Open Banking has dramatically changed the way people and businesses manage their money, leading the democratization of the financial services market. Traditionally, a select group of major banks have controlled all the financial data of their customers, making it difficult for new, innovative fintech and financial services providers to break into the market. Now, Open Banking is putting the power of financial data back into users’ hands, transforming the financial services industry as we know it. Popular apps like Venmo, Mint and SoFi show the value Open Banking can bring to consumers when they can more easily manage and transfer funds.
Due to the opportunities that Open Banking offers today, there is an influx of software startups founded with the purpose of creating new digital banking apps. Traditional banks are also developing easy-to-use banking solutions to keep up with consumer demand. However, companies in the financial services industry must adhere to complex security standards and strict regulatory compliance requirements in order to be successful at providing Open Banking enabled apps and services. To meet these regulations, one of the most critical requirements of secure Open Banking is customer consent.
Open Banking: How It Works
Open Banking is a system where users’ personal and business data can be shared between applications and banks at their request, giving easy access to financial products that save time and money. The Open Banking revolution started when new regulations, such as Open Banking Europe (OBE), were formed in 2017 with the goal of fostering innovation, competition, and efficiency to increase consumer choice and enhance security for online payments. Following that, the Financial Data Exchange (FDX) in the U.S. created a consortium of providers around a common standard for secure access to financial data.
With Open Banking platforms, users can have a holistic view of their financials across different banks, move those funds around at-will, make payments and find deals on loans, term deposits, lines of credit and more. None of this would be possible without Application Programming Interfaces (APIs), which allow data to flow between users, applications, and service providers in a safe, secure way. Open APIs allow developers and service providers to aggregate all this information and present it in a simple and easy-to-navigate user interface. For example, imagine an “Expedia of Finance” that lists all the best loan deals based on a user’s credit score. The big challenge for Open Banking is that the security of this information is much more sensitive than Expedia’s flight details.
To ensure that consumer data remains secure in these data-sharing Open Banking systems, the API must meet strict standards for authentication and consent management. Before someone logs into their Open Banking apps, it is important that apps confirm the identity of the user and the context for accessing the data. Secure, context-driven authorization includes: Who are they? Where are they located? What time are they requesting access? What data are they authorized to access? What kind of device are they operating from? The answers to these questions determine the type of services that are available at that point in the transaction. That context…changes everything!
Consent Management is Key
Since Open Banking provides third-party service providers open access to consumer personally identifiable information (PII), transactions and other sensitive data, one of the most critical requirements of Open Banking is customer consent management. Customer consent is the bedrock of building trust between a user and an organization. To build this trust, Open Banking APIs must allow customers to decide what data is being shared and with whom. For instance, your entire user profile might be shared with their main bank, but only your UID (unique identifier) and one specific transaction are shared for a singular usage with a credit review agency. This keeps personal data from being unnecessarily shared with third parties or across geographies.
Open Banking apps must rigorously support the ability for customers to manage their consent, starting at the API level. APIs with strong consent guardrails and authentication give consumers the highest level of security and builds trust across the whole Open Banking ecosystem. Consumers need to be able to trust that the app is treating their privacy and data with the utmost respect and providing real-time logs of how, when, where and why certain data was shared.
Secure, Accessible Financial Services for All
Before Open Banking, third-party service providers such as Mint from Intuit required customer credentials for each account and built a custom integration with each institution. This typically involved some sort of screen-scraping of the website’s HTML code. Open Banking solves this problem by providing developers with API-based integrations that will not break with webpage redesign and uses consent to ensure that customer data and other information shared with third-party companies remains private and secure. With Open Banking, financial services apps are now available to a wider userbase and provides these essential services to people that would not normally have access to a bank.