Open Banking: Promised land or wild west?

Open Banking: Promised land or wild west?

Aniruddha Maheshwari

Payment Consultant at Icon Solutions

Views 789

Open Banking: Promised land or wild west?

14.06.2019 12:00 pm

Open Banking began on 13 January 2018 with the launch of PSD2. Industry pundits spoke about customers walking through a promised land of meaningful financial insights and competitive products. The new rules make it easier for consumers to compare services and switch to get better deals and more personalised products.

With the younger generation’s willingness to switch to an online-only bank, surely challengers would try to snap up customers. In turn, it was an opportunity for traditional banks to play to the advantages they already hold over their digital rivals.

Yet the big day came and went with less than a whimper. Only three large banks were ready with APIs on the 13th January. At the same time, institutions are concerned about a lack of consistent standards and question marks remain about data security and liabilities.

This raises a question: is Open Banking a promised land or wild west?

Welcome to banking’s wild west?

One of the biggest issues around Open Banking/PSD2 has been the nature of the technical standards and key areas where standards do not exist at all. The problem here has been a lack of alignment between the European Commission (who lays out the broad direction) and European Banking Authority (which specifies and ratifies these standards). Due to differing views from each body, the standards aren’t really standards, they’re more guidelines with significant room for interpretation.

For example, on SCA the EBA has set a particularly high bar for use of authentication elements categorised as “inherence”. While devices and software provided to the payer to read “inherence” elements must possess security features (e.g. biometric sensors), these features must:
1. Guarantee "sufficiently low likelihood of an unauthorised third party being authenticated as the legitimate payment service user";
2. Guarantee "resistance against unauthorised use of the elements" through access to the relevant device and software.

There is currently no guidance on the meaning of "sufficiently low likelihood or "resistance"

With much open to interpretation and most merchants unable to penetrate the payments jargon, many expect merchants to implement full two-factor authentication from deadline. And thus, there is a danger that the first-time consumers really hear about Open Banking will be when they can’t buy with one-click at Christmas. And they’ll need to authorise third parties to access their account by providing log-in details, despite 10 years of online banking guidance advising the contrary.

Confused? Probably not what the regulators envisioned when devising PSD2 at the outset.

There is also a distinct lack of guidelines on permissions and consent for consumers granting access to third parties. While TTPs should be FCA authorised, consumers may not be able to easily differentiate between those that are and those that aren’t without checking the official roster.

This raises the question of what happens if an unauthorised transaction is processed. In theory, it should be relatively simple. If the bank is at fault, they refund the consumer. If the TPP is liable they must indemnify the bank immediately. Problems will arise, however, if neither the bank nor TPP accepts liability. How does this get resolved successfully for the consumer?

Open Banking also raises concern around data sharing and security. TPPs run their own security controls and are now responsible for securely protecting any shared personal/account related data they process, requiring rigorous audit and security checks. Increasingly tokens are being used to encrypt data as well as verify identities but their ‘pass-key’ nature also makes them a particularly attractive target for cyber criminals. Attackers can replay the same token, in more than one transaction and in different time periods, to gain unauthorised access to account details.

Open Banking own goals

These issues are compounded by many banks’ lukewarm embrace of Open Banking. For example, some banks are reluctant to promote Open Banking as that naturally leads to using TPPs, many of which could be direct competitors. They are anxious that new digital banks, with superior UXs, will begin to look attractive when side by side with legacy-constrained offerings. Compounding this is uncertainty over the impact of Open Banking combined with real-time payments. Given the subscription model economics and lack of interchange fees, this could lead to double disruption as account-based payments become more attractive than card-based payments. With profit margins on payments already wafer thin, a deluge of demand may tip already profit-poor payments into a major cost-centre for banks. And, for those banks who have yet to re-architect, high micropayment volumes particularly at peak times could seriously impact operational resilience.

With Ovum recently announcing that “banks must now serve a whole new customer segment: developers” to succeed in the Open Banking era, APIs should be at the very top of banks’ lists. Unfortunately, PSD2 guidelines have allowed banks to implement APIs differently. TPPs and Account Information Service Providers (AISPs), are unable to connect to multiple banks with a single API so they must support additional API types. This in effect creates a technical firewall for TPPs restricting service innovation.

As these practical compromises eat away at the promise of Open Banking, the industry could find itself facing a period of chaos, where rather than building a collaborative ecosystem, players face continual battles to seize ownership and stake their claims on customer accounts. With the lack of clear and distinct ‘laws’, this ‘wild west’ of financing, could tempt some banks to put their technical and marketing power behind restricting TPPs access and limiting their appeal. In this way, taking minimal effort, ‘compliance-only’ approach to PSD2 and open banking regulations.

Winners will own customers, not accounts

With Open Banking, accounts could soon be relegated to the role of “where the salary goes”. These fund-hubs would link to other third-party accounts where all the exciting services happen. This may even precipitate something of an arms race in the industry, as banks look to offer an array of API-based products so that third-parties can deliver new service experiences. Thankfully, there is a large and growing number of banks that see Open Banking as integral to their strategy. These banks understand that trying to inhibit access to customer accounts is a race to the bottom. It will be the institute that uses Open Banking data combined with other data sets to offer insights, offers and utility that inspires loyalty who will win out. But most importantly, these banks appreciate that to succeed, they don’t need to own the account, only the customer. Unless they do, we’ll continue to sleepwalk into the wild west and not the promised land of Open Banking.

Latest blogs

John Jannes IHS Markit

Best Execution in the US: Three Things Broker-Dealers Need to Think About​

As we head into 2020, US broker-dealers are preparing for new mandates on how they report transactions back to customers. The requirements – established by the Securities and Exchange Commission’s (SEC) updates to Rule 606 – aim to bring investors Read more »

Nish Kotecha Finboot

Blockchain’s role in energy supply chains and the fight against climate change

Two topics dominated September’s UN General Assembly, at times provoking fiery debate. World leaders gathered in New York amid simmering tensions in the Middle East. The recent attacks on key Saudi Arabian oil facilities prompted questions about how Read more »

Denis Novikov Qulix Systems

How Can Digital Customer Onboarding in Banks Increase Sales and Build Loyalty?

While banking product portfolios tend to become similar, banks must select between 2 most popular strategies (or combine them): to compete in pricing or to focus on customer experience improvement.  If you prefer the first strategy, you may skip Read more »

Nick Ogden Worldpay

Worldpay founder Nick Ogden tops Payments Power 10 and other highlights from PayExpo 2019

Last week, fintech, banking, retail and gaming professionals attended the UK’s largest payments event, PayExpo 2019. Event attendees visited a series of conference sessions, debates and networking opportunities – and start-ups had the chance to Read more »

Lina Andolf-Orup Fingerprints

Finger on the pulse! The Countdown to 2020 has Begun

With 2020 in sight, now is the perfect time to pause and reflect on the past three months and see how the world of biometrics has evolved since our last update. With everything from high profile announcements to some news you may not have heard, Q3 Read more »

Related Blogs

Teresa Affinito W2 Global Data

The UK Operators Need An Open Banking Strategy

Following on from the earlier article on Open Banking (What does Open Banking mean for Gaming Operators?), here is the second of the three pieces; some further considerations on the operational impacts should a Gaming operator embrace the benefits Read more »

Nikhil Sengupta Five Degrees

For UK banks to survive they need to find their place in the FinTech ecosystem

“Over the last decade, we are seeing a transition from traditional banking offerings to an inter-connected web of banking and financial service providers, with technology at its core. “A 2016 report conducted by Capgemini and LinkedIn of 8,000 Read more »

Brian Hanrahan Nuapay

Open Banking: The European Challenge

A common belief in the financial services industry is that traditional banks are under fierce threat from challenger banks, fintechs and global tech corporations, alike. With competition growing by the day, take Facebook’s recent Libra announcement Read more »

Reza Rahmani Fard FIME

Beyond PSD2: Being proactive in the age of open banking

Open banking isn’t just a European pursuit. For those under PSD2 - the European regulation mandating banks to open-up their back-end to third-parties – the urgency to deliver these services is clear. But players further afield shouldn’t avoid Read more »

Satya Swarup Das Virtusa

Open Banking: What’s now and next?

It has been around one and a half years since the real open banking journey started, with the UK taking the lead. Open banking is boldness and flexibility. For ages, the financial data of customers were close to the chest for banks and customers did Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel