Open Banking – Security & Privacy

Open Banking has the potential to deliver huge benefits for the consumer. However, from the press coverage so far this week, customers still have concerns about how their data is handled.

The idea that banks will open their precious data streams, using a standardised set of API’s has the opportunity to deliver big gains.  From new services to improved customer experience, the increased transparency will open up options that could revolutionise the way we bank.

The Open Banking changes made last week are only the beginning, over  the next two years credit cards, savings accounts and more will be added, opening up a world of opportunity for providers and customers alike.

With this new technology comes uncertainty that banks will need to help customers overcome if they are to build trust in new services.

What’s an API?

Open Banking is delivered through the implementation of API’s (Application Programming Interfaces) – which are an intelligent connection between systems that allow for a flow of data.

API’s are not new. They’ve been around for many years and allow us to connect our desktop and mobile banking applications to our accounts, facilitating the secure and private transfer of transactions to where we need them to be.

What Open Banking has done, is standardise the presentation of these API’s so that  (when we allow them to) bank systems can talk to other systems.

So, is my account now open for everyone to see?

Banks traditionally have been responsible for making sure your account stays secure and private, and fundamentally nothing has changed here.   In fact, it’s largely within the banks’ interest to keep that data to themselves, that’s why it has traditionally been tricky to change bank accounts.

Under Open Banking, whilst the method of moving data is standardised this DOES NOT mean there is a free-for-all with information.  Any institutions that require access to your data to deliver a service, will still require YOUR permission for that to happen.

The rules are fairly clear:

  • Any new bank or payment provider that uses Open Banking will be regulated by the financial services regulator in their country of origin,/

Financial Conduct Authority - Open Banking

  • Customers in the UK will be able to find out if organisations are regulated on the FCA website, so any provider of Open Banking services will need to be enrolled with the FCA and have that logo displayed on their site.
  • Open Banking providers are not permitted to take any action on any account with the explicit consent of the account holder.

You can search the Financial Conduct Authority register here. I did a quick search for the app-based Monzo bank that I use, and this is what the register displays:

FCA Register - Monzo - Open Banking

So, its clear from my search that Monzo is authorised – ‘a firm that is given permission to provide regulated products and services’.

However, because I Monzo never connects to my main bank account, I’ve never had to explicitly give permission. If I wanted that to happen (for instance, if Monza introduced a service to display my Santander balance or transactions and I wanted to use that), I would need to explicitly give permission. At that point, I’d recheck that both providers were FCA registered. 

So, Open Banking is safe?

As with any online service, some basic common sense is recommended to ensure your security and privacy, here are some simple rules to remember:

  1. Never give out your online banking password or access codes over the phone or in an email. No bank will ever ask you for a password or PIN number.
  2. Keep your anti-virus and malware software up to date.
  3. Avoid shared computers and networks for online banking.
  4. Protect your password and make them strong.
  5. Know what you are downloading – if it’s a new app that claims to help you save money with your bank account – check on the FCA website and be satisfied that the provider is authorised.

Overall, Open Banking presents no further risks than online banking did until now.

If you don’t give permission, then your banking data stays as secure as it was before the legislation was introduced.   You might miss out on some of the benefits, but you should stay safe in the knowledge that your information is secure.