Why Security And Digital Trust Are The Key To Open Banking’s Success

Forbes / Rodger Desai / October 5, 2021

In July, the White House issued an executive order asking the CFPB to work on rules for secure data sharing between consumers and banks. The order intends to promote healthy competition in financial services, enabling consumers with better choices and improving security in financial data exchange. While data sharing using legacy methods has been prevalent in the U.S. banking and fintech sectors, this order could pave the way for a formalized rollout of open banking in the country, driven by common technical standards and governance.

Global consumer adoption of open banking is expected to grow fast in the next three years. Estimates predict an annual growth rate of 50% from about 25 million users worldwide to over 132 million users by 2024.

Challenges Facing Open Banking Implementation Globally

Based on the experience of the U.K. and the EU, the adoption and success of open banking hinges on the optimal balance of security and consumer experience. It is beyond debate that consent-based sharing of financial data must be accompanied by strong security and data protection. At the same time, conservative authentication practices introduce friction in the process, thereby hampering customer experience. The potential negative impact of strong customer authentication (SCA) on consumer payments experience has been one of the sticky areas in PSD2 compliance in the EU.

Consent-based data sharing opens up sensitive consumer identity data that goes far beyond pure PII (personal identifiable information), mandating the obvious need for stronger authentication. While companies have implemented multi-factor authentication, primarily using SMS OTPs (one-time passwords) to meet compliance requirements, a host of security concerns have stood in the way of widespread adoption and acceptance of open banking. Here are some of them:

• Stale Contact Data In Banking Records: Many customers do not have their mobile numbers and other contact details updated in their banking records, resulting in the possibility of OTP delivery failures and, worse, fraudulent transactions.

• Rising SIM Swap Fraud Globally: The U.S., the U.K., and the EU have particularly seen a massive increase in cases of SIM swap fraud. SIM swap hands over the control of the phone number and consequently OTPs to the fraudster.

• Overall Erosion Of Consumer Experience: In the wake of potential security issues, banks, payment processors and accredited third parties have implemented stronger authentication for virtually all transactions causing an increase in transaction dropouts, decreased engagement and overall deprecation in customer experience.

Solving The Security-CX Conundrum

As open banking design and implementation gain attention in various geographies, security policies would be periodically recalibrated based on the level of fraud (as followed by PSD2 Transaction Risk Analysis rules) and the impact of the rules on consumer experience and convenience. Companies participating in the open banking ecosystem must ensure the secure exchange of financial information under all circumstances and yet make the experience frictionless for the consumer. 

Banks, merchants and accredited service providers should look at the following two ways to ensure an optimal balance between security and customer experience.

1. Measure The Trustworthiness Of The Transaction: Using device- and phone-number-related attributes and intelligence helps measure the trustworthiness of a transaction in real time. Phone-centric identity is a significant upgrade on identity verification and authentication based on traditional identity data sources. It can not only prevent identity fraud, a common threat in personal data exchanges, but it can also create a positive impact on revenue.

2. Upgrade To Stronger, Passive Verification And Authentication Methods: With SMS-based OTPs becoming increasingly unpopular, financial institutions must upgrade to passive authentication methods such as behavioral biometrics. Behavioral biometrics leverages dynamic user attributes such as motion and environment to thwart identity takeover fraud and comply with globally accepted principles of multi-factor authentication. At the same time, it completely eliminates any friction in the process, thereby leveling up consumer experience. Companies may also consider adopting FIDO-based standards to create frictionless in-app authentication experiences that are highly secure.

Role Of Open Banking In Promoting Digital Identity

Open banking rollouts are being used as a pilot to future implementation of open data sharing across industries in many countries (e.g., Australia, India and the U.K.). The current scope of open banking (being extended to open finance in some countries like the U.K., Canada and India) is restricted to financial data and payments. However, the principles and framework of consent-based data sharing in open banking can be easily extended to let consumers and enterprises exchange identity attributes, helping establish a digital identity trust network. The Digital Identity and Attributes Trust Framework in the U.K. and Australia are programs heading in this direction. 

Over time, we might see a plethora of identity service providers acting as intermediaries or custodians of trusted consumer identity tokens, equipped to share the same with enterprises wanting to consume it based on consumer consent defined for specific purposes.

The secure sharing of digital identity can enhance several use-cases across industries, most prominently financial services and health care. Enhanced trust brings down transaction costs, promotes inclusion and fosters innovation. Here are some practical scenarios where consent-based sharing of digital identity makes a difference.

1. Simplified Customer Onboarding: Validation of a bank-certified digital identity can simplify KYC (know your customer) and prevent identity takeover fraud during the onboarding process, significantly lowering customer acquisition costs.

2. Cutting Down The Cost Of Health Care: Digital identity tokens can be shared across health care service providers based on consumer consent to access health care records, potentially reducing the cost of rendering health care services.

3. Inclusion Of Underserved Segments: Thin-file borrowers and other segments excluded from the mainstream economy due to asymmetric information and trust can now get access to credit and better health care.

The Future Of Open Banking

Open banking implementations that we see today are just the tip of the spear. In the next few years, we will see the evolution from what is just open finance today to an open data economy that transcends industries catalyzed by an evolving environment of digital trust.

How fast we get there will be determined by how well we enable a secure and frictionless environment for it to happen.