Open banking is an emerging trend in the financial services industry that is opening the door for third party providers (TTPs) to offer a wide variety of new services – and it is poised to change the traditional retail banking model is we know it. Using open banking, financial institutions can securely provide other financial institutions and TPPs with seamless access to, and communication with, customer data through a standards-based technology called open Application Programming Interfaces (APIs).
A shift towards open banking has been seen across the globe, evidenced by various regulatory initiatives such as the EU’s Second Payment Services Directive (PSD2), which requires that banks provide customer data to TPPs through open APIs. Despite its many benefits, open banking will significantly expand the attack perimeter for financial institutions and raise a number of new risks and considerations. Specifically, financial institutions and their TPPs will need to implement effective authentication controls, create clear policies around data governance and data security, and develop mitigation and reporting processes in the event of cyber or fraud incidents.
This Financial crimes observer provides: