When it began operating in the United Kingdom in mid-January, open banking captured the attention of financial markets around the world. Pressure is now growing to adopt a similar strategy in Australia.
At its heart, open banking involves large, established banks opening their customer data to others. The logic is that, armed with this valuable core data, new fintech firms will be able to offer a range of new products to customers.
As well as improving choice, this should facilitate improved levels of competition within the financial sector.
In Australia, moves to adopt an open banking framework are gathering pace. In February, the final report of the Australian Open Banking Review was released.
This report detailed recommendations for the regulatory framework within which an open banking system could operate.
Security is critical
Naturally, one of the most important components of any open banking system is data security.
Once personal financial records are taken out of a bank’s core systems and shared with external parties, ensuring they remain protected at all times is vital.
The open banking regime recommends that Australia copy the UK approach to security.
This involves the use of carefully constructed APIs to allow access to data and two-factor authentication to restrict this access to approved parties.
The security model designed for the UK market appears to be very robust and up to this task.
It avoids the creation of a central ‘clearing house’ for data which could become an attractive target for cyber criminals.
Instead, data transactions happen between the individual financial firms involved in the open banking system.
The Privacy Factor
While effective security is a fundamental factor for any successful open banking system, individual privacy is just as important.
People need to be comfortable their personal data will not end up in the hands of unauthorised parties.
While this attitude is held by the vast majority of people, many are often not aware of how and when they are granting control of access to third parties.
On one hand, people will say that privacy is very important to them, but, on the other hand, are happy to give away access to all the information in their mobile phone or Facebook profile to a free app that offers a quick-fix of entertainment.
Another concern is that many people appear not to understand just how much can be inferred from aggregated data. If an organisation can source financial data from one source and match it with data from other sources, a surprisingly accurate picture of an individual can be created.
For example, perhaps an individual starts to undertake more transactions at their local pharmacy just after paying for the services of an obstetrician.
In this scenario, the value of their internet ‘clicks’ for online advertisers has just increased significantly.
Alternatively, perhaps aggregated transaction data shows that another person has been making hotel room bookings in the city in which they live, while also having an active subscription to the Ashley Madison dating service. The implications for privacy are clear.
Control of data
Keeping control of personal data in the individual’s hands remains essential, but they need to be educated on what it means when they willingly give this control to third parties.
Unfortunately, most people tend to approve permission requests on their mobile phone without actually reading them, or don’t even realise they are granting applications access to Facebook data when they use the “Login with Facebook” feature to access other sites and services.
Access to an interesting website or online service is temporary, but data access is permanent.
Once someone has given an organisation access to their data, that organisation potentially now has their entire online history. Even after access is revoked, there is no guarantee that the data collected will destroyed.
Overall, the concept of open banking is a powerful one and brings with it the potential to significantly change the way many people manage their financial affairs.
Also, the technology platform on which the system will be built is very likely to be mature and secure.
However, end users need to be much more aware of the associated privacy issues that may result from opening up access to personal data.
A thorough understanding of the implications in play is vital before open banking is embraced in Australia.
People Centric Security Webinar
Human factors can demolish your cyber-security defences at any time but, if you understand these new threats, you can defeat them, well before a siren sounds. Join this webinar session as we will pinpoint which cyber-sec tools give you the best defence against these attacks.