By Amir Nooriala, CCO, at Callsign
One of the core objectives of open banking is to drive innovation within the financial services sector. While banks were previously the gatekeepers of all customer account data, the regulations and mandates around open banking necessitates banks make it available to any aggregator that connects to it, giving consumers more control over their data and finances.
This has led to an explosion of new challenger banks, technologies and ecosystems that have since emerged to give consumers greater choice around who they use for their financial services. It also enables banks to access similarly innovative services, as well as potentially more customers and channels.
However, despite rising popularity of open banking, different regions have taken fundamentally different approaches. The European Union has chosen a more regulatory approach open banking, passing PSD2 to level the playing field.
The US, is much more culturally averse to “red tape”, and as such, no such regulation has been passed there. However, there’s a strong appetite for open banking which means its bourgeoning ecosystem is very market led. President Joe Biden recently issued an executive order to promote competition in the American financial sector by allowing consumers to switch banks more easily, and this may go a long way towards helping drive open banking too.
A key difference in the regulatory versus market driven approach has been the development of stronger authentication processes. Because of its standards-based approach, many countries in Europe have been able to quickly build Strong Customer Authentication (SCA) regulations to secure digital channels and deliver exceptional customer experience in the financial services sector.
European regulators, banks and solution providers were already working together to formulate a clear and unified vision on SCA adoption before the Covid-19 pandemic forced consumers almost exclusively ‘online’.
Most SCA regulations achieve greater security by mandating customer authentication procedures such as two-factor authentication. In the UK, for example, there are organisations such as the Open banking Initiative that issue monthly highlights and run consultations to ensure that open banking – specifically as to how it relates to the retail sector – is driven by competition, innovation and transparency.
SCA is not mandated in the US however, meaning banks there aren’t held to the same stringent authentication standards as Europe. And looking across the globe, new markets which are looking to embrace open banking need to first step back and examine the current open market landscape to first decide how it wants to approach it.
For instance, in 2020, the Central Bank of Bahrain launched the Bahrain Open Banking Framework (Bahrain OBF). It was introduced to encourage the adoption of open banking by retail banks, mandating the integration of application programming interfaces (APIs) by making customer data completely available to third party providers.
Even though the central bank’s framework includes governance as to how to protect customer data, exposing thousands of bank accounts to third parties can be risky. Many banks don’t have the necessary security checks in place, especially when you consider the fact that they only had six months to implement this change. It was this risk that SCA initiatives are created to help mediate.
Open banking journeys are all orchestrated through redirect flows where users are returned from a third-party website to their bank login page or banking app for authentication. There, they can authorise access to their account information or initiate a payment.
However, even with multi-factor authentication, many banks rely on traditional methods such as usernames and password or even SMS OTP. Not only do these methods add considerable friction to the customer journey, but the analogue channels they sometimes use are becoming increasingly vulnerable to fraud. And the impact to user experience this can cause can be detrimental to the successful adoption of open banking.
This development has highlighted further the need for banks and businesses to not only ensure authentication is scalable and secure but to move beyond username, password, and SMS OTP to avoid user frustration/cart abandonment and reputational damage. SCA is well on its way to being implemented.
A regulatory-led, collaborative approach will be the success factor to ensure SCA supports open banking as part of the wider digital transformation agenda and Covid-19 mitigation.