The best practices for safer adoption of open banking
Article by IAM consumer authentication solutions, HID global's security and technology evangelist Edwardcher Monreal.
Asia-Pacific is a leader when it comes to open banking, thanks to the region's extensive digital ecosystems and a willingness to share data. Both financial institutions and tech firms have developed data-sharing infrastructure, and adoption rates are high in many countries belonging to the region.
While Australia is not ahead of the pack necessarily, it is moving steadily towards a wide and well-planned open banking rollout. We are already moving towards open banking in stages, through a shift to more consolidated methods therefore giving control back to customers. This also drives tighter competition and therefore is the catalyst for evolution from financial institutions. In July of 2020, open banking was launched through four major banks and all others are expected to follow by 2022.
Despite these key milestones, Australia is adopting open banking slower than was initially expected by many fintech organisations. However, the elements are moving into place for an acceleration of that process, and fintechs are well-placed to capitalise on an eager market once it begins to open up, with mature technology ready and waiting for consumers.
Financial institutions have also made notable progress in 2021 by signing additional data holders, thus pushing the financial market to open up their banking services online.
Strong data policy requires a strong foundation
Australia already has a strong data sharing policy called consumer data right (CDR), which is being incorporated as part of the foundation for open banking. This will ensure the safe and secure transfer of consumer data.
CDR is encouraging banks and payment service providers (those who hold the data) to share essential account information when requested. It is, however, imperative that this relies upon consent given by the data owner, in this case being the consumers. This is strengthened by a commitment to user experience guidelines and financial application programming interface standards.
Australia has already adopted a strong stance on security, which is another essential component of data policy. CDR prescribes that data holders follow financial-grade API profiles to standardise data schematics (JSON) and program interface (REST) in order to accelerate open banking adoption.
Security and privacy can be consistently implemented through OAuth2 and OpenID Connect providers. This means that every digital customer and open banking service provider will be able to transact with a higher assurance of safety and interoperability.
Managing security in the open landscape
With open banking comes the need for expanding digitalisation. This, in turn, widens the threat landscape related to financial crimes.
The move to digital banking has already provided organised crime and cybercriminals with increased opportunities for identity theft and various online fraud in the digital space. The subsequent move to open banking only expands those opportunities, if not very carefully controlled. Without proper management, these online threats will erode trust in the banking relationship between consumers and organisations.
It is therefore imperative to have a consumer experience strategy that is balanced with strong security protocols when adopting open banking. This must be based on a framework of trusted identity, password and authentication solutions that are consistent and seamless throughout the customer journey while also maintaining full compliance with CDR.
Adaptive authentication is one such option, allowing users to choose between various methods of proving their identity, including security tokens and biometrics.
Stronger forms of authentication such as simple mobile push authentication are highly recommended for customer logins, especially since SMS on its own is no longer a strong enough authentication option.
A positive user experience from start to finish
Globally, regulations have evolved in tandem with open banking developments to reduce risk and protect against fraud. The financial industry, however, stands at an inflection point.
As offerings expand and consumers demand more customisation, choice and control, the companies that win will be those that go beyond what is required by regulations and gain trust while better aligning with customer needs.
In Australia, we see that the ecosystem at this stage is very much enabled through four major banks that have moved ahead of the pack by already offering open banking services. The 'Big Four' cover a large portion of the population and therefore contribute a lot to the adoption of the framework.
As open banking is adopted by other institutions, this framework needs to be kept consistent in order to maintain the trust that has been created by early adopters.
Simply put, gaining trust is the end goal. Today's banking community needs to focus on offering a seamless experience while securing digital channels effectively. These components are the keys to successful adoption in this era of digital banking.