Open Banking and Privacy: Can we have both?
Open banking is powering a multitude of potential value-adding use cases, from getting better financial offers to tracking payments and controlling multiple bank accounts at once. However, despite regulator enthusiasm and an emergence of a multitude of open banking powered apps, the benefits are still far from reaching the minds of the masses.
In short, open banking requires banks to share their bank account owner data with secure, licensed third party service providers through technology called application programming interfaces (API). With open banking, any licensed third party service provider can, with the user's consent, view their transaction data in order to deliver a value-adding service or product.
Despite privacy and security being the pillars of the open banking standard, the practical implications still raise an important question that needs to be addressed: “can people have both the benefits of open banking and their privacy?”
What are the concerns?
Unless people are working for banks, fintechs or financial regulations, “just one in four people have heard of open banking”, according to a survey of 2,000 people by Splendid Unlimited, as reported by the Financial Times in 2019. A 2018 survey conducted by Which? Indicated that 92% of the public doesn't know what open banking is or how it could affect them.
The head of customer experience at Barclaycard Elizabeth Hartley insists that the big banks need to make open banking more user friendly and agree on customer messaging if the project is to prove successful. Business Insider reports that “Banks are particularly concerned about data security and customer privacy when it comes to adopting open banking.” 76% of banks consider customer privacy and security as concerns when it comes to open banking adoption, with 50% of fintech respondents agreeing.
Case Study: Nordigen helps IPF Digital tackle loan application fraud with greater efficiency. Read more ->
How the Open Banking Entity is handling privacy
Most people don’t know how much effort financial institutions and regulators are putting into ensuring that open banking is as secure as possible. There are strict security standards, thanks to the Open Banking Initiative, that are designed to ensure maximum consumer protection.
Consumer data sharing is consensual and regulated
Consumers’ data will not be shared without their express permission. This is a key part of the open banking standard. Consumers don't have to share their data unless they want to. Banks will allow their account holder data to be shared if and only if the consumer expressly permits the licensed third party to view it.
The Open Banking Implementation Entity is a regulated body and can therefore be held accountable for any potential risks. Their standard dictates that “only apps and websites regulated by the FCA or European equivalent can use Open Banking.” Furthermore, all open banking providers “have to comply with data protection rules, including GDPR regulation that came in in May 2018.”
Furthermore, open banking uses “rigorously tested software and security systems” of bank-level security. Consumers will never be asked to provide their bank login credentials or password details to any other party besides their bank.
Only licensed third parties can request access to consumer information
Companies that wish to access bank account holder data must be on the UK's Financial Conduct Authorities list of licensed Account Information Service Providers (AISPs) for UK and EEA. Consumers can rest easy that only companies that have received the AISP license will be asking for permission to access one's bank account data. To use open banking, providers have to “comply with the strict rules of the FCA or European equivalent.”
This will help reduce fraudulent actions committed both by companies and individuals. Prior to the open banking standard, consumers had little guarantees that companies asking to access their account information would handle it with care. Likewise, individuals were able to submit fraudulent documents when applying for a loan or a mortgage. Open banking is ensuring that customers are protected by data protection laws and will be reimbursed in cases of fraudulent payments.
Can we have both?
Absolutely. Open banking is designed for ensuring its user network privacy and security. The problem remains, however, that not many end-consumers are aware of the benefits that open banking can potentially bring. The early days of open banking and the lack of information leads to uncertainty and confusion as well as false assumptions. The open banking revolution has been happening quietly, and currently, only those actively engaged in the financial and fintech industries are up to date.
We believe that education is key. Banks, fintechs and financial service providers need to inform and educate the public about the benefits of open banking, explaining what it is, what the sector is doing to protect their privacy, and the improvements to the banking sector that open banking provides.
Open banking and privacy go hand in hand
Overall, we believe that the pros far outweigh the cons when it comes to privacy and open banking, we can indeed have both. Security and privacy are at the forefront of the minds of regulators and service providers. Companies who are transparent in terms of what data they are using, how they are using it and the security measures that are being implemented are those who will thrive in the era of privacy and open banking.