As we close out 2016 and welcome 2017 as a year fresh with promise, it’s impossible to ignore the fact that Europe’s new revised Payments Services Directive (PSD2) is a reality that still looms large and uncertain in our future.
Even if passporting isn’t negotiated as part of Brexit and as a result PSD2 doesn’t come to fruition (a distinct possibility), open banking is nonetheless here to stay. Frankly, it’s about time – the industry is long overdue for a more competitive environment. Open banking will encourage exactly the type of innovation necessary to stimulate the development of new business models, as well as a wide range of new banking services.
But are banks really ready for all of the ramifications that open banking brings? In many cases, the answer is a resounding ‘no’ – although not for the reasons you’d think.
While everyone has been talking ad nauseam about the innovation and competition aspects of open banking, one critical impact has been notably absent from the majority of discussions, and that’s security.
Open banking throws the doors wide open to sensitive, valuable customer data and payment infrastructure. It’s easy to overlook the security implications of that fact when access is only being granted to appropriately regulated organisations, but let’s be realistic. The industry is already in an arms race with hackers, fending off attacks of every conceivable type. Who knows what kind of havoc can be wrought with free access to customer data and an open payment infrastructure; things we couldn’t even imagine. There’s already been talk about the risks of fraudulent third-party providers (TPPs) – what next?
Convenience versus security
In fairness, one of the main goals of open banking is actually to increase the security of payments. PSD2 specifically includes key security considerations, such as mandatory use of two-factor authentication; security incident reporting to both regulators and customers; as well as mandatory security assessment reporting to regulators that addresses security measures and their effectiveness.
All this provides some level of reassurance, but it certainly doesn’t relieve banks of the responsibility of making sure that their systems are properly secured against the potential barrage of inventive new attacks that could come – for example implementing behaviour monitoring technology to ensure that incidents of fraud can be identified and stopped before doing any damage.
There’s no question that open banking will change the payments industry as we know it, promoting innovation and driving competition like never before. It will make payments easier than ever. But convenience shouldn’t come at the price of security. Banks need to seriously consider the security threats of open banking – and they need to prepare for those threats now, before it’s too late.
* For more on PSD2, click here.
While many still think the banking sector is characterised by legacy systems and lack of innovation, this could not be further from the truth. 2018 marks the year when a multitude of external factors will shake up the industry once and for all and reinvent the way people bank. Inevitably, this presents a threat, but also an opportunity.
The Indo-US trade corridor is expected to grow to $500 billion by 2025. Currently, the two-way merchandise trade between these two countries is at $66.7 billion.
The global economy has seen about eight years of growth, but we are starting to see the end of this which is triggering some volatility in global markets, Stefan Bielmeier, DZ Bank, argued in his keynote speech at the Bellin annual 1TC conference. Other speakers discussed blockchain, cyber crime and netting.
A series of governments are now very worried about the idea of bitcoin and these currencies because customers would be able to make sustainable ongoing transactions and payments without having to ever introduce the use of a typical financial model or banking system. To combat this potential threat, several countries including major central banks like the Bank of England and the Bank of Israel will be launching their own version of a cryptocurrency. This could bring big advantages to customers.