is there to help everyone involved manage their money better, have less debt, and stop tricking each other into giving or taking the loans that one can’t afford.
This is a Sponsored Feature.