Is open banking secure?

Open banking should be secure if your systems are well-designed and implemented. But companies that use this technology must take steps to secure their open banking systems and keep hackers at bay.

In the UK, the Financial Conduct Authority oversees open banking and sets regulatory standards and guidelines. No third-party provider can access an open banking API until it has been reviewed to make sure its security protocols meet FCA requirements. This standardization of open banking helps keep it secure. 

Most experts agree that the U.S. is behind other countries in embracing open banking. But the concept slowly is gaining traction in America. Customers who are learning about open banking for the first time are likely to have data privacy and security concerns. As a 2019 TrendMicro report noted, the concept of open banking creates "an entirely new trust relationship" between financial providers and their customers.

So, businesses that plan to make open banking central to the services they offer must reassure customers they are doing everything possible to make open banking systems more secure.

Among other things, Trend Micro recommends that providers of open banking:

  • Use secure protocols such as OAuth 2.0 and reduce risk by eliminating practices such as screen scraping and outdated protocols like OFX.
  • Refrain from putting sensitive information into URL paths.
  • Develop secure software and regularly run security audits, either external or "thorough in-house"

Of course, the safety of open banking also depends on customers taking steps to ensure they are keeping their accounts secure. That means creating secure passwords and not sharing them. But it also means that customers should educate themselves about the reliability, trustworthiness and security culture of any company entrusted with access to banking data, according to Trend Micro.

Such self-education will allow customers to make intelligent decisions before installing an app and reaping the many benefits of open banking.

Connectivity to ALL Core Systems