Open Banking

Publish date:

For those who don’t know, the world of banking will be changing quietly from the start of 2018.

An organization called the Competition and Markets Authority (CMA), a non-ministerial government department in the UK responsible for strengthening business competition, has mandated that technology be used to give people greater control over their money. One method of this is via Open Banking, where banking is to be conducted in an open modular style, using open source technologies. This means that the nine largest current account providers (known as the CMA-9) will be mandated to make available to authorized third parties the following:

  • Standardised product and reference data (such as ATM locations) by March 31, 2017
  • Secure access to specific current accounts in order to read the transaction data and initiate payments (by January 2018)—with customer consent.

This involves the creation of secure APIs by the banks that will be able to perform these activities on your account. This will allow third-party providers, such as FinTech companies, to be able to write applications that consume these APIs and perform these financial transactions on your account.

Open Banking

Now, I tend to look at such technological developments with two hats on. First, as an Identity and Access Management professional, I look at the security elements. The security around open banking uses the concept of consent, that of delegating authority to perform actions on our accounts to a third party. OAuth2 is a type of authorization protocol used here: it is successfully incorporated into applications such as Facebook to provide delegated authorization. I myself have configured its use within, for example, ForgeRock’s Access Management product OpenAM. I have also worked on an Open Banking project and have been involved in working groups involving the CMA-9, so I know that far greater intellects than mine are involved in making this a success (which should make people sleep a little easier).

But as a consumer, when it comes to technology in my day-to-day life, I tend to be something of a late adopter. This naturally identifies me as being someone who is more risk-averse. That is doubly evident when it comes to my finances. So much of security is based on digital trust (in SAML terms, the exchange of identifying metadata between two parties.) However, outside the digital world, trust is difficult to establish and easy to lose. We rely on our gut instinct, or research, or maybe word of mouth to make important decisions. Therefore, if I see a consent page saying something along the lines of:

“Payment App by Honest John’s Fintech Co. would like permission to make a payment from your bank account on your behalf.

Accept/Decline?”

My first instinct, in this case, is to close the window and reach for my credit card to make the transaction. At least, in that case, I will know the parties accountable for making the end-to-end transaction and who is responsible if there is a problem. What if (with my tech head on) this is a man-in-the-middle attack, and I’m about to hand my banking details to a malevolent third party?

Regardless of the plans of the CMA-9 and associated working parties to open up banking to third-party providers, I believe it will take more of a concerted effort to convince the general public that open banking will be safe, secure and fit for purpose. I am looking forward to hearing more on this subject from the government in the coming months.

References:

The Open Banking Initiative

Open Banking and the CMA remedies for retail banking

Open Banking revolution moves closer

 

Related Posts

banking

Are you ready for data-driven banking?

Rick Vermeer
Date icon December 7, 2018

Data makes the money go around: three reasons why banks should invest more in data now.

Cloud Security

Cloud security is not too different

Roy Samson
Date icon August 13, 2018

Take a closer look at your current security options before investing in new ones.

automation

Financial firms leverage automation to improve both their top and bottom lines

Cliff Evans
Date icon August 10, 2018

These days, commercial banks are enthusiastically investing in automation to gain a...

cookies.

By continuing to navigate on this website, you accept the use of cookies.

For more information and to change the setting of cookies on your computer, please read our Privacy Policy.

Close

Close cookie information