How Will the Cambridge Analytica Scandal Impact Open Banking?
The Cambridge Analytica revelations have put the issue of data privacy front and centre in the minds of consumers, policy-makers and businesses. Facebook has taken up much of the media’s attention but with other recent and notable data breaches involving many millions of customer credentials, companies are being scrutinised for their data-handling practices like never before. Below Finance Monthly gains expert insight from Nick Caley, VP of Financial Services and Regulatory at ForgeRock, who delves deep into the implications of the data scandal on open banking.
In this era of heightened privacy awareness, it’s clear that there will be implications for businesses across all sectors.
This all raises significant questions for the financial sector. At a time when the banking industry is seeking to open up and encourage data sharing as part of the Open Banking initiative how should banks react to growing concerns from consumers about the risks and realities of online data sharing?
Firstly, UK banks need to prepare for their data management capabilities to be put under extra scrutiny. Banks are already well underway with their preparations for the EU General Data Protection Regulation, which comes into effect in May, and this provides them a solid foundation to work from.
However, the flurry of headlines around data protection and privacy will certainly make consumers more nervous about how and where their data is being used and, as a result, banks must be extra vigilant in order to maintain and grow customers’ trust.
For those already familiar with these issues, the reaction to the Cambridge Analytica story will not have come as a surprise. In a survey commissioned by ForgeRock before the Facebook revelations, only a third (36%) of UK consumers said they would be happy to share data in order to get a more personalised service. Yet over half (53%) said they would not be comfortable for their personal information to be shared with a third party under any circumstances at all. At the same time,
57% of UK consumers said they were worried about how much personal data they have shared online and 63% admitted that they know little or nothing about their rights regarding their own data.
Although this presents a challenge, incumbent banks do hold a considerable advantage over fintech companies and challenger banks when it comes to asking customers to share data: they are already trusted entities with a long track record of safely storing and managing customer data. As such, the demands of securing API access to high value customer data has been the focus of most Bank’s security teams for years. Investment in security expertise, well defined security operations and the latest technologies being tested ‘under fire’ and ‘at scale’ on a continuous basis lead to much greater levels of assurance. Standards such as OAuth 2, Open ID Connect and User Managed Access, which authenticate and authorize only trusted third parties, reinforce this access control model.
Our research shows that consumers do tend to trust banks and financial services companies to handle their personal data responsibly, especially when compared to more digitally native companies. ForgeRock’s survey found that banks and credit card companies were amongst the most trusted holders of personal data, with over 80% of UK consumers saying they trusted banks and credit card companies to store and use their data responsibly. In comparison, just 63% said they would trust social networks with the same data. This is very positive news for the UK banking sector particularly at a time when Open Banking is set to unleash a new wave of competition from digital-first competitors.
Why are banks considered trustworthy? Our research revealed a clear correlation between how in control of their data consumers feel, and how much they trust companies. Banks and credit card companies were ranked among the organisations that gave users most control over their data. This suggests that, particularly at a time when attention is being paid to data policies and privacy controls, banks must continue to invest in systems and processes that put control over data firmly in the hands of users.
The management of customer consent must be central to this strategy as it will only be possible to maintain and build trust if customers know they can turn data sharing on and off at their convenience. Putting consumers more in control of their data through consent and giving users transparency and control over how and under what circumstances their information can be used will allow banks to not only ensure compliance with Open Banking and GDPR, but also establish a basis on which they can build trusted relationships with their customers. They will then be well-placed to offer additional, more personalised services to their existing customers, allowing them to add valuable real time, context-based insights and offers for users, that in turn will create new revenue opportunities.
The Cambridge Analytica scandal combined with the regulatory changes that GDPR and Open Banking will bring appears to mark a turning point in how businesses approach issues around data sharing. The good news for banks is that they are already starting from a strong position as trusted holder of personal data. They now have a real opportunity to build on this and become true leaders in the next era of digital finance - by giving customers greater visibility, choice and control over their own data.