Magazine article American Banker

Open Banking Is Inevitable. Let's Rethink Data Security, Too

Magazine article American Banker

Open Banking Is Inevitable. Let's Rethink Data Security, Too

Article excerpt

Byline: Kevin Paul Murphy

The move to the digital marketplace is no longer aspirational but inevitable for the modern financial enterprise. It is now more accurate to describe a bank as a technology company. But the change in identity means banks must adjust the way they ensure the security of their enterprise.

The regulators in the U.K. and Europe provide the best indication of the future banking landscape. The U.K.'s Competition Market Authority and the European Banking Authority have been at the forefront of leading banks into the era of open banking. The European Union's PSD2 (the revised Payment Service Directive) is the most prominent policy move encouraging open banking, with a compliance date of January 2018. Similar moves are expected by the regulators in the United States and Asia.

The objective of open banking is to increase the level of choice available to customers and to drive competition through the use of application programming interfaces -- technology that lets third parties access customer transactional data that has traditionally been secured by a bank.

The opportunities for the customer are endless based on their payment history alone -- for example, notifications of cheaper energy suppliers, mortgages and groceries could all occur. The opportunities for banks are less well defined but still real. The immediate challenge is to develop app-based services that can make the most of this environment. This will inevitably involve banks working with third parties that wish to gain access to customer accounts. But for those banks that provide easy integration for third parties, it is clear they will attract more customers and new revenue models.

Success in open banking will be dictated by which banks maximize API integration with third parties. But this open approach to banking has its limits too.

Its maxims may not translate well to cybersecurity in an API environment where, by definition, there will be more points of entry for potential attackers. Legislation such as PSD2 has mandated third parties will have to meet certain operational and security requirements before being authorized to obtain data. While this affords some protection, it is also clear banks will need to reassess their own security posture before fully embracing open banking. Therefore, the top five security considerations for banks entering open banking include:

API governance: It is likely there will be a massive rush in API creation and collaboration with third parties. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.