The convenience with which you manage all your financial wants and needs may come at a cost.
Since becoming more common in the mid-2010s, mobile banking apps have continued to grow in popularity and have ultimately become highly versatile tools for almost all things money-related. We use our phones to shop, pay for services, transfer our money, apply for personal loans or even take out insurance – all while staying on top of our spending.
But as the banks have become more user-friendly, we’ve also ended up downloading several apps on our phones for different banking institutions – maybe we have a current account in one bank, a mortgage in another, a third one for savings, and one more for online shopping. At a certain point, it can become hard to follow all the payments you’re making and to have an overall idea of how much you spend/owe.
Since 2012, when new financial institutions that use integrated tech solutions started appearing in app stores, FinTech’s growth has trended upward rapidly. New banks, such as Revolut, N26 and Monzo, looked different from their traditional counterparts: approachable, cool, and geeky. And, above all, these ‘challenger banks’ fit the lifestyle of younger generations, offering travel and device insurance and flashy prepaid debit cards.
Over time, they’ve added other services, such as virtual disposable cards for online purchases, simplified stock investments or cryptocurrencies, and appealing graphics that show us where we spend our money. The problem is, they rarely serve as our main banking solution – and that’s quite a challenge when it comes to expanding their market position in such a competitive sector.
So, over the past few years, these new banks have been pushing for new legislation on open banking, making the case for the right of customers to own their own financial data. And, of course, for our right to hand it over to whomever we see fit. Keep in mind, of course, that not only FinTech, but also traditional banks already sell anonymized data with our consent.
What is open banking?
Open banking is a system that allows you to direct your financial institution to share your account information from their bank with any third-party app or service you choose. For example, you could centralize all your accounts in one bank (via a FinTech platform), or, gain access to credit from a specific vendor, or even just provide consent for an app that manages your budget and expenses to access information in real time about every purchase or transfer you make.
Many regulators and lawmakers around the world are beginning or continuing to work on implementing open banking, obliging banks to coordinate information sharing and, as those pushing for these policies believe, to drive innovation, competition, and transparency within the traditionally more conservative banking sector. Moreover, customers will be given new offers tailored to their needs (and budgets). But at what cost to our privacy?
Why open banking is a double-edged sword
But what does it mean to share your banking information? Take a minute to go through your last 20 banking transactions. I just did, and what I saw is enough to profile me, to understand my habits, and even to draw conclusions about my health status.
My transactions show that:
- I use public transportation (I paid for a monthly metro ticket)
- I am experiencing a health issue (I went to the doctor and the pharmacy twice in the last few days)
- I mostly cook, rather than go to restaurants (but, when I did go to a restaurant, it was clear where and how much I spent), and even that
- I usually book long-distance bus rides
In short, banking data reveals a lot about our lives.
Are we ready to give away all this information? It seems that some of us are. The UK government, a pioneer in open banking, believes that by September 2023, 60% of the UK population will be using open banking. While this is an impressive number, it is also the result of the country’s concerted effort to implement open banking standards, along with an API standard that defines how financial data should be created and shared and how access to financial data should be provided.
In fact, the UK was still a member of the European Union when the region approved the first legislation in this field in 2015, mostly with the goal of driving competition in the banking sector. Meanwhile, Australia has pushed for open banking and data sharing through its Consumer Data Right policy, and other parts of the world, including both North and Latin America, are still making their way forward with their own legislation.
In the United States, where the adoption of open banking has been slow, the Consumer Financial Protection Bureau has raised a few concerns, mainly in regard to what requirements will be imposed on third parties to ensure data protection, what limitations will be set on data privacy, and what technologies will be allowed. Moreover, the Bureau is also concerned about smaller financial institutions and how (and whether) they will be able to keep up with these regulations.
But while some countries might build stricter guidelines to establish which apps and vendors will be able to take advantage of open banking, the risks go beyond privacy and on to cyberattack:
- Phishing attacks on customers are common. If clicking the wrong link and inserting your bank credentials on a fake website is a problem today, imagine how much riskier such attacks would be you’re misled to surrender access to an app that gathers your full financial history and criminals could drain your bank accounts.
- Rogue mobile apps might lead you into believing that they are real apps with open banking features and will request banking credentials.
- Data leaks might expose the complete financial histories of thousands of people who trusted an attacked service provider.
- Advertisers might pay to see your data, and malicious advertisers might even use your data without consent.
- APT attacks can target specific people.
- Other attacks might compromise an app’s infrastructure or take advantage of vulnerabilities.
So, what’s the future?
The trend is set, and open banking is being discussed all over the world. But the pace of its adoption will not be the same everywhere, due to the availability of mobile internet access, or when internet access a whole is still a challenge in many regions. At the same time, cybersecurity concerns around open banking present challenges and risks that are just around the corner – or are already here.
The value of our data is something we, as a society, talk about on a daily basis, and we can easily see how mainly big companies acquire services in different areas: health, banking, tech products, marketplaces, all at once. Allowing them the opportunity to connect all these different fields and match them with our bank account data might, in fact, improve our user experiences with these companies and bring along traditional banking into a more innovative tech space. But it will definitely also require us to hand over some of our most private information.
by André Lameiras, ESET