Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Securing the Open Banking Ecosystem

Paul van der Lee, Director EMEA, Ping Identity

On the 13th January, Open Banking Ltd., also known as the Open Banking Implementation Entity, or OBIE, announced that the roll out of Open Banking across the UK had begun. Set to fundamentally transform the financial services landscape, Open Banking will allow consumers to give companies other than their bank or building society permission to securely access their accounts. They may, for example, choose to aggregate a view of all of their bank accounts through one provider or initiate a payment to an online retailer directly from their account as a bank transfer.

However, with changes occurring rapidly, there are two key factors that remain critical to success as the next-generation banking ecosystem continues to evolve:

Security at the heart of OBIE 

Since the start of online banking, it has been ingrained upon us to protect access to our bank accounts to prevent fraudulent activities from removing funds. Now with Open Banking, third party companies can be allowed access to view our financial transactions and remove funds. Naturally then, consumers are concerned about the security of third party access.

However, what consumers need to understand is that the concept of ‘privacy by default’ lies at the heart of this new era. OBIE, banks and technology companies are fully focused on ensuring that every customer can be explicit on what information is shared, with who, and that only trusted, pre-approved third parties are able to use this information. 

In addition to data privacy, the Open Banking Directory, at the heart of the whole ecosystem, is a marketplace of white-listed third party providers, who have all been through a robust enrollment process. Only once registered are they able to securely access customer data (with customer consent), and interact with the bank, to develop and deliver a set of personalised services. 

These interactions are also through standardised interfaces that have been designed by the OBIE with an exacting degree of security, usability and interoperability in mind. In fact, the regulatory specifications are based on established and mature industry standards like OAuth, with broad support from the financial and technical community in the UK. Even countries as far as Australia are now looking at the UK as the starting point for their own open banking endeavors, proving testament to the work, guideline and principles that the OBIE has put in place. 

The last layer of security and privacy that consumers should be aware of is Strong Customer Authentication (SCA) which is mandated to verify consumer consent from at least two of three factors that prove knowledge (e.g. password), ownership (e.g. mobile device) or inherence (e.g. fingerprint or facial recognition).

All those involved in delivering Open Banking are working to ensure that the process of allowing a third party to access a bank account is highly secure, while also being as frictionless as possible for the customer. Consumers should feel confident that third parties are not able to gain access or move money without their explicit consent, via methods that will include passcode, thumbprint, facial and other biometrics.

Consumers playing their part 

While significant changes have been made to develop the impressive, robust range of new security measures that make up the Open Banking ecosystem, consumers also play a fundamental role in how safe their data stays. In fact, it is critical they understand how to engage with third parties with the CMA 9 Banks now leading the charge. For the past decade it has been possible for consumers to share sensitive data with third parties via ‘screen-scrape’ technologies, meaning third parties have gained their log-in credentials.

Now consumers will be sharing information via standardised open banking APIs, which will be more secure. However, while consumers should have confidence when operating inside the Open Banking framework, they still need to be vigilant against phishing attacks and understand that fraudulent operators will always try and target consumer negligence. It’s important for consumers to remember that they don’t have to share their data if they don’t want to, and that permission can be withdrawn at any time.

Consumer adoption over time will act as the best form of education, and as integration through technology also continues we’ll see much smarter use of the products and services Open Banking has to offer. Just consider that applying for a mortgage with just two clicks, in a process that will be reduced to a few minutes from start to finish, will soon become second nature for consumers all as soon as these services become available.

Trust will follow when people see the proof in the pudding, but UK consumers should be confident that a lot of people have worked very hard with their best interests at heart from the start of this whole concept.