Utilising the Opportunities of Open Banking

11th of September 2019

Opinion, by Philippe Roy, TIBER expert & Information Security Consultant @ FortConsult

Considering security holistically in the development of Application Programming Interfaces (APIs), will protect customer data in Open Banking and make the task less complex. Creating the future’s innovative bank is about embracing the possibilities of Open Banking instead of its limitations.

Many years ago, I had my first meeting regarding Open Banking, more specifically, PSD2 (revised Payment Services Directive). The topic was Third-Party Providers (TTP). A term that has since transformed the financial sector – and expanded the attack surface for malicious actors, who continue to find creative ways to get their hands on data.

User-friendly and innovative APIs
PSD2, as an EU-directive, became effective in January 2018, mainly because bank customers began sharing their data with third-party companies, who accessed and used them – without the banks' knowledge and approval. Naturally, this caused a lot of questions from the banks: Shouldn't that be prevented? Could it be legal? Was that advisable?
The directive requires banks to provide access to customer data, intending to strengthen the development and use of innovative financial services. Soon, APIs will enable third parties such as competing banks, fintech companies, technology companies and credit agencies to develop applications and services around traditional financial products. This allows customers to use TTPs to access their financial data in different ways – with their consent.
The question I think the banks should ask instead is: How can you tap into the new opportunities that Open Banking offers?
Collecting insights and information in a single interface, creates obvious user-friendly and innovative benefits for customers, as more and better products are developed. At the same time, banks gain insights into who has accessed data on the customers' behalf. Besides happy customers, this also creates competitive benefits, due to one small word with enormous significance; "trust".

Holistic security is good security
Trust, in a bank-customer relationship, is essential. Without trust, customers have no reason to use a bank. After GDPR became effective, sensitive customer data has become even more critical to protect. With direct access, customers can pass along user information to third parties, where it can be stored or intercepted, bypassing sound security guidelines. A scenario such as this, would have catastrophic consequences for the banks' reputation and affect bottom-line figures.

The transformed financial sector is an excellent example that security and user-friendliness are not necessarily two contradictory goals, but can go hand in hand. By considering security holistically in Open Banking, it is possible to release resources to create innovative solutions, which can result in an enhanced trust between bank and customer.