Paul van der Lee, Director EMEA, Ping Identity
On the 13th January, Open Banking Ltd., also known as the Open Banking Implementation Entity, or OBIE, announced that the roll out of Open Banking across the UK had begun. Set to fundamentally transform the financial services landscape, Open Banking will allow consumers to give companies other than their bank or building society permission to securely access their accounts. They may, for example, choose to aggregate a view of all of their bank accounts through one provider or initiate a payment to an online retailer directly from their account as a bank transfer.
However, with changes occurring rapidly, there are two key factors that remain critical to success as the next-generation banking ecosystem continues to evolve:
Security at the heart of OBIE
Since the start of online banking, it has been ingrained upon us to protect access to our bank accounts to prevent fraudulent activities from removing funds. Now with Open Banking, third party companies can be allowed access to view our financial transactions and remove funds. Naturally then, consumers are concerned about the security of third party access.
However, what consumers need to understand is that the concept of ‘privacy by default’ lies at the heart of this new era. OBIE, banks and technology companies are fully focused on ensuring that every customer can be explicit on what information is shared, with who, and that only trusted, pre-approved third parties are able to use this information.
In addition to data privacy, the Open Banking Directory, at the heart of the whole ecosystem, is a marketplace of white-listed third party providers, who have all been through a robust enrollment process. Only once registered are they able to securely access customer data (with customer consent), and interact with the bank, to develop and deliver a set of personalised services.
These interactions are also through standardised interfaces that have been designed by the OBIE with an exacting degree of security, usability and interoperability in mind. In fact, the regulatory specifications are based on established and mature industry standards like OAuth, with broad support from the financial and technical community in the UK. Even countries as far as Australia are now looking at the UK as the starting point for their own open banking endeavors, proving testament to the work, guideline and principles that the OBIE has put in place.
The last layer of security and privacy that consumers should be aware of is Strong Customer Authentication (SCA) which is mandated to verify consumer consent from at least two of three factors that prove knowledge (e.g. password), ownership (e.g. mobile device) or inherence (e.g. fingerprint or facial recognition).
All those involved in delivering Open Banking are working to ensure that the process of allowing a third party to access a bank account is highly secure, while also being as frictionless as possible for the customer. Consumers should feel confident that third parties are not able to gain access or move money without their explicit consent, via methods that will include passcode, thumbprint, facial and other biometrics.
Consumers playing their part
While significant changes have been made to develop the impressive, robust range of new security measures that make up the Open Banking ecosystem, consumers also play a fundamental role in how safe their data stays. In fact, it is critical they understand how to engage with third parties with the CMA 9 Banks now leading the charge. For the past decade it has been possible for consumers to share sensitive data with third parties via ‘screen-scrape’ technologies, meaning third parties have gained their log-in credentials.
Now consumers will be sharing information via standardised open banking APIs, which will be more secure. However, while consumers should have confidence when operating inside the Open Banking framework, they still need to be vigilant against phishing attacks and understand that fraudulent operators will always try and target consumer negligence. It’s important for consumers to remember that they don’t have to share their data if they don’t want to, and that permission can be withdrawn at any time.
Consumer adoption over time will act as the best form of education, and as integration through technology also continues we’ll see much smarter use of the products and services Open Banking has to offer. Just consider that applying for a mortgage with just two clicks, in a process that will be reduced to a few minutes from start to finish, will soon become second nature for consumers all as soon as these services become available.
Trust will follow when people see the proof in the pudding, but UK consumers should be confident that a lot of people have worked very hard with their best interests at heart from the start of this whole concept.