Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Technology

The Fourth Generation of Account Verification Has Arrived

iStock 1324627452 - Global Banking | Finance

02 - Global Banking | FinanceBy Daniel Haisley, EVP Innovation | Apiture

I have a bad habit, and I suspect I’m not alone.

You know that brief period each morning when you’ve only partly opened one eye, because anything more than that even the dimmest light seems brighter than a magnesium fire? It’s in that moment each day that I reach over and check my phone for the first of many, many times. It’s the absolute first action I take, every day of my life.

Normally, this is much ado about nothing … but today from a hotel bed while out on the conference circuit, I saw a missed text message. The message from my wife said simply, “We’ve been hacked.” She had my attention.

It turns out, it was just some fellow of questionable scruples in Chile who managed to get access to my Netflix credentials so that he could binge watch a bunch of Spanish-language Japanese anime cartoons. (Who knew such a thing existed?) A simple password reset, and it was almost like it never happened. Nevertheless, it got me thinking about how much worse it could have been. Inevitably this fine, upstanding chap purchased a list of credentials from who knows which system breach and began credential stuffing across major platforms until he found one that would work. Netflix is one thing — but what happens when it’s my banking credentials that are compromised? It’s much easier to clean up from Netflix’s next movie recommendation algorithm, not understanding why I had an apparent spike in Catalonian cartoons, than from my savings account being liquidated.

In banking, our habits have been just as bad. We’ve built up an infrastructure that relies upon undue risk acceptance from accountholders related to the handling of some of their most sensitive data — the usernames and passwords to online banking systems.

According to (PYMNTS, 2021), 80% of U.S. consumers have provided their banking credentials to a third-party service as part of managing their financial lives in one way or another. This often happens when using popular tools like personal finance managers, P2P payment providers, or investment applications.

The banking industry is currently in the third generation of processes for validating and connecting bank accounts with third parties. The first generation was the classic notarized printout on bank letterhead. We couldn’t get away from this fast enough, though mortgage originators still leverage this relic from time to time. Second came microdeposits, where accountholders would wait to verify two small deposits after giving the ACH network two days to run its course. The last 10 years have availed the third generation where today, to move money or share transaction history from your bank with a third-party application like Mint or Cash App, you’re asked to select your bank, then provide your username and password to verify access. Likely, you’ll need to confirm a one-time passcode delivered via SMS or email, and possibly even select which of the nine boxes contain images of something to confirm you’re not a robot. While this process may be an experiential improvement from the days of microdeposits, it relies upon end users willingly exposing their credentials to what can often be multiple third-party systems.

It doesn’t need to be this way. While the industry shifted away from microdeposits in favor of APIs for verifying external accounts, the next revolution is upon us.

Enter oAuth, stage left.

For the massively improved fourth generation of account verification, financial institutions are actively moving to “Open Authorization,” or oAuth, to give end users direct access to their data via third-party applications. In this scenario, as the bank customer attempts to link their bank account from within the third-party application (like Mint or Cash App), instead of providing their credentials to an aggregator for handling, the login page of their bank is invoked and the customer can provide their online banking credentials directly to their bank, thereby removing all third parties from the data stream. Additionally, when the customer subsequently logs into their digital banking solution, they’re able to see and manage the third parties with whom they’ve chosen to share their data. In a world where straddling the lines between customer experience, data security, and system performance are paramount, oAuth checks each of these boxes.

So, What’s Next?

Before this customer-led utopia of fourth generation account linking can really take shape, financial institutions have a few actions to take.

First, they must enable their systems to be accessed via oAuth. The largest institutions may opt to build these endpoints and data management services themselves, but for most financial institutions, this will be best accomplished by engaging with a partner like Apiture or MX. Partners can empower financial institutions to bring massive value to clients in a short span for relatively little effort.

Second, financial institutions must engage with their end users to educate them about these changes. Customers need to be active participants in the management and security of their financial data, and their bank or credit union is the trusted advisor to guide them along this path.

In a world where Open Banking is blurring the lines of banks, fintechs, and non-financial-oriented service providers, banks and credit unions are best positioned to lead these discussions. Consumers ultimately trust their bank when it comes to security and therefore are open to leveraging this resource for financial wellness and security education. Hold webinars, arm branch and support personnel with talking points, create purpose-driven collateral to set client expectations, and in so doing, further deepen the bank or credit union’s stance as a sage financial steward.

The largest financial institutions have a head start and are steadily availing their oAuth services to the various system integrators, forcing traffic that direction to avoid the historic screen scraping of yesteryear. It is time for the remaining institutions to act quickly to dramatically improve data security processes, system performance, and customer-led data control.

If they’re anything like me, bank customers may still perpetuate the bad habit of groggily checking their phones with the first alarmed tones of morning — but the banks themselves can rest assured they’ve put their clients in a better position to avoid the dreaded “we’ve been hacked” notification.

Works cited

PYMNTS. (2021, November 10). 80% of Consumers Have a Third-Party Financial AppConnected to Their Bank Account. Retrieved from PYMNTS.com: https://www.pymnts.com/digital-first-banking/2021/80-pct-of-consumers-have-a-third-party-financial-app-connected-to-their-bank-account

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post