Open banking has garnered a lot of attention recently. With the introduction of UK open banking and Payment Services Directive 2 (PSD2) becoming law across the European Union, regulations are fundamentally altering the way banks handle personal data. The movement is also not restricted to Europe, with regulators in the USA having released their intentions in October 2017 on access to bank accounts.
Open banking promises a revolution in how we consume financial services products. At the heart of the paradigm shift are APIs exposed by financial institutions. These APIs allow us to share access to our accounts with apps and platforms of our choice. We might, for example, choose to securely share financial data with an app that gives us an aggregated visualization of our finances, helping us better plan our lives. Alternatively, we may choose to take advantage of payment initiation direct from a checking account and use this from an online accounting package. Opening banks with standardized APIs will alleviate a lot of friction between financial services.
However, most end consumers don’t even know this great transformation is occurring. There is a sense in the media — in the UK at least — that open banking is a “quiet revolution”. A recent survey conducted by the consumer organizaton Which? found that 92% of consumers had not heard of open banking. Of those surveyed 51% were unlikely to share their account information with third parties. Mainstream media outlets including the Guardian also question the concept as a whole. They cite concerns over fraud and liability once data has been shared.
Given the huge investments that are being made in open banking across the EU, how can technology providers and legislators bring open banking up the consumer agenda and make it more than just some clever enabling technology?
Building Context for Consumers
The greatest challenge the open banking initiative faces is breaking down the technology barrier. Open banking is usually linked with the technology that makes it possible, including the relative merits of APIs over the practice of screen scraping. This fact foists the enabling technology front-and-center and in many cases makes the protagonists focus on it rather than the solutions open banking makes possible. Instead, we need simple use cases and explanations to help set context for end users.
An example is the European Banking Authority’s publication of a video guide on the disadvantages of screen scraping. While technology is an important part of the debate for the technologist, the regular consumer will simply want to know: What’s in it for me?
Answering that question is not always at the forefront of the debate. Generally those involved seek to profit, disrupt, or regulate financial services and their message is tailored accordingly. Obviously those who seek to profit — by providing the apps and services that leverage open banking — want to paint a consumer-focused picture. For others it’s not so straightforward.
For example, the European Union message on PSD2 focuses on delivering choice and flexibility in how customers access financial services and who they choose to access their account, regardless of who they bank with. However, there is a subtext that introducing payment initiation services direct from a consumer’s account may break the hegemony of Visa and Mastercard in payments. Recent research tends to support a decline in card payments in a post-PSD2 world.
This introduces a significant issue, namely: How can PSD2 — or any open banking scheme — engineer a payments “network” in a few short years and foster the same trust, reliability and security that Visa and Mastercard promise? The advantage the payment networks have at the moment is that they “just work”. This is juxtaposed to the fledgling open banking solutions that are composed of many moving parts.
Open Banking Must Foster Trust With End Users
The possible journeys for customers to authenticate themselves to pay from their bank vary from one implementation to the next, with many banks forcing a user to use a physical passcode device. Such journeys are likely to involve redirection to online banking with multiple brands; for example a merchant, the bank themselves, and possibly an aggregator providing PSD2-compliant payment services that a consumer may have never heard of.
By this rational, what is open banking really giving consumers other than the perception of greater risk and a more fragmented customer experience? For it to resonate with consumers, open banking needs to be marketed by its champions as more than just a technology solution. It needs to be successfully evangelized with the message refocused in a number of ways:
- Emphasis user control: The technology slant needs to take a back seat and the protagonists instead focus on how consumers are at the heart of open banking, controlling access to their accounts on their own terms.
- Evangelize great use cases: The champions of open banking need to evangelize how the technology allows consumers to unlock the potential of banking services from a myriad of different providers. Focus on how consumers can start to take advantage of the account data that — in the EU at least — they legally own*.
- Ease any doubts regarding security: Finally they need to imbibe consumers with trust in the approach and confidence of the solutions built on open banking.
Doing all the above will have significant effects for the current open banking approach. They are also likely to have long-term benefits that far outweigh the cost of addressing them.
Many of the concerns expressed by consumers focus on who can access their account. These include:
- How do I give access to my accounts?
- Who should I trust?
- How do I stop third parties accessing my account?
- Who is held responsible if there’s a problem?
These concerns expose a structural issue with how open banking is manifested. It models itself on the infrastructure that underpins it — the internet and a collection of APIs. This decentralized and dispersed model mean that consumers lack a cohesive view of what they have consented to. In the majority of implementations that are either live or planned this information is siloed across multiple repositories and likely hosted in online banking platforms.
Without this centralized element of control, the user is forced to aggregate this information by hand which is inconvenient, impractical and makes understanding harder. To foster trust in open banking the underwriters of the schemes across the world will need to address this by providing schema-sponsor facilities to allow citizens to clearly see and manage what they have consented to. Enabling this comes in two forms:
- A digital identity scheme: Already present and very successful in many countries, a standardized digital identity can be used by consumers to attest who they are when consenting to account access, binding each consented activity with a common identifier. The Nordics provide great examples of the success of digital identity. For example, over 60% of the population in Sweden use BankID as a means of digitally proving who they are.
- A means for consumers to collate and manage consent in a cohesive way: This either means a centralized repository or — more practically — a network that allows consumers to manage consent from a repository they own. A personal data store would provide the perfect vehicle for this.
Lastly, high-grade API security is paramount for open banking to thrive. Delegated authority protocols like OpenID Connect and it’s financial services extensions being built by the OpenID Foundation will help build faith for the technophiles in the solutions that underpin open banking. However, for the average consumer security means control and the subject control needs to be addressed for open banking to be successful.
The Open Banking Marketplace
The flipside of control for consumers is building trust in the third parties that access their accounts. Understanding the role an app takes in your financial ecosystem should not be an act of blind faith.
Take the UK open banking initiative as an example. All integrators are businesses regulated by the Financial Conduct Authority (FCA). If a consumer wants to check if an organization is registered for open banking they need to look them up on the FCA register — an impenetrable mechanism even for those that know what they’re looking for. This offers little convenience to the consumer. Compare that to a payment card in a bricks-and-mortar shop. The customer needs to do nothing to check the status of the merchant other than put their faith in the Visa logo displayed in the store.
In order for open banking schemes to build a perception of trust for consumers they could create some “signage” — markers that help consumers easily recognize the status of any organization professing to integrate with their account via open banking. Such markers might include:
- An open banking kitemark would be a quick indicator that a third party is legally registered for open banking. The implementation of this requires some thought of course given how easy it is to spoof websites, URLs and images on the internet. However, with the right construct this could not only boost consumer confidence but also add an open banking brand that helps foster a scheme’s identity in a given country.
- An easily accessible directory of open banking participants, designed with consumers in mind. This may be the financial services equivalent of the UK Checkatrade website designed for finding tradespeople.
- The development of an open banking marketplace that extends the directory idea and brings together all the solutions that use the open banking APIs in a searchable, consumable way. This has benefits for the consumer, who can easily search for and consume offerings from different providers in one place. It also would benefit providers, who get an accessible shop-window for their wares. This also benefits the regulators of any open banking scheme, as they can easily assess, monitor and certify solutions entering the marketplace.
If the open banking schemes can co-create a semblance of frontend signage, it could help foster the open banking mission.
Final Thoughts: How to Establish Consumer Faith in Open Banking
Open banking represents a significant opportunity for many parties in the financial services. The incumbent large banks can differentiate their offerings. Fintech will benefit massively from APIs created expressly for the purpose of accessing accounts. Regulators across the world will shake up the hegemonistic practices of large incumbents in financial services.
However, this promise will only be realized if consumer concerns on trust and security are addressed. Open banking needs to be marketed by its champions so that consumers understand what the technology actually means for them. This is important for right now — for building trust in consumers as they start to use solutions that integrate with open banking. But it is doubly important for the future, as the services offered expand and the opportunities grow. If this can be achieved then open banking just might cause the financial services revolution it promises.