‘Banks have more security holes than consumers’… Open banking’ Newcomer risk


Open banking is still very new. In principle, know that the risk of fraud is lower than online payment methods such as credit or debit cards. Does it really exist? What is the potential risk of open banking without traditional banking and payment methods?

‘Banks have more security holes than consumers’… Open banking’ Newcomer risk
Getty Images Bank


Only a few years ago open banking rules were created and implemented in the UK and Europe. The revised Payment Services Directorate (PSD2) EU regulation came into force in 2016 but did not take effect until 2019. Since then, there has been a steady increase in fintech companies (official name TPP (Third Party Provider)) that access financial information through bank customer account approval.

Fintech companies use bank transaction data to help customers establish budgets, apply for loans, manage funds and provide payment services faster and easier than other payment methods. All this thanks to the Open Banking API. The Open Banking API provides a standard transaction data access method and payment protocol for an authorized TTP.

Jack Wilson, head of policy at Open Banking Trusted Service Provider (TSP) and open banking APIs and related services brokerage provider Truelayer, argued that open banking does not increase risk.

“Open banking payments are no more than an overlap of existing payment systems.” Open banking providers make it easier for customers to log in to online banking for payment and initiate payments within the app or on the store’s website instead of direct bank transfer. ”

Wilson stressed that all payments initiated by Open Banking should be strongly authenticated with two types of banking authentication information. If the money goes out without permission, the bank is responsible for refunding the customer. The same is true if the money does not go to the designated recipient.

In addition, according to Wilson, open banking reduces the risk of fraud. Since none of the card information is shared in Open Banking, there is no risk of the card information being stolen and used illegally. Open banking payments already require strong customer authentication (SCA) (a kind of two-factor authentication). From September this year, card issuers will be required to implement the SCA.

Kieran Heinz, the senior banking analyst at Celent, agreed. “In open banking payments, strong customer authentication means the customer has to go through the same authentication route when they login to their bank’s online or mobile service,” he says. It provides a high level of security. ”

On the other hand, “New channels or ways for customers to access their data or initiate payments pose some risk, i.e., it will not be completely eliminated.” Above all, the question is how banks and the industry as a whole will handle these losses.

This is basically something that expands the definition of risk. The risk to the customer seems small as the bank is legally responsible for compensating for the loss caused by the fraud. If so, what are the risks to the bank?

This is an area of ​​interest for Matthias MK Kroner, a global think tank and world leader in global financial services. “The biggest risk right now is banks that are not ready for the digital age. “There are banks that are on a digital journey, but not yet well at digital, which is the biggest risk in the market.”

Kroner noted that there are fraudulent ways associated with APIs, the channel through which open banking transactions take place, but this is not the most worrying. Those APIs are protected by encrypted and signed calls and responses, so there is no reason to do more harm than other online banking policies. He reiterated that banks that are not adapting to the digital age are a very big problem.

These losses vary significantly from region to region around the world. Croner explained that this was due to a different approach to banking regulation. “If you look at Singapore, for example, regulators are asking banks to digitize because we are building a market.” It also monitors the banking customer experience and enables the market to compete through digital ‘beauty contests’. ”

In fact, Singapore is also implementing the ‘Epic Policy’. It is an open space for exchange between young fintech companies and existing financial services firms and sharing knowledge and solutions with each other. “There are two sides to this plan,” Kroner said. On the one hand, it is possible to see if existing companies have their own solutions to any problems and on the other hand, Fintech Innovation actors can reiterate the requirements from existing companies. ”

Singapore is ahead in this way (as you already ess) because it is a small country with no natural resources and no intellectual resources. According to Kroner, Singapore is ahead in banking and related matters and European banks do not stand out.

So what is the problem with European policy? Kroner used Germany as an example. “German regulators want their job not to create a market, but to have careful control to protect German deposits.” I think it’s primarily the job of decision-makers and shareholders to influence the bank’s value proposition. ”

At first glance, this does not seem to be the cause of the accident. However, the source of the Croner accident is not clear ‘. Because in the end, German banks will have to accept open banking, otherwise they will lose their business to competitors.

Therefore, the entry point determines the risk level. “Innocent newcomers are dangerous in terms of cybercrime and fraud,” Croner said.

In fact, there are very understandable points where banks need to focus on their core business and exercise caution in entering new liquid markets until technological maturity is reached.

However, for small banks with a clear business vision and customer base, banking as a service may be the answer. This is because, instead of expanding the product range internally, many other open banking participants can preview the situation with off-the-shelf solutions already tested for security.

The biggest advantage is that it can reduce the risk of ‘newcomers’. On the other hand, when using banking as a service, it is not easy to separate the services and have your own sales proposal.

In summary, the risk of open banking is very small from a customer perspective, but not a bank perspective. Even most dormant banks will sooner or later have to seriously consider the risks of open banking. editor@itworld.co.kr


Source by [ciokorea]

Re Writted By [Baji Infotech]