The open banking revolution is quickly gathering momentum. While the transition is likely to increase the operational efficacy of banking and heighten customer experience, it also threatens to expose individuals to privacy and security shortfalls. With banks required to divulge personal financial information, basic protections can no longer be guaranteed. That’s where digitally verified self-sovereign IDs come in.
The Benefits of Open Banking
It’s been one year since the second Payment Services Directive (PSD2) went live. In that time, and despite disruption from covid-19, over two million customers have started using open banking-enabled products. The figure has doubled since January 2020, with a steady uptick of 160,000 users per month.
The open banking initiative has unearthed a latent desire in consumers to exercise their data rights, benefiting both themselves and their finances. At the same time, it’s expanded the market for finance-touting business models, fostering competition, and allowing small businesses to successfully bid for consumer attention.
Open banking represents the interoperability consumers so direly needed. Since its inception, a deluge of apps and tools to manage finances have swamped the market, allowing users a linchpin to their once-segregated banking systems to streamline, organize, and even aggregate separate accounts in a single application.
It’s not purely accounting-centric either. Open banking has allowed third-party developers to produce a litany of novel offerings such as couponing, rewards and discount apps, credit building apps to help mortgage applicants get off the starting mark, and even cryptocurrency conversion apps allowing token holders to pay in crypto.
Open Banking, Open Risk
While the benefits of open banking look to keep it in vogue and its adoption rate climbing, privacy, and security drawbacks remain potentially significant. The biggest danger for the banks is they have provided the service as agreed with the regulator, but once beyond their walls, privacy and security can go awry. And that’s not good for any of us, customers, or banks.
Under open banking regulation, very few safeguards exist to protect customer data should it fall into the wrong hands. For example, malicious actors could effortlessly establish a fintech for the sole purpose of swiping important financial data. Risks also extend to the exploitation of legitimate fintech infrastructure. All it takes is an attack on the central server of one of these fintechs—or even via the app itself—for bad actors to gather what they need to impersonate the users.
In addition, many fintech apps still use outmoded and insecure two-Factor authentication (2FA) in the form of SMS or email to verify transactions, which is no longer fit for purpose. Attacks arising from sim swapping and email hacking can easily circumvent 2FA in its most basic form.
But it’s the end-user that is at most risk of attack. Phishing emails appearing to be from a third-party provider asking for a password or other pieces of sensitive information could place the user’s data in jeopardy.
While many consumers have been conditioned to ignore such communication from banks, apps have a tendency to leverage their mailing lists to push users a new product, service, deal, or even a newsletter. As such, unsuspecting consumers could be caught off guard and unwittingly provide access to malicious actors and hackers.
In the same vein, open banking makes it very easy to send the wrong money to the wrong person. Bad actors achieve this via invoice fraud—or sending a payment in response to an email with a sort code and account number.
The globalization ushered in under the innovation of open banking also presents a regulatory risk, on a global scale. No longer are due diligence processes limited to one country, language, or regulator. It’s now paramount to have a real-time pan-EEA view of all regulated entities so customer data and financial information can be protected, and the Open Banking ecosystem can operate as intended, in a secure way. That’s where verified digital identities can counter this.
Owning Our Data
Disclosing financial data was always bound to end in tears. But that doesn’t mean it has to stay this way. Instead, consumers and businesses on either side need to control and secure that data themselves. Digitally verified Identity and payment may prove to be the answer here.
Harnessing biometrically validated digital IDs underpinned by the immutability of the blockchain and connected to the payment source, not only removes the onus on third party businesses to keep our financial data safe but it can also remove the risk of fraudulent push payments and identity theft.
Rather than using the antiquated username and password combination coupled with insecure SMS and email verifications, the customer could frictionlessly tie their digital ID to their bank through apps, platforms, and services—all without intermediaries endangering the customer’s privacy and security or indeed that of the bank itself. In turn, the bank can provide the customer with their rightful access to the services and products with confidence.
Digitally verified IDs also help mitigate (even eradicate) push payment fraud. With verified IDs on either side of the transaction, payment requests made outside of the established channels cannot and will not be processed.
Perhaps most importantly, digital IDs ensure that the person who is logging in is the rightful owner and that the service connecting a user to their bank is doing so in a secure environment.
This also caps the chance of data breaches with all information cryptographically secured. Additionally, with the use of technology such as zero-knowledge proofs, the information can be cryptographically proven without revealing any information. Upon exceptional requests or functions from the customer, additional verification can be sought through the digital identity in the form of biometrics, from controlled devices, and or additional biometric verification.
Blockchain can also help evolve the system by recording private transactions and activities to inform and reinforce future legitimate interactions and help prevent irregular ones.
This will undoubtedly increase the viability and success of open banking, enabling an entire ecosystem of services to securely offer more to consumers and cultivate further innovation within the financial sector—bringing easy privacy, security and peace of mind to both individuals and banks.
Get The Best Financial Tips
Straight to your inbox
Subscribe to our mailing list and get interesting stuff and updates to your email inbox.
Thank you for subscribing.