Open banking is set to take the financial world by storm. When consumers allow third parties to access their banking data, financial companies and institutions can create more tailored products and services and drive innovation, convenience, and value. However, inherent in the handling of sensitive financial information are cybersecurity risks, and they’re not going unnoticed: 53% of people surveyed in this report see open banking as a “dangerous” use of data sharing. It’s no secret that the financial services industry is a prime target for cybercrime, and with a cyber attack in the banking industry costing $18.3 million on average, could open banking raise this cost even further?
Rather than see these risks as a reason to step back from open banking, however, financial institutions should be proactive in mitigating potential threats and embrace all that open banking has to offer. There are risks inherent in using almost all financial services, but that doesn’t stop the majority of the global population from enjoying their benefits in one way or another.
In this article, we’ll look at what the existing cybersecurity threats are around open banking, and how individuals, companies, institutions, and regulators can proactively address those risks.
But first...
What Exactly is Open Banking?
With the consent of the user, open banking allows third-party financial services to access their data on banking, transactions, and other financial activities. This data on consumer activity can come from banks and other financial institutions and is shared through application programming interfaces (APIs).
As it allows for data sharing, open banking is poised to drive serious innovation in the banking industry, allowing third-party providers to create tailored products and services that best suit their customers’ needs. Many argue that open banking promises to reshape the competitive landscape as it supports exceptional customer experience.
With valuable data, third-party financial services will be able to use the customer’s banking activity to better target them with financial service options, analyze aggregated data to create separate marketing segments, help facilitate a customer’s switch from one bank’s checking account to another, and much more.
However, with so much consumer data flowing between different actors, it’s vital that those banks, financial institutions, and third-parties that adopt open banking do so with cybersecurity in mind from day one.
What Are the Risks of Open Banking?
Some of the primary risks associated with open banking are data breaches as well as human error. If the third-party providers’ APIs do not meet security requirements, data breaches could occur, affecting the consumer and the bank that has shared that data.
Vulnerabilities in a third-party company’s web or mobile application could open doors for hackers to enter and engage in fraudulent activity, such as requesting fake payments or posing as an individual user.
On the individual level, too many people lack the awareness of how their personal choices affect their data security. Most cyber-attacks are aimed at individuals, and 81% of them have targeted users with weak or repeated passwords. With 61% of users using the same passwords for all of their accounts, it becomes significantly easier for attackers to access data that’s strewn across multiple digital locations.
Prioritizing Cybersecurity Within Open Banking
There will always be risks in sharing sensitive information with a digital product, whether that’s entering your credit card information online or logging into a digital banking platform. However, most people don’t allow these risks to stop them from using those products, as they have a level of trust in the security of the platform.
The same must become true for open banking. It’s vital that both consumers and financial actors don’t shy away from open banking as a whole, but rather educate themselves and create the necessary frameworks to promote security and safety while sharing data.
Users should also be educated on how responsibly handle their data and ensure its protection in the digital realm. This means creating strong passwords and never sharing them, while any digital financial service should always implement multi-factor authentication (MFA) to add additional security. This is a no-brainer, as MFA blocks 99.9% of account takeover attacks. Encryption technology is also essential to protect data while it’s being shared or stored.
Going further, financial institutions and third parties can enhance their monitoring of suspicious activity by using machine learning (ML) algorithms. ML systems can learn from past data on instances of fraud, flag anything unusual, and suggest the appropriate action. Unlike previous manual monitoring methods, automated threat response systems can keep up with the rate of attempted attacks.
All of these measures must be embedded proactively into cybersecurity policies from the outset, rather than used to patch up issues after-the-fact.
The Role of Regulators
All third parties must comply with basic data protection rules, such as GDPR regulation in Europe. On the governmental level, regulators must step up and advance mechanisms that establish strong cybersecurity standards while ensuring not to cull the growth of open banking.
This is already in action in the UK—the birthplace of open banking—as regulatory authorities like the Financial Conduct Authority (FCA) verify that the apps or services requesting data are trustworthy, while the Open Banking Implementation Entity (OBIE) is responsible for API standardization, central infrastructure, and governance. Communication between all parties, from banks to fintechs, to regulators, will be vital to develop coherent, strong frameworks and best practices.
These bodies also play a vital role in ensuring that consumer concerns are reassured, providing authenticity to the services that are collecting their data.
Open banking is not going away, in fact, it’s already poised to rewrite the rules of the financial sector. Promising to provide better value, experience, and convenience for customers and allow banks and third-party companies to drive innovation in their products and services, open banking is too big an opportunity to ignore.
To build a secure ecosystem that keeps all parties’ financial information safe, there must be a commitment to cybersecurity on all sides—from governments and regulators, all the way down to the individual user. Only then will open banking gain the support it deserves and help build the financial world of the future.
