Open Banking, Cybersecurity, and the Cyclicality of Fintech Regulation

Sam Taussig is the Head of Global Policy, Kabbage, Inc.

Two clear trends are transforming banking—and driving the next generation of regulatory policy.  First, the adoption of data-intensive technologies have ushered in a wave of conveniences and services that have revolutionized personal finance, especially for millennials. Consumers under 40 expect friction-less service, mobile-native services, from mortgage applications to small business loans. All these new technologies are dependent on persistent data access between banks, FinTechs, and with the customers. 

Second, and at the same time, a growing awareness of the data breaches, unsavory behavior at big tech firms, and the misuse of customer information has understandably raised concerns about the risks of open banking and data sharingand online banking more generally.  As a result, more consumers, especially older customers, are demanding higher levels of data security, transparency by financial services providers and control over their own data.

How do we navigate such strong, and increasingly intense, and intergenerational preferences?  


First, it’s essential that we fully understand the risks and benefits presented by consumer demands and concerns. The introductions of credit cards, e-commerce, online banking, and other innovations which have become ubiquitous and depend on a certain degree of data sharing, which carries an understandable amount of concern about it.


When consumer credit cards were proliferating in the 1960s, dire headlines warned of the risks of attaching your personal finances into a set of transferable digits. Fraud was a real threat: 1.5 million physical cards were stolen in 1960 and dumpster diving for card numbers, or phishing over the phone were common and costly.


Similar failures and fraud schemes, with their inflated fears, accompanied online shopping. The New York Times characterized these worries in 2010:


We wonder, how secure are these payment systems? Will I be out the money if  someone steals my account numbers and goes on a wild shopping spree or  bleeds my savings dry?


            “…Using a credit card online may seem as risky as Russian roulette.”


Credit card companies and early digital payment systems responded to customer concerns by instituting safeguards for data, assuming liability and absorbing the costs and helping customers cope when fraud did occur.  Security codes, magnetic strips, PINs and chips were added to credit and debit cards. Online payment providers like PayPal developed ever-more-intensive encryption and credentialing


Policymakers responded with sound regulations to protect customers from fraudulent and unauthorized use and required they be fully informed as to the rates and prices of bank products. New laws allowed federal agencies to partner with lenders to curb bad actors and abusive practices, and slowly, credit card fraud morphed from an all-consuming anxiety to a mild inconvenience and small cost of doing business (about seven cents for every $100 in transactions). Yet all the while, consumers were given the choice to opt for new products, or stick with other options, including cash.


Now we see the same pattern (innovation and convenience followed by fear of fraud and misuse) accompanying the rise of data authorization to access FinTech products and services. Like their predecessors in financial flexibility, FinTechs are tackling data security and unauthorized access from within, partnering with banks to control fraud and working with regulators to build responsible open data frameworks


As the risks of internet and digitally-based activities of any sort become more obvious, so should the benefits.  An open banking ecosystem holds great promise for better customer outcomes, financial health, improved efficiency and economic growth. Customers get seamless integration of tools that simplify everything from online shopping to wealth planning, delivered by and with banks that can deepen the customer relationship and offer new and improved products with their more specialized FinTech partners. 


Moreover, open banking allows customers to tap a source of wealth that has long been monopolized by incumbent financial services providers—their data. The value of transactional data generated by any individual or entity is part of the health and wealth of that individual, and the right to access that data can’t be left to idiosyncratic company policies. 


FinTech firms must continue to step-up, as predecessors have over the last four decades, though we’re seeing promising signs.  E-commerce platform Shopify recently debuted fraud protection for its merchants; opt-in service BillGuard compares users’ geolocation data to posted transactions to flag stolen cards. Alloy offers an API to simplify account onboarding without sacrificing security. Top banks report investing in blockchain technology and biometric readers to fight the next generation of bad actors. These mutually beneficial partnerships are currently the most efficient and effective means of assuming liability for unauthorized data access and building fraud prevention and restitution across the industry. 


Regulatory policy is needed, however, as well, to both facilitate cybersecurity and consumer data-ownership and control.  Ideally, banks and FinTech companies should work together to engineer agreements that allow individuals to control how their data is shared with services they choose. A full realization of Open Banking would ultimately negate the need for bilateral agreements, as ownership of consumer data, consent, API standardized data and payment control are among the fundamental elements of the ecosystem. In the ongoing implementation of Open Banking in the EU, this is supported by the robust multi-factor authentication requirement of Strong Customer Authentication (SCA).  Meanwhile, Asian countries are quickly developing collaborative regulatory frameworks regulatory frameworks and Open Banking schemes of their own that are far exceed the rate of change in North America. 


The American adaptation of Open Banking has been slow.  Regulators have made some smart attempts to increase cybersecurity controls in financial services, but the move towards open banking is nominal at best, governed by some of the biggest players with little incentive to innovate.  As a result, not only will American firms lose out on global financial services market share, but customers will find themselves ill-suited to capitalize on one of the greatest sources of 21st century wealth—themselves.

About The Contributor: admin
Tell us something about yourself.

Get involved!

Get Connected!

Come and join our community. Expand your network and get to know new people!


No comments yet