But dampening sentiment were discussions on ‘data protection’ and ‘cybersecurity’ concerns, which accounted for 48% of all negative posts worldwide, as consumers worry about the potential for fraud and the misuse of their data by third parties.
One consumer noted that: “This new open banking scheme bothers me a little. The idea of allowing multiple businesses access to my details increases the chances of fraud.”
While another said, "This open banking idea is one of the most ill-thought out things I have ever heard. It will give third parties more access to your bank account and if things go wrong, you'll be liable. This serves banks, not customers.”
These comments highlight legitimate concerns, in that more firms handling customer data could increase their exposure to fraud if the ecosystem is not managed properly. But they also reflect misperceptions, in that most regulators do not intend that the liability for fraudulent or unauthorized transactions will be borne by customers and, rather than serving the industry, open banking is primarily about better serving the customer.
So, how do providers in the open banking ecosystem persuade consumers with neutral sentiment, as well as convincing those with negative sentiment, to get over the trust threshold to drive adoption?
Three ways to overcome the consumer trust threshold
To elevate consumer trust, banks, regulators, FinTechs and others will need to help ensure that progress is made in three key areas:
- Cyber protection: Using more sophisticated digital tools and techniques to keep consumers’ data safe.
- Regulatory protection: Embedding a framework with sufficient consumer safeguards, including rights to recourse and penalties for any providers that contribute to causing damage against consumers.
- Adding value: Providing open banking services that consumers feel support them in achieving their goals.
Open banking models will distribute risks more broadly, but the technologies to strengthen cybersecurity are evolving all the time too. If banks and third-party providers (TPPs) can embrace new security solutions in the right way they can create a secure ecosystem.
For instance, advances in artificial intelligence are already enabling better identity validation and authentication in payments, and more effective monitoring of suspicious and fraudulent activity. These tools will help to secure the open banking ecosystem. Indeed, the UK’s Open Banking Implementation Entity (OBIE) is assessing machine-based learning and behavioral analytics tools to help monitor fraud risk.
Shared intelligence will be important in fraud prevention too. If Account Servicing Payment Service Providers (ASPSPs) and TPPs can work together to share information on anomalies, fraud or data breaches in real-time, it will help to minimize the impact on the end customer and protect the integrity of the ecosystem.
Regulators globally have taken vastly different approaches on open banking policy and implementation to date — and many have work to do to put the necessary consumer safeguards in place.
In some markets, regulators are stipulating that firms must meet certain thresholds if they want to participate in some open banking activities. In the UK for example, businesses that provide payment initiation services must be authorized by the Financial Conduct Authority, maintain a minimum of €50,000 in initial capital (or higher if they provide certain other payment services) and must hold professional indemnity insurance. For account information service providers, there is an option to become registered, but presently, it is only voluntary.
While the UK is creating a customized, targeted approach to open banking, other markets are tackling related regulatory change in a different way. Singapore, for instance, is looking to consolidate existing legislation into a new combined regulatory framework. The Monetary Authority of Singapore (MAS) has said that, “A more calibrated regulatory regime, applied on an activity basis to payment service providers, rather than specific payment systems, would allow the MAS to better address specific issues, such as consumer protection, access and corporate governance.”
Whichever approach is taken, the knowledge that participants in open banking ecosystems are being effectively vetted and monitored will be important in providing consumers with peace of mind.
Implementing the right protective mechanisms for consumers that suffer losses is critical too. The payment initiation access granted to TPPs may complicate the issue of liability between banks and TPPs where an unauthorised transaction occurs, but this cannot be allowed to affect the customer. From the customers’ perspective, the status quo should be preserved in providing access to an immediate refund from their bank in such cases.
When it comes to TPPs accessing consumers’ bank account information, consumers are better protected in markets where there is a regulatory framework in place to ensure providers use an open application programming interface (API) mechanism. In markets where such frameworks do not yet exist, for example, the US, there is still some reliance on “screen-scraping” practices, whereby consumers are required to share their account login details with third parties. In such cases, banks may claim consumers have breached their online banking contracts and so disavow any liability on their part if customers become fraud victims as a result of sharing their login credentials.