7 minute read 6 Mar 2019
Misty road Pyrenees Atlantique France

Five approaches to secure open banking

By Anita Kimber

EY EMEIA Business Transformation Leader

Open banking champion. Passionate about facilitating better customer experiences through innovation and creativity. Dedicated to building a better working world.

7 minute read 6 Mar 2019

Show resources

  • Open Banking Innovation Centre (pdf)

Open banking offers consumers access to new competitive services, but building and maintaining a secure ecosystem is vital to its growth. 

Open banking is going to mean big things for the financial sector, but there is still a lack of clarity around exactly what it will mean for individual participants in the ecosystem.

Banks may not know why they should be opening up their field to new competitors. Businesses and SMEs may not want to spend time and money on new technologies or strategies. And customers may feel uncomfortable about sharing their data with banks, when the benefits of doing so remain unclear.

And all the while, a shifting data-privacy regulation environment may make companies unwilling to invest in programs that make heavy reliance on consumer data, when the way they are allowed to access that data is subject to constant change.

Therefore, it’s unsurprising that in an age when even the world’s largest tech businesses are losing the public’s trust to handle their data safely, customers are suspicious of handing over access. Research on consumer sentiment toward open banking found that 40% of consumers were positive, while 48% listed data and cybersecurity concerns as their reasons for negative opinions.

The financial community must avoid aggravating these concerns when it comes to educating customers. The benefits of open banking are real ― in particular the benefits around making the banking system safer, more secure and more valuable to all parties. There are five key ways open banking helps improve the entire banking system’s security:

1. Collaboration and standardization mean stakeholders are stronger together

Securing open banking is mutually beneficial for the entire digital banking ecosystem. Open APIs (application programming interfaces) and VPNs (virtual private networks) are driving collaboration and communication between companies ― even competitors ― to create a secure ecosystem for the end consumer, whether that is an ordinary depositor or a business.

This collaboration not only takes place between banks and their FinTech partners, but also between regulators and government agencies. Communication between a range of parties from across the ecosystem helps to develop strong guidelines and best practices.

Collaboration also increases standardization ― so everyone plays by the same rules, making it easier for different parties to work together. Developing shared services like KYC (know your customer) standards or regulatory compliance tools that can be trusted by all parties provides security. At the same time, it frees company resources from noncompetitive activities, allowing them to focus on innovation and consumer-facing offerings.

2. Transparency and encryption put customers in control

One of the key strengths of open banking’s security is, as the name suggests, its openness. Offering consumers greater control of their data allows them a deeper understanding of how it is being used.

This means that transparency will be paramount for service providers to build trust with consumers. For new brands and young FinTech players in the market, it’s a regulatory requirement to inform customers ― whether they are individuals or businesses ― about what their data is being used for, how they can control it, how it’s stored or how the company is audited and regulated.

It might also mean service providers become more proactive in promoting customer engagement with this data, and selling to customers on the value of increased transparency. Communicating the value of openness will be vital in making consumers feel comfortable sharing their data.

The reverse of this transparency, however, is the need for privacy and the protection of user data as it’s being shared. While banks are often perceived to be the custodians of data, ultimately customers must be in control of how their data is shared. Encryption technology is important here in making sure sensitive information is protected from cybercriminals when it’s in transmission or storage.

The whole point of open banking is to give customers control over their data, which means they are free to opt out of these platforms at any time: something that should also incentivize banks to maintain strong data protection controls.

3. Potential for AI to improve protection

One of the major challenges for financial institutions in the digital banking ecosystem is preventing illegal activity or money laundering through their systems. This process begins with rigorous KYC controls, which can be enhanced by open banking processes such as digital passporting which will allow the customer permissioned exchange of trusted KYC data between parties.

This is often tackled through transaction monitoring, where banks, often working with partners, try to spot and flag suspicious activity among the billions of global money transfers every day. However, just 10% of these reports receive further investigation by authorities, according to Europol.

Open banking can help AI systems do their job better, by broadening the pool of data they have to work with and providing a view of a customer across institutions. Monitoring is usually carried out by building anonymized ‘profiles’ of users that then help AI systems to flag anything unusual.

Ultimately, this should lead to more nuanced transaction monitoring, and therefore more secure banking for depositors, business customers and for the banking sector more generally ― and greater peace of mind around regulatory compliance issues for banks.

4. Authorization and authentication have evolved

When terms and conditions are thousands of words long, simply clicking ‘agree’ is common practice. But as people become aware they may have given apps access to more of their information than they realized, consumers may be more careful when agreeing to share their financial data.

Strong regulatory authorities, however, can confirm that any apps or services requesting data can be trusted. In the UK, this task is carried out by the Financial Conduct Authority (FCA), with the Open Banking Implementation Entity (OBIE) responsible for standardizing APIs, infrastructure and governance. These regulatory bodies play a role in reassuring consumers, allowing them to check the authenticity of services requesting their data.

As well as knowing the apps and companies they are allowing to access their data are legitimate, consumers also need to have confidence they are the only ones who can share their data. Multifactor authentication is important in adding another layer of security and trust. Technology, such as biometrics, is connecting digital security to the physical world and reassuring consumers they are the ones in control.

5. From resilient to proactive cybersecurity

Industry-wide standards for cybersecurity serve to protect customers and businesses across the ecosystem. This will be enhanced by collaborative intelligence and information sharing across companies, as well as increasing levels of automated threat response that can keep pace with attacks.

Cybersecurity is evolving from resilience to proactive threat-detection, hunting through systems for vulnerabilities with the aim of flagging issues to be addressed before attackers gain the upper hand.

Collaborative intelligence across the banking ecosystem will help the industry to learn from individual companies’ experiences and implement changes more widely. Better access to more data means better insights, which means that banks can more effectively take the fight to hostile parties, rather than sitting passively and waiting to be the target of cyber attacks.

Preparing for the future

Every new technology brings with it new risks and uncertainties. But the potential of open banking platforms to completely rewrite the relationship between banks and their customers ­― whether those customers are major corporations, SMEs or everyday depositors ― means it’s too big an opportunity to ignore.

It has the potential to make money management more secure, more convenient and a better value for all participants. For banks themselves, it will create new channels to engage and build valuable relationships with customers, opening up a whole new market for third parties to provide the services that will be the lifeblood of the open banking landscape.

What all participants in an open banking ecosystem ultimately need to realize is that open banking isn’t about arbitrarily inserting new technology into existing bank-customer relationships for the sake of it. It’s about using that technology to empower better and more secure relationships between customers and service providers ― relationships that are more intimate, more responsive, more transparent and more secure for all participants.


Open banking represents a change in the industry that inevitably creates new security challenges as data is exchanged between parties. However, the collaboration that it requires to function properly in turn drives united security efforts. In many parts of the world, the framework is in place to secure open banking while the technology continues to evolve to meet new challenges as they arise.

About this article

By Anita Kimber

EY EMEIA Business Transformation Leader

Open banking champion. Passionate about facilitating better customer experiences through innovation and creativity. Dedicated to building a better working world.