The Open Banking system was designed to give consumers more control over their financial information and access to a wider range of products and services. However, there have been concerns over the general safety of consumer data as we approach this new banking revolution.
Below are some of these concerns:
One of the principle concerns is that the data will be become compromised somewhere in the transition between banks and third party providers.
For most of their history, banks have had complete control and security over the sensitive data that they have been entrusted with and the systems of how they transfer this data.
With the introduction of Open Banking, banks must now open up new communication portals to give TPPs access to their customer account details as these systems have previously never needed to be in place before now. Banks will be interacting with these companies without having a full understanding of their security measures which proposes a new risk of where the data will end up being held.
As a result, banks may be exposed to hundreds of new threats which are outside of their normal areas of control. If these new portals are not completely secure, then they are at risk of being compromised and thousands of customers could have their information stolen by various fraudsters and criminals.
To ensure that these communication portals are secure and any data intercepted will not be exploitable, advanced encryption methods should be put into place. This will make it so the data being transported will be completely unreadable to the malicious party.
Compromised Third Party Providers
Another big concern is the possibility of a third party provider being compromised by fraudsters. Even regulated and monitored firms aren’t completely free of risk which was demonstrated by the major hacking of Equifax in 2017 where 693,655 UK customers’ details were at risk.
If an FCA regulated third party provider is hacked into and compromised then hackers can send requests, that appear to be authorised, from those companies to the banks to request customer information. Under the new rules of Open Banking, banks must allow FCA regulated companies the data they have requested, provided they have explicit consent from the customer in question.
With scams now becoming far more sophisticated than ever before, I doubt that it will take long before they find a way of spoofing customer consent.
This could have detrimental consequences for banks, not only because their customers’ data will be compromised and they will lose customer loyalty, but they are usually the first part to be held accountable for unauthorised financial transactions from a user’s bank account.
Even though the Open Banking system was announced in October last year and Introduced in January this year, it has become evident that not a huge amount of the public are yet aware of this new format.
This could lead to a lot of potential threats as consumers could end up giving their information willingly to fraudsters after they have been convinced of rules and regulations that aren’t true.
This could come in the form of phishing emails, cold calls, SMS messages or through social media where fraudsters will imitate a representative of an authorised provider (such as broadband, phone or insurance) and claim that they want to offer you tailored deals which will require your banking details.
This is where they can fabricate any rules and regulations regarding Open Banking that they want, convincing you that your details will be kept entirely safe.
Source: Global Banking and Finance
- Moneybox app announces Open Banking merger with Santander
- The Global Revolution of Open Banking - A Look at Mexico
- Insight: Direct Debit Plus - how Direct Debit can improve and learn from Open Banking initiatives
- New start-up aims to rip up the renting market rule book via Open Banking
- Preventing fraud in an open world