Our latest research finds that customer trust and understanding of Open Banking is increasing, but companies need to counter the impact of high profile data breaches happening elsewhere.
TLT research highlights a growing tension between data sharing – the basic tenet of Open Banking – and high profile data breaches, as customers grow increasingly aware of and sensitive to data security issues.
The report – Opportunity Knocks: the future of Open Banking – draws on research involving 130 senior decision makers across UK financial services including banks, building societies, fintechs and payment service companies.
Three quarters (77%) of respondents agree that trust and understanding of Open Banking was low when it first launched in January 2018 and only 30% say this has improved in the six months since launch.
However, progress is threatened by high profile data breaches, which half (49%) of respondents say have damaged customer trust in Open Banking, even though none of these breaches have (yet) happened in the Open Banking space.
Two thirds (66%) of respondents also say damage to customer trust and confidence where data is lost or misused is the biggest risk in relation to data sharing under Open Banking – trumping other concerns over potential data loss via third party providers (52%), increased fraud risk due to a larger 'attack surface' for hackers (50%) and increased risks and liabilities arising from regulatory obligations (32%).
As a result of these concerns, most financial services companies are taking significant measures to protect themselves and customers against potential threats including risk sharing arrangements with counter-parties. 63% now have a "comprehensive strategy" in place for Open Banking, with dedicated teams and investment to tackle cybersecurity and fraud risks. Companies also plan to take action to improve customer communications about Open Banking (42%), increase data security (40%), update customer-facing websites and digital banking channels (42%) and undertake advertising campaigns to promote their Open Banking offerings (23%).
Brian Craig, data protection legal director at TLT, comments: “Cybercrime is a very real threat for businesses and consumers but our research shows that the industry is aware of the risk and investing heavily to mitigate this as the Open Banking opportunity evolves.
"The challenge for Open Banking players is to both respond to emerging threats and anticipate the future by investing in technological infrastructure and procedures to keep customer data secure. Successful companies will communicate effectively with customers about how new security protocols and services work and implement the measures to deliver them."
David Gardner, technology partner at TLT, adds: "Open Banking and PSD2 bring significant improvements to data security for banking customers, including encryption, tokenisation and Strong Customer Authentication requirements. These mean that customers using Open Banking channels have enhanced protection over and above that which is offered by existing services using less secure methods, such as screen-scraping.
"However, customer fears about data security are real and understandable in the context of heavily reported, high profile data breaches elsewhere. The financial services industry faces a challenge to overcome these fears. This will involve publicising the security features of Open Banking and, perhaps more importantly, releasing great new Open Banking services that address real customer needs, encouraging greater adoption by otherwise sceptical customers."
The FCA has set out how it proposes to replace the Approved Persons Regime by extending the SM&CR to the whole financial services sector by 9 December 2019. Almost every FCA regulated firm is affected, in particular any...