According to The Open Banking Implementation Entity ‘Open Banking is the secure way to give providers access to your financial information’8. Although Open banking creates new ways to new products and services to help consumers and businesses get a better deal. Open Banking is designed to bring more competition and innovation to financial services, however, it can also present new challenges for the financial industry. An article by finextra4 suggests that due to open banking, financial institutions share customer data more than ever before, some of this data is fraudulent. This means that banks will be compromised with this data, as customers may have their ID stolen as it may be accessed easier due to open banking, leading to higher loses in fraud cases.
Open banking means that, with the consumer’s consent, their data can be accessed by different banks and businesses. From third-party apps that transfer funds between friends to a user interface which provides an enterprise view of customer’s financial portfolio, the possibilities are endless on how open banking can transform how financial data is used. Open banking is also here to stay, research by PwC affirm that only 18% of consumers are currently aware of what Open Banking means for them, however, this is expected to increase to 64% by 20227. This shows the significant impact which open banking is gradually having on consumers, according to Deloitte3 this is enabled by advances in technology and driven by regulation.
Regulators are seeking to encourage increased competition and innovation by allowing third parties to access customer banking data. Deloitte specifies that this is taking place at two levels3:
In the EU, in the form of the revised Payment Services Directive (PSD2)
in the UK, with the largest banks adopting the Open Banking Standard.
With the passage of the recent Revised Payment Services Directive (PSD2) countries are putting banks and financial institutions on notice that they no longer have sole access to customer financial data. Third-party companies can now use application programming interfaces (API) to connect directly to customer’s financial providers. This will open up new opportunities for technology-centered companies to gain market share in a historically tight market.
Open bank data will undoubtedly change the way consumers manage financial-related transactions but will also open the industry to new types of fraud risks which must be addressed to protect customer assets. This article will take a closer look at the top fraud challenges open banking will cause for financial services companies, third-party applications, and customers.
Top Fraud Challenges Open Banking Creates for the Financial Industry
Increased Transaction Volume
Fast and convenient banking for customers is one big advantage open banking brings to the market. However, with more and more consumers using digital channels to manage their finances, transaction volumes will continue to increase at an accelerated pace. A study1 found global digital payment transactions are expected to reach 726 billion by 2020, or roughly 2 billion transactions per day occurring worldwide. Consequently, Open Banking may negatively affect the ability which banks and financial institutions have to perform fraud profiling as more transactions are done through other organisations.
With consumers adopting digital banking as a more convenient way to manage finances, cybercriminals are seeing this as a perfect opportunity to engage in criminal activities to hide illicit transactions within the enormous transaction volumes occurring globally every day. Banking legacy fraud detection systems will not be enough to effectively manage fraud risks in this new environment. Fraud detection and prevention systems will need to employ artificial intelligence (AI) most notably machine learning to assist with large amounts of transactions. This will help cut down on false-positive errors and allow flagging fraudulent activity in real-time across all banking channels, whether digital or not. Openbankingexpo5 outlines the impact of AI-driven fraud monitoring tools, they can accurately detect fraudulent activity before it even happens.
Who to blame when fraud occurs?
Open banking gives third party companies the ability to access customer financial data through APIs, creating a bridge between customers and their financial providers. However, if customer data is breached while using these third-party applications who is liable? This is where it can get a bit complicated. Although open banking prides itself on transparency it lacks this competency when it comes to actual fraud. As reported by Cifas2, open banking comes with significant risks as not all consumers may be aware of all the new financial services firms, this makes it tricky for them to know what is a fraudulent or legitimate request from these providers. The managing director at fraud prevention service Cifas, says: “Any new initiatives will be targeted by fraudsters – fraud is the number one growing crime and fraudsters are always looking for the weak points”5. This means that, although open banking can allow customers to find better deals, fraudsters always manage to keep up with technological changes and adapt to them by creating more sophisticated ways to commit fraud.
Fraud is anything but clear, therefore digital fraud is so attractive to criminals as it is easier to mask where the fraudulent activity is coming from. This can create massive liabilities for third party applications and the banking industry. If a customer’s third party account application, such as PayPal, is hacked, their data is stolen and fraud is committed, any litigation brought forward will most certainly include both the app and the customer’s bank. This can result in increased litigation expenses to try and figure out which party is at fault and who is responsible for the fraud prevention error. A scary situation if compounded over several hundred or even thousands of users. One large app breach could cost banks and financial institutions millions in legal costs to combat these types of suits.
Enterprise-Wide Fraud Capabilities
Open bank data will create a new fraud challenge for the banking industry, holistic banking access for cybercriminals. With customer financial data being consolidated into single-user interfaces by certain third-party applications, such as money management apps, e.g. Mint and Yolp, fraudsters will have access to an enterprise-wide view of all accounts across a customer’s portfolio. This allows criminals to gain access to more sensitive customer data and creates a clearer view into which customer accounts hold the most assets which can be targeted.
Enterprise-wide observation of customer finances is a great tool for consumers, however, it creates immense fraud risks for the banking industry which prides itself on keeping customer data secure from external threats. Fraudsters can now piece together data from different customer accounts to use in other fraud schemes or to engage in fraud or identity theft. Cifas, the fraud prevention service, outlines that identity theft accounts for 50-60% of fraud that they see5. This figure can increase if organisations don’t adopt the necessary technological tools which can protect their customers’ data even if widely available under one interface. Furthermore, if fraudsters have an enterprise-wide view of customer data they can monitor transactional behavior to mask their actions when engaging in illicit activities. Fraudsters can use this platform to hide illegal transactions within what is seen as normal transactional behavior by the user.
Throughout history, fraudsters have been effective and fast in exploiting technological advances. Open banking and PSD2 are no different, therefore organisations must be prepared to close all doors to criminal activities. Open banking has immense potential to positively transform the way consumers manage their money. Consumers can receive customised offers to suit their specific needs and wants. On the other hand, for banks and financial services firms, they can enter the industry and have access to data which will allow them to compete freely with large, already established banks, that way they can also offer the best deals.
The financial services industry will be more competitive than ever with the emergence of open banking and supportive legislation. Competition is good for consumers however the banking industry must ensure while offering convenience they are also offering protection from fraud risks in a digitally-driven world. Regulatory compliance and investment in the right technology are both essential aspects to try to solve the problem of fraud in the landscape of Open Banking and PSD2. Both must proactively work together from the start.
“Digital payments expected to hit 726 billion by 2020 — but cash isn’t going anywhere yet”. Access at: https://www.cnbc.com/2017/10/09/digital-payments-expected-to-hit-726-billion-by-2020-study-finds.html
“Financial fraud is on the rise: are you banking safely?”. Access at: https://www.cifas.org.uk/insight/fraud-risk-focus-blog/financial-fraud-is-on-the-rise
“How to flourish in the uncertain future. Open baking and PSD2”. Access at: https://www2.deloitte.com/content/dam/Deloitte/cz/Documents/financial-services/cz-open-banking-and-psd2.pdf
“Open banking opens the door to fraudulent activity. How can it be combatted?”. Access at: https://www.finextra.com/blogposting/16613/open-banking-opens-the-door-to-fraudulent-activity-how-can-it-be-combatted
“Preventing fraud in an open world”. Access at: https://www.openbankingexpo.com/features/preventing-fraud-in-an-open-world/
“PSD2 and protecting your customers from fraud”. Access at: https://www.pwc.co.uk/services/forensic-services/financial-crime/our-insights/psd2-protecting-your-customers-from-fraud.html
“The future of banking is open”. Access at: https://www.pwc.co.uk/industries/financial-services/insights/seize-open-banking-opportunity.html
“What is Open Banking”. Access at: https://www.openbanking.org.uk/customers/what-is-open-banking/