Is Open Banking Really Safe?
In force since January, the Second Payment Services Directive (PSD2), aka Open banking, is a regulation that forces the largest of our banks to open up access to their data; a necessity that could change the way many people and businesses bank. Below Jerry Matthews, Commercial Manager & Head of Bridging at KIS Finance, explains everything you need to know, touching on the risks and opportunities therein, and answering the big question: is it safe?
The Competition and Markets Authority (CMA) has started a revolution which encourages consumers to share their financial data to third-party companies, after years of being told to do the exact opposite.
The Open Banking Implementation Entity (OBIE) was created in response to the UK Government’s request for a fairer, more transparent banking and financial services. Transparent is definitely what they got.
What is Open Banking?
Open Banking is a new system which means customers can allow third party providers, other than their bank, to access their financial information.
These providers can be anything from insurance and mortgage companies to shopping sites, mobile phones and broadband providers.
The main idea is to give consumers more control of their financial information and have access to a wider range of products and services. Customers can allow the company to analyse their spending habits and offer them better deals, tailored to them.
There has been a new change in UK law which means that banks must allow FCA regulated businesses to access a customer’s personal and financial information, but the customer must give their permission first. Customers can give and withdraw permission at any time they choose.
The bank can only prevent the business access, on the customer’s behalf, if they suspect that the company is fraudulent, or not regulated by the FCA.
When will Open Banking Start?
Four of the nine largest UK account providers, Lloyds Banking Group, Nationwide, Allied Irish Bank and Danske are ready to start Opening Banking now.
Six weeks maximum has been given to RBS, HSBC, Barclays and Bank of Ireland by the Competition and Markets Authority (CMA). Santander’s Cater Allen has been given another year to prepare.
In order to integrate the new system smoothly, for the first 6 weeks the banks and companies offering Opening Banking services have been asked to only make it available to a small group of selected customers and to limit the amount of instructions processed.
How Will These Third-Party Providers Gain Access to our Information?
There appears to be two methods as to how your information can be accessed;
API’s: New communication technologies have been developed, Application Programming Interfaces, which are designed with customer security at the forefront. API’s are regularly used by various online tools and mobile apps to provide joined facilities, allowing software from numerous companies to, essentially, ‘talk’ to each other. This way, your information will be securely passed between companies with this technology in place.
Log-In Details: Another method may be that third-party providers will request that you share your online bank log-in details directly with the company. Yes, you read that right. A separate piece of legislation, the Payment Services Directive, will allow some companies to do this.
The company can then log in to your online banking account, like they were you, to access your financial data, such as; transaction history, direct debits and standing orders. This means that the company is likely to be able to access a much larger range of information, so really, the one way to withdraw your permission to this company, for certain, is to change your account password and other security details.
Do you Actually Have to Share your Information?
I am glad to say no, this isn’t mandatory.
The new rules state that banks must allow third-parties access to your information, but you have to explicitly give that company your permission – they can’t just look at your account willy-nilly. There will be an option to either switch on or switch off Open Banking on your account.
Once you have given that company permission, it’s not set in stone either. You can withdraw your permission at any time.
So, there is some security in knowing that this isn’t some sort of new binding contract.
So, what are the Potential Risks with Open Banking?
Current surveys suggest that a majority of consumers are reluctant to hand out personal and financial data. But, with the new system, this behaviour is expected to steadily change over time.
However, this does open up massive risks surrounding data privacy and security.
There are worries concerning the fact that by creating more chains of data access, it will be much harder to prove who was at fault if the customer’s information is stolen, making it harder than it already is to be compensated in these situations.
Not to mention how people handing out personal and financial data is like a gold mine to fraudsters.
To name just one potential scam, fraudsters could easily mimic third-party providers, by copying their choice of contact, to trick people into handing over their data which leaves consumers at risk of losing their money, and potentially, their identity being stolen.
Also, giving a company your bank log-in details with the only secure way of knowing that you have cancelled your permission is by changing your password? This is the main thing that consumers are told to never do, to never hand out your bank log-in details. This leaves your details at huge risk, and something just doesn’t make sense to me.
It is absolutely vital that the industry regulators ensure that consumers are wholly protected from any data breaches if they are to use these services with confidence and trust.
Although I think there is a lot at stake for people who decide to go forwards with Open Banking, I do think, for some people, this could be a way to gain much better control over their finances.
With Open Banking, it could be made easier to assess what type of bank account is best for you by analysing how you actually use it. For example, a lot of people can be unsure of how much their overdraft is costing them, but if a company can see your account, they may be able to provide you with a much clearer perspective and give you cheaper alternatives.
Or, for people who want to save money but are struggling to do so, sharing their data with budgeting companies/apps could help them see where and how they can save money.