API, Daily news, data security, Fraud & Security, Open Banking, Open Banking ecosystem, Open Finance, Risk & Compliance -

Businesses want more assurance on data security to adopt Open Banking

42% of financial services businesses want better support and guidance on data security in relation to Open Banking, according to recent research on the market.

The survey of financial professionals including banks, lenders and retailers, revealed businesses want better education and training, alongside increased guidance, to help reduce fears around the security risks of Open Banking adoption. Respondents also stated that they wanted this support to come primarily from regulators.

This ranked higher than taking a “wait and see” approach by allowing more time for Open Banking technology to develop (39%), which has often been cited as a way to assuage data security concerns, but as Yolt’s Data Security In Open Banking data demonstrates, won’t solve the issues businesses are facing.

There are currently close to 3 million people in the UK using some kind of Open Banking service, rising by over 1 million users in under a year.

In other countries Open Banking also is growing – in Italy, for instance, 8 million Open Banking API calls were made between July and September 2020.

The increasing global shift to Open Banking usage is a promising indicator for the future and the perfect foundation for the potential use of a broader open finance model.

Open finance would see Open Banking APIs used to cover a broader range of financial products such as savings accounts, mortgages and pensions. It would expand the current limited scope of payment accounts to one that is more inclusive and allow people to have the option to manage their entire financial footprint digitally.

However, while Open Banking innovation and the increased availability of APIs has enticed early adopters, there is still a lot to be done before we are able to reach an open finance framework.

Yolt Technology Services (YTS) recently surveyed 800 business leaders in sectors across the financial services industry in both the UK and the Netherlands to understand the role of data security issues in the Open Banking ecosystem.

Data Security

The research showed would-be Open Banking adopters have questions and uncertainties around data security, data sharing, and the Open Banking model.

YTS found a significant portion of respondents felt better education and training (42%) and increased guidance from regulators (42%) would be the best way to alleviate business fears about the data security risks of Open Banking adoption.

The current general regulatory environment was also perceived by almost one in five respondents (17%) as the greatest risk to widespread adoption of Open Banking.

To maximise Open Banking’s potential, more needs to be done at a regulatory level to educate businesses and consumers about its inherent data security controls.

Better guidance from regulators could also help change how many businesses currently perceive the regulatory environment. Greater regulatory support would also ensure all companies are held to account when it comes to the delivery, availability and performance of the API and the data within.

This support is essential for creating a collaboratively developed and, therefore, richer open finance ecosystem.


Barriers to Entry

One of the main barriers to the adoption and growth of Open Banking is the common lack of understanding of Open Banking within the wider ecosystem, as demonstrated by YTS’ ‘Unlock the Value of Open Banking’ report.

Even within financial services companies themselves, understanding of Open Banking is not always correct.

For example, a customer might call their bank to ask if they can share their data with a trusted and authorised Third-Party service Provider (TPP), and the response from the bank employee could be that they should never share their data.

For good reason, this has been the general stance adopted across the industry for many years, but it’s important to know that Open Banking was designed with security and control for customers as a central pillar.

Screen Scraping

It’s possible that concerns have arisen because of the role that screen-scraping has previously played in the data sharing process.

It’s true that with screen-scraping, banking credentials are stored with another business and cannot be easily recalled, giving the consumer less control over their data.

However, the UK’s Open Banking infrastructure is designed to operate solely through API-powered sharing, and many providers have subsequently moved away from screen-scraping. Strong Customer Authentication (SCA) is producing a similar effect in other countries.

Such examples of mixed messaging around screen-scraping vs API-powered sharing do not help to address the misconceptions around Open Banking, nor do they encourage further adoption, but the data reveals that this is down to how businesses perceive the risks at a basic level.

A clear split emerged between respondents on whether they think data security is a business risk or customer risk. 48% believe it to be a business risk, as Open Banking requires organisations to take ownership of and responsibility for large amounts of financial and personal data, and this can result in a costly fine should anything go wrong.

On the other hand, 47% think that the data security risk is more a customer risk, because Open Banking is a new service that customers are unfamiliar with, which might make them unlikely to want to share the necessary amount of data.

Interestingly, survey respondents from the Netherlands and the UK had opposing views on this subject – 58% of respondents in the Netherlands falling in the customer risk camp compared to 59% of UK respondents feeling that business risk most closely defined the risk of Open Banking to data security.

The post Businesses want more assurance on data security to adopt Open Banking appeared first on Payments Cards & Mobile.