Open Banking: Promised land or wild west?

Open Banking: Promised land or wild west?

Aniruddha Maheshwari

Payment Consultant at Icon Solutions

Views 1114

Open Banking: Promised land or wild west?

14.06.2019 12:00 pm

Open Banking began on 13 January 2018 with the launch of PSD2. Industry pundits spoke about customers walking through a promised land of meaningful financial insights and competitive products. The new rules make it easier for consumers to compare services and switch to get better deals and more personalised products.

With the younger generation’s willingness to switch to an online-only bank, surely challengers would try to snap up customers. In turn, it was an opportunity for traditional banks to play to the advantages they already hold over their digital rivals.

Yet the big day came and went with less than a whimper. Only three large banks were ready with APIs on the 13th January. At the same time, institutions are concerned about a lack of consistent standards and question marks remain about data security and liabilities.

This raises a question: is Open Banking a promised land or wild west?

Welcome to banking’s wild west?

One of the biggest issues around Open Banking/PSD2 has been the nature of the technical standards and key areas where standards do not exist at all. The problem here has been a lack of alignment between the European Commission (who lays out the broad direction) and European Banking Authority (which specifies and ratifies these standards). Due to differing views from each body, the standards aren’t really standards, they’re more guidelines with significant room for interpretation.

For example, on SCA the EBA has set a particularly high bar for use of authentication elements categorised as “inherence”. While devices and software provided to the payer to read “inherence” elements must possess security features (e.g. biometric sensors), these features must:
1. Guarantee "sufficiently low likelihood of an unauthorised third party being authenticated as the legitimate payment service user";
2. Guarantee "resistance against unauthorised use of the elements" through access to the relevant device and software.

There is currently no guidance on the meaning of "sufficiently low likelihood or "resistance"

With much open to interpretation and most merchants unable to penetrate the payments jargon, many expect merchants to implement full two-factor authentication from deadline. And thus, there is a danger that the first-time consumers really hear about Open Banking will be when they can’t buy with one-click at Christmas. And they’ll need to authorise third parties to access their account by providing log-in details, despite 10 years of online banking guidance advising the contrary.

Confused? Probably not what the regulators envisioned when devising PSD2 at the outset.

There is also a distinct lack of guidelines on permissions and consent for consumers granting access to third parties. While TTPs should be FCA authorised, consumers may not be able to easily differentiate between those that are and those that aren’t without checking the official roster.

This raises the question of what happens if an unauthorised transaction is processed. In theory, it should be relatively simple. If the bank is at fault, they refund the consumer. If the TPP is liable they must indemnify the bank immediately. Problems will arise, however, if neither the bank nor TPP accepts liability. How does this get resolved successfully for the consumer?

Open Banking also raises concern around data sharing and security. TPPs run their own security controls and are now responsible for securely protecting any shared personal/account related data they process, requiring rigorous audit and security checks. Increasingly tokens are being used to encrypt data as well as verify identities but their ‘pass-key’ nature also makes them a particularly attractive target for cyber criminals. Attackers can replay the same token, in more than one transaction and in different time periods, to gain unauthorised access to account details.

Open Banking own goals

These issues are compounded by many banks’ lukewarm embrace of Open Banking. For example, some banks are reluctant to promote Open Banking as that naturally leads to using TPPs, many of which could be direct competitors. They are anxious that new digital banks, with superior UXs, will begin to look attractive when side by side with legacy-constrained offerings. Compounding this is uncertainty over the impact of Open Banking combined with real-time payments. Given the subscription model economics and lack of interchange fees, this could lead to double disruption as account-based payments become more attractive than card-based payments. With profit margins on payments already wafer thin, a deluge of demand may tip already profit-poor payments into a major cost-centre for banks. And, for those banks who have yet to re-architect, high micropayment volumes particularly at peak times could seriously impact operational resilience.

With Ovum recently announcing that “banks must now serve a whole new customer segment: developers” to succeed in the Open Banking era, APIs should be at the very top of banks’ lists. Unfortunately, PSD2 guidelines have allowed banks to implement APIs differently. TPPs and Account Information Service Providers (AISPs), are unable to connect to multiple banks with a single API so they must support additional API types. This in effect creates a technical firewall for TPPs restricting service innovation.

As these practical compromises eat away at the promise of Open Banking, the industry could find itself facing a period of chaos, where rather than building a collaborative ecosystem, players face continual battles to seize ownership and stake their claims on customer accounts. With the lack of clear and distinct ‘laws’, this ‘wild west’ of financing, could tempt some banks to put their technical and marketing power behind restricting TPPs access and limiting their appeal. In this way, taking minimal effort, ‘compliance-only’ approach to PSD2 and open banking regulations.

Winners will own customers, not accounts

With Open Banking, accounts could soon be relegated to the role of “where the salary goes”. These fund-hubs would link to other third-party accounts where all the exciting services happen. This may even precipitate something of an arms race in the industry, as banks look to offer an array of API-based products so that third-parties can deliver new service experiences. Thankfully, there is a large and growing number of banks that see Open Banking as integral to their strategy. These banks understand that trying to inhibit access to customer accounts is a race to the bottom. It will be the institute that uses Open Banking data combined with other data sets to offer insights, offers and utility that inspires loyalty who will win out. But most importantly, these banks appreciate that to succeed, they don’t need to own the account, only the customer. Unless they do, we’ll continue to sleepwalk into the wild west and not the promised land of Open Banking.

Latest blogs

Alex Malyshev

The Biggest Danger to Branchless Banking

With a third of the global population on lockdown and scores of bank branches closed, many are convinced that branch banking is dead, and the future is branchless. Is this really true? Branchless alternatives like Revolut, N26, Monzo, and NuBank Read more »

Dima Feldman Altair Semiconductor, a Sony Group Company

Constantly tracking anything, anywhere

The internet of things is changing the shape of many businesses. Not only does the IoT herald in greater visibility of production asset effectiveness, improve operational efficiencies, and facilitate more informed decision making, it is also Read more »

Francesca Campanelli Axyon AI

How Fund Managers Can Use AI to Retain Current Investors and Rebuild Client Confidence

After months of market volatility and challenging conditions, fund managers are starting to see a light at the end of the Covid-19 tunnel. Countries are starting to relax their lockdown measures and restart economies, with stock markets reacting Read more »

N/A ReliaMax

College Dreams? Here’s How to Get Accepted

Higher education in the United States is not just about getting accepted, it is about where you get accepted. Sure, there are options, there are seemingly endless options - from community colleges to Ivy League schools and everything in between. The Read more »

Bobby Gill GCWealth

Bobby Gill: 3 Ways Fintech is Helping Small Businesses During the Pandemic

Image Source: Pixabay. Back in April, the US oil prices sank to a 20-year low. In the UK, road traffic levels hit a 70-year low. Worldwide, due to lockdown, retail, travel, and restaurant bookings have dropped by 85%. More than 430 million Read more »

Related Blogs

Simon Cureton Funding Options

Open Banking: Exceptional times call for SME lending shake-up

Following an initial backlash in response to the Treasury’s distribution of its support package from the SME community, the government has since expanded its Coronavirus Business Interruption Loans Scheme (CBILS) and Bounce Back Loan Scheme (BBLS) Read more »

Bill Wrest Gresham Technologies

The Connectivity Conundrum: Why Build, Who Builds and Who Pays?

One of the many effects of globalisation has been the proliferation of connections between corporates and banks. As corporates have responded to global opportunities in both sales and sourcing, their banking relationship needs have grown in tandem. Read more »

Rahul Singh HCL Technologies

Democratising Financial Data Through Open Banking

While it’s difficult to overlook the importance of data in today’s financial services landscape, many banks are still grappling with the question of how to mine, evaluate and use it. Banks have historically struggled to get value from data, seeing Read more »

Jan Erwin Thomas Deposit Solutions

Why the Future of Open Banking Belongs to Platforms

The platform economy is revolutionising the $50bn global deposits business. By separating the product provider and financial point of sale, banks can now choose whether they want to collect deposits for financing or offer deposits as a product, Read more »

Todd Clyde Token

Open banking connectivity: the outlook is better than you think

You have probably seen the headlines about banks not being ready for PSD2 – as the deadline approached and then passed, they were hard to miss. While it is true that less than 50% of banks have met all of the requirements mandated by the EU Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel