By Ismet Koyun, founder and CEO of KOBIL Systems
Customer identity has become one of the most precious values in the mobile world. Customers trust intrinsically that companies will protect their personal data. After all, with the handing over of names, addresses and especially bank data, customers are already demonstrating a great deal of trust in the companies. For many companies, this is both a blessing and a curse.
On the one hand, this data is used for the benefit of both customer and company, and is necessary to drive new, competitive sales and service channels as well as better customer experience. But a loss of trustworthiness and security will undoubtedly tarnish a company’s reputation, and damage their business long-term.
The arrival of open banking
Against a global backdrop of increasing data security, the new EU guidelines on open banking – which require banks to share their customers’ financial information with other authorised providers – are particularly interesting. With open banking, banks can no longer prevent FinTechs from acting on behalf of account holders and using their data for this purpose – as long as they have met the requirements for strong authentication. The ability to make already digitised information available to third parties with customer consent increases the efficiency with which financial services can be offered and processed, but it doesn’t come without its challenges.
The benefit for customers is clear. Thanks to open banking, customers will have better access to their own data, making it easier to control their finances and manage multiple accounts with different providers. But they will also expect a new and improved customer journey. This means that financial service providers, especially traditional banking institutions, will soon have to offer their customers uncomplicated and smart digital and mobile services for easy financial management and payment transfers – all in a secure environment. This is also key when preapring for the infiltration of large tech companies into the financial sector. Internet giants such as Amazon or Paypal are beginning to offer more and more services to challenge traditional financial institutions.
The new role for banks
In this context, it is necessary for banks to reposition themselves. One way they can comply with PSD2 is by being a ‘bank as a service’. This means establishing a secure environment and providing strong customer authentication, authorisation and secure communication for customers – all within a brand new playing field populated by new competitors and changing dynamics.
The second role that PSD2 presents to banks is to become a ‘bank as a platform’. By taking advantage of the trust that customers already place in them, banks can create exciting new business models that strengthen their customers’ loyalty and improve their own performance. Banks can then simultaneously position themselves more strongly than before in other open ecosystems, and are able to offer their services and products there. But the banks will have to be particularly forward-looking as they build their own ecosystems: they could start partnerships with related companies in order to create a new digital environment, which provides different advantages to different parties, but they should also ensure that their business will be the main instrument of all digital identities in this ecosystem.
Customer data and the struggle for security
Open banking is fundamentally changing security requirements, as multi-factor authentication is a requirement for electronic payment transactions. This is intended to ensure greater customer security. Today’s banking systems still depend on direct interaction with the customer, which means that the banks themselves have all the information they need to determine whether a transaction is counterfeit.
Banks must above all create confidence. According to a Which? Survey, 92% of the public do not know what open banking is or how it affects them. Moreover, over half (51%) of respondents said they would be unlikely to share their financial data, even if it meant that the products and services offered were more suited to them. Security concerns and anxiety about hacks, identity theft and passing on data without consent are likely the main reasons behind this.
So alongside developing new financial services, banking institutions have to inform their customers about open banking and the benefits it will bring – namely providing a secure environment and ensuring accountability and consumer protection against fraud. In order to take care of these privacy concerns and build a ‘core of trust’ in times of open banking, banks must consider different levels of IT security.
Finding the solution
The answer to the challenges is an end-to-end security platform that provides strong customer authentication and authorisation – using trusted identities for continuous, engaging and reliable communication between banks, third parties and their customers. Moreover, it’s important to employ public key infrastructure (PKI) solutions that utilise advanced screening, protection, prevention, detection and reporting mechanisms.
Experts refer to multiple levels of security, as in order to ensure a ‘core of trust’, there are a number of issues that need to be taken into account. These include secure application shielding, onboarding of existing and new customers, using trusted identities from users for strong customer authentication, digital signatures, secure release processes, trusted communications, and collaborative environments.
Greater security is at the heart of the open banking revolution, as banks must above all ensure trust to reassure their customers. In order to compete and win over customers new and old, banks should incorporate new business models with their existing basis of trust, repositioning themselves as institutions with security, loyalty, and new technologies at heart. Being at the forefront of change will be good for traditional banks – but they must not leave their customers behind.