Open banking is the process of enabling third-party financial services providers to access consumer banking information such as transactions and payment history. This practice is possible through the use of an application programming interfaces (APIs).
This booming concept promotes interoperability and networking between banking information and providers, creating a smoother user experience while networking all user's accounts.
What kind of financial data are you sharing when using open banking?
Popular online resources keep referring to open banking as the process of sharing banking information and data with other entities. What kind of financial data are we talking about, though? Here’s a list of the things you’ll be sharing with external providers under open banking.
- Account holder name: John Doe
- Account type:Savings, Checking
- Currency: Euro (€), American Dollar ($)
- Account open date:13/11/2020
- Transaction details: amounts, merchants, etc.
Product and services data
Sharing is a two-way exchange. By giving access to your bank accounts data we listed above, banks and other providers can in-turn share financial data and information regarding their products and services.
You once had to book a meeting with your personal banker and go over what the bank had to offer you. With digital banking, you could browse the bank’s website and make that decision for yourself.
Open banking takes that one step further by proactively tailoring its offering to your profile and making the recommendations without you even asking. Moreover, helps providers to constantly develop new services that greatly increase the quality of your banking experience.
Open banking explained: a bit more detail
Open banking essentially describes how banks allow regulated financial providers to access, use and share your banking data. This is not done without your consent. Whether it’s ticking a box on a terms-of-service pop-up, or through an official email informing you about it, a bank will have to first get your consent to enable access to your data.
Once consent is given, these regulated providers will aggregate the data they need, analyse it and start building an accurate consumer profile.
A good example of this concept
In order to make this a little simpler, let’s use personal finance as an open banking example to understand its application in real life. Personal finance is the lifecycle of financial management activities which a consumer performs to save, spend, budget and invest their monetary resources.
In the past, personal finance consisted of visiting the bank branch and talking to your banker, pulling out a calculator at home, taking notes, making calculations and trying your best to manage your wealth.
With money being divided into different accounts, different loans, interests, standing orders, payments and ongoing spending, doing it the old way does not cut it in this day and age.
Today, personal finance is digital and consumers need to access, manage and interact with their finances on the go, from the palm of their hands. This is where open banking comes in to elevate the usage experience.
While seeing your account balance and transferring money instantly are great feats, they are simply the foundation of what it can do.
By accessing your account information, third-party providers can improve the relevance of services they suggest. For example, if you have created a savings account titled “New house” in which you save a specific amount per month, they can recommend a loan tailored to your income and savings capabilities.
Other features that can be afforded are:
- budgeting tips
- savings notifications
- price comparison features
- real-time updates on
- customised investment advice
With open banking, suddenly goes from reactive to proactive since you now have a partner in the background, constantly analysing data and suggesting a better course of action for your financial well-being.
A brief history open banking and finance industry
Open banking is changing the way we bank and use financial services in the modern world. Its market is growing steadily. A report by Allied Market Research announced a 24.4% growth and predicted the market value will reach over $43 billion by 2026. How did we get here, and when did all of this begin?
1980: Screen test conducted by German Federal Post Office
While open banking in practice has only been around for a short while, roots for the concept can be traced back to 1980,when Deutsche Bundespost (German Federal Post Office) conducted an experiment. The organisation ran a screen test with five external computers, and invited approximately 2,000 private users to participate.
The experiment was introduced to test their new online banking service, marketed under the slogan “My bank in the living room”. As part of the online service, the users could make online transfers using the code “300#”.
This experiment proved to be very impressive at the time and is considered the first appearance of a self-service banking machine. The innovation led to the development of the Home Banking Computer Interface (HBCI) in 1998 and Financial Transaction Services (FinTS) in 2002.
1998 - 2002: The emergence of HBCI and FinTs
The next step towards open banking was the development of the Home Banking Computer Interface (HBCI) in Germany, an open standard for customer self-service machines and electronic banking.
It took 4 years to create and was officially launched after the introduction of HBCI 2.0 in 1998. Through this innovation, security protocols, message formats and transmission procedures were established.
In 2002, HBCI was replaced by FinTs (Financial Transaction Services). These allowed for the use of signature cards and offered a procedure for PIN/TAN. A banking security system where customers need to provide their identification number (PIN) to gain access to their accounts, and a single-use transaction authentication number (TAN) for a second level of authorisation.
Both of these numbers are in place to prevent fraudulent activities and to verify user identity, which are two of the most important pillars in open banking security.
2004: The creation of SOFORT
In 2004, HBCI and screen scraping were combined to create what is now known as SOFORT. Screen scraping refers to the process of collecting and sharing screen display data from an application. For this to occur, the bank customer must grant the service provider permission to access their banking information and provide their login details. The service provider can then access the account as if they were the customer.
In the case of SOFORT, the customer would log into their account to pay for a service digitally and the provider would take over to perform all the following steps up until the transaction.
At the time, screen scraping was seen as innovative, but an application programming interface (API) is a more secure and straightforward option.
2007: The first Payment Services Directive (PSD1)
In 2007, the European Commission devised thePSD1. Its objectives were to stimulate competition in the banking and finance segment, enhance the quality of services provided and to protect the end user. The creation of the directive has led to:
- a new industry category – payment initiation providers
- a regulatory framework that permits non-banks to execute financial transactions
- the implementation of transparency regulations for banks and payment initiation providers regarding services and fees
- SEPA, a payment-integration initiative in the EU for streamlined euro transfers
- the growth of the fintech sector, as financial institutions now had more capabilities and opportunities
2009: Giropay vs SOFORT
In 2009, German digital payment service Giropay filed a lawsuit against the operator of SOFORT, Payment Network AG, accusing them of creating unfair competition and endangering the security risks of online banking.
The accusations were countered by the Federal Cartel Office and the European Cartel Office in 2011 for the sake of preventing discrimination against competitors that operated independently outside of traditional financial institutions.
This occurrence set the foundation for increased competition in the online sector and prevented monopolisation in the industry. This was a huge step for fintech companies and an opening for alternative payment systems to fill.
2018: The second Payment Services Directive (PSD2) is implemented
In 2018, PSD1 was replaced by an updated version – PSD2. The new directive expanded on the foundations set by its predecessor and had a profound impact on banks and banking institutions. PSD2 required banks to expose open banking API access to authorised third parties.
The focus of the directive is on setting up a more integrated and efficient European payments market, while helping to level the playing field for payment initiation services.
There are two types of official open banking providers under this set of regulations:
- Account Information Service Providers (AISP) – companies authorised to access an individual or business account data sourced from their banks.*
- Payment Initiation Service Providers (PISP) – companies that are not only authorised to access data, but also to initiate payments on behalf of their customers as well.*
*Access to both account information and payment initiation can only happen with explicit consent from the customer.
This regulations have already made it easier for new market entrants and third party providers to gain access to this new market, improve their product offerings, and increase competition. Open banking paved the way for many amazing and innovative financial solutions, and the future is destined to be filled with even more.
Open banking pros & cons: opportunities and challenges
Every new breed of technology comes with its own set of benefits and challenges. In this specific situation, the use case is two-fold, since we have to look at both the customers and the market/businesses who are affected by it.
Advantages of open banking for businesses
More competition, fewer barriers to entry
The banking industry used to be one of the most rigid, legacy-burdened industries in business. Consumers would open a bank account and all their data would be centrally stored and kept with that one bank, creating an inefficient dependency between consumer and financial institutions.
There was no room for small businesses to enter this sector, since the banks and building societies were set to dominate the space.
With the introduction of open banking, new players have access to the same data as big banks, allowing them to innovate and create new, more affordable alternatives to traditional financial services. Open banking has democratised the space, tearing down barriers to entry.
Banks will have to improve their offerings
Increasing competition will bring the best out of banks as well. It is important to highlight that it's not here to put traditional banks out of business. If anything, it’s an opportunity for them to rise up to the challenge and take steps towards a digital, more customer-centric future.
It’s not a coincidence that traditional banking institutions have recently released banking apps and online banking solutions for their customers, allowing them to benefit not only from a better experience, but also better deals.
Banks are seeing the fintech evolution happening right in front of them, and they are embracing change by adopting the new tech.
Increased customer engagement, greater chance at success
Open banking improves the relevance of services suggested to consumers, which innately increases the chances of customer engagement. The more personalised a service is to a customer’s needs, the greater are the chances the customer will interact with the brand.
Some benefits of open banking for consumers
The bank is in their hands
Remember when you had to ask your manager for a few spare hours in the morning to sort out your bank obligations? Standing in a queue outside your local bank branch waiting to be served by the bank representative with a questionable attitude?
Those days are gone. Digital banking has brought the bank to the palm of your hands, and open banking is making it stay there. Open banking gives consumers a different depth of services to what traditional digital banking used to do. Now, it’s so much more than checking your account balance.
Open banking makes the banking experience interactive, as it proactively advises people on their financial wellbeing based on advanced analytics.
Consumers are in control of their finances
The relationship between traditional banking institutions and consumers used to have very defined parameters – banks had the lion share of the power and consumers were the ones in need of banks. Open banking is shifting the balance of power, putting the customer in the driver’s seat.
By opening up Pandora's data box and unleashing the power of analytics, open banking has made financial services an open and fair playing field for traditional banks and fintech companies alike. Consumers not only have more choice about their financial provider, but they are the only decision makers when it comes to sharing their data.
Banks are no longer the de facto keepers of personal data. Open banking has given that right back to the consumer.
All the information they need is centralised
To make a financial decision, consumers need to have as much information as possible to ensure the best possible outcome. With all the accounts linked together by an app and available on a single platform, open banking is helping you make the most beneficial decision for your financial well-being.
The constant growth – both in quality and quantity – of AISPs, the access to financial data through open banking, gets easier every day.
With open banking, consumers have an ally, a partner looking for them. Not all of us have the business acumen or foresight to plan, budget and invest in the best way possible. Open banking technology does the dirty work for us, analysing our habits, picking up on trends, and tailoring banking products that fit our profile. As an example, open banking can help you to manage your savings accounts in a much efficient manner.
On top of that, it also helps consumers to make purchases online in a more simplified, fast, and secure way through a regulated payment provider.
Cons: open banking challenges
Resistance to change and misinformation
We, humans, are creatures of habit and change is something we always take with a pinch of salt. Especially when that change comes with a very basic and vague title billing it as “sharing your data with a bunch of companies”.
Open banking is facing the same challenge every new type of technology faces when they try to change the way things have been done for long periods of time – misinformation and lack of trust.
It takes time for a concept to prove itself to the public and in all fairness, open banking is actually doing pretty well in terms of powering through this first wave of resistance.
Considering it came into effect in January 2018, 24.7 million individuals worldwide used open banking services in 2020, a number that is forecasted to reach 132.2 million by 2024.
Removing the human element – building a purely digital brand
Yes, removing the need for a banker or waiting in line for hours is a major benefit for consumers, but at the same time it poses a major challenge for banks. By removing the human element, banks lose a major competitive advantage in their branding and customer retention efforts.
Many consumers used to correlate their bank allegiance with the level of relationships they developed with their banker or the person who served at the register in their local branch.
With open banking empowering the move to a completely digital offering, any financial organisation will now be judged purely on the strength of their financial products.
The brand used to be its people, and now it becomes the product and the efficiency of service it provides. That’s a huge adjustment banks need to make.
Regulation is playing catch up
Open banking essentially proposes the idea of unbundling retail banking services, creating more layers and segments. With financial regulation already being a huge undertaking for the more compact, traditional financial system, regulators are now faced with a greater challenge.
They will now need to find new ways, and more resources, to oversee a much more fragmented financial ecosystem that will keep growing exponentially.
To add more obstacles and raise the level of difficulty for regulators, this ecosystem will also include non-financial services companies performing either regulated activities, or acting as third party providers of outsourced critical functions.
Here’s how Christine Lagarde, the Managing Director of the International Monetary Fund, explains this new reality for regulators:
Traditionally, regulators have focused on overseeing well-defined entities. But as new providers come on stream in new shapes and forms, fitting these into buckets may not be so easy. Think of a social media company that is offering payments services without managing an active balance sheet. What label should we stick on that?
Open banking security – how safe is your data?
Open banking is as safe as traditional digital banking. If you trust any digital banking activity, such as sending money from your smartphone, there is no reason why you shouldn’t trust open banking technology.
If anything, the API technology was designed to make the access, transfer, and management of information more secure. Access to APIs is safeguarded by specific banking industry standards such as the PSD2, which require technical authorisation, user authentication and consent.
As an example, open banking in the UK is regulated through the Payment Services Regulations (2017), which brings the PSD2 into law. In the European Union, each member state has a specific regulatory entity responsible to enforce all the needed measures to ensure the safety of open banking.
Couple that with the fact that the technology requires integration with web single sign-in and Identity and Access Management (IAM) and what you have is layers upon layers of security that fortify your data.
Be careful of open banking fraud
Remember the most quoted line from Spider-Man? It’s actually a line from Uncle Ben and not Peter Parker that reads, “With great power comes great responsibility.” While open banking will not ask you to protect people by jumping from building to building, it does grant you both.
Being the sole decision maker of whom you share your financial data with, you need to be very careful who you share that information with:
- Much like a phishing email is an attempt to access your personal information, don’t be surprised if people pose as third parties that ask you to grant them access to your data. Always check the firm or person you're dealing with is listed on the Financial Conduct Authority Register.
- When you transfer your data using an API, you should always be redirected to your bank's website to sign in to a bank account. Allow some time to check that the website you’ve landed on, is definitely the right one by checking the URL, ensuring it starts with “https://” and that it's a website you recognise.
But as expected, you are not the only security layer when facing fraud. Integrated in PSD2 is a security process called Strong Customer Authentication (SCA), developed to ensure remote transactions are as safe as possible.
With SCA, the main goal is to ensure the customer's identity and avoid fraudulent transactions to happen within the ecosystem.
Is open banking secure?
The short answer is an undeniable yes. With the use of regulated APIs, both the bank and external providers can guarantee safe and easy access to transaction data and even initiate payments. Open banking is also more secure than screen scraping, because there is no need to share passwords and user credentials to access your financial data.
You can get all your related questions answered in our dedicated FAQ page.