The Basics of Open Banking
- Kushlani De Silva
- Product Marketing Manager, WSO2 Open Banking - WSO2
Open banking has grown overnight. It started with the PSD2 regulation for Europe in 2018. Open banking is now adopted in Australia, several parts of Asia, Latin America, and many other regions.
Here are a few facts to understand what open banking is and why you should consider building a strategy around it.
What is Open Banking and Why Was It Created?
Open banking requires all financial institutions (deposit taking institutions) to open up customer and/or payment data to third party providers. Open banking breaks up the monopolies of financial services and allows more players to enter the market. This increases competition and results in better products and services for customers.
As time went on, non regulated regions started to accept that open banking was the best way to become more digitally agile. Therefore, they started taking measures to open up their APIs. Regions like Mexico are looking at open banking for larger financial inclusion agendas.
How Does Open Banking Work?
The “opening up” of this data is done via Application Programming Interfaces (APIs). APIs, which are essentially an integral part of any technology infrastructure, provide a secure and effective way to expose this data. In the past, banks have used screen scraping to expose data. This comes with a compromise on security with a high chance for fraudulent transactions.
How is Data Protected in Open Banking?
Security is of utmost importance in open banking. While security at an API management level is essential, banks must take extra steps to ensure that data does not fall into the wrong hands. Mechanisms like Strong Customer Authentication (SCA) and Consent Management are vital. SCA ensures that a two step authentication mechanism is followed, but without hindrance to user experience.
Consent management puts the user in control of who they share their data with. When you implement identity and access management for open banking, these two elements should be a top priority. It also helps to have fraud detection mechanisms in place, as a way of identifying fraudulent transactions.
Are There Technology Standards to Meet?
Since the APIs used for open banking need to follow certain protocols and adhere to specific requirements, there are a few open banking API standards available. Open Banking UK API Standard, the NEXTGEN PSD2 API Standard (created by the Berlin Group), and the STET API specification are three of the most commonly used standards.
How Do You Integrate an Open Banking Architecture with a Legacy System?
One of the biggest challenges banks face is bringing together what seems to be two different worlds — open API architectures and legacy systems. In reality, it doesn’t have to be so difficult. The first thing to do is to add an integration layer which will mediate between the legacy system and Open APIs. This allows you to expose the required services to the open banking solution, which will in turn expose them as APIs with the required security measures in place. More details are available in this white paper.
Why an Open Banking Vision is Important
The availability of data and various methods to compare and contrast services create high expectations for consumers.This means banks need to go the distance — being a supporter of a person’s financial ecosystem is not enough. They need to think about improving consumer lifestyles too.
Open banking is the best way to start this journey. The openness it creates gives way to a tremendous amount of data. This data helps you understand how your consumers, eat, shop, travel, and more. With more players in the financial services ecosystem, banks should aim for collaboration over competition.
These collaborations can go a long way in delivering superior products and services to customers, and helping your bank identify as a true contributor to consumer well being.
In conclusion, open banking is here to stay. So regardless of what the regulatory status is, banks need to be proactive about open banking and make it a boardroom topic. The sooner you start, the better placed you are when it reaches your region.