Open Banking (the UK’s implementation of PSD2, the second European Payment Services Directive) is an attempt to improve competition and stimulate innovation in the banking market.
In a nutshell, it does so by telling nine UK-regulated banks to share account data (subject to the account-holder’s permission) with services or apps that customers get from a marketplace of authorised third parties. These third parties offer a range of services, such as financial analysis based on the customer’s recent transactions, visibility of all a customer’s accounts in one place, or even cutting out middlemen such as Visa or Mastercard when paying bills.
Of course, embracing Open Banking presents opportunities. Just look at the Nordics, where more than 2,500 third-party developers have registered for access to Nordea’s Open Banking platform in Finland and Sweden, which will soon extend to Denmark and Norway.
The potential scale of the new digital banking community is impressive, but based on our experience, we see another, equally critical, benefit to both customers and banks.
Curious about how AI will revolutionise retail banking? Our interactive illustration can help you understand.
Compared to traditional ways of providing banking aggregation services, such as screen scraping (where the service effectively impersonates a customer to access an account), Open Banking is less risky.
This is a view shared by the Financial Conduct Authority’s (FCA) Director of Retail Banking Supervision, Karina McTeague, who believes Open Banking will only get better. During a speech at 2018’s Pay360 Conference, she said “changes designed to enhance secure delivery of account information and payment initiation services” are still to come in 2019.
As Open Banking embeds itself into the UK banking landscape, it will continuously give rise to new opportunities.
To start, secure APIs will increase security and drive innovative services. They do this by moving away from screen scraping and form filling for sharing and requesting information, and by facilitating secure real-time transactions.
The use of crypto-tokens for authentication will add another level of security. This is better for consumers as they remove the need for third-party providers to store sensitive banking credentials in order to access data held by their respective banks and limit the amount of data available to them.
Instead, third parties will be issued with crypto-tokens following verification and approval by consumers who would normally be redirected to their bank to log in as part of this process (often during on-boarding). Third parties may then use the token provided to request access a restricted subset of consumer data direct from the issuing bank in a limited and time bound way.
Strong Customer Authentication (SCA) technical standards will arrive in September 2019. These will help reduce risks associated with using weak customer credentials such as passwords. The standards are one element of a range of controls and tools banks and new payment service providers will need to adopt as a part of PSD2 to counter fraud.
The FCA will also have greater regulatory oversight based on European Banking Authority (EBA) guidelines. These include areas such as cyber security and access controls, and broader operational resilience controls. This will provide a baseline control set for compliance, lift the quality of controls already in place in some firms and ensure a minimum level of customer protection.
Open Banking, therefore, offers a foundation for delivering innovative and secure services based on common standards and greater regulatory oversight. In doing so, both customers and providers can benefit while feeling confident that their data is safe.