Who owns your bank data?
For years, the answer to this question was straightforward: your bank. But then digitisation happened, and with it came many new services: Spotify suggested music you might like, Uber plotted your best route home. Slowly, people started to see the power of data to deliver more convenient and personal services.
Tellingly, so did EU lawmakers through the updated Payment Services Directive (PSD2) requiring all banks in the bloc to create APIs that are shared with officially approved third parties. Customers can then give their bank credentials to these brands to access new services or simplify payments.
For example, UK start-up Funding Options matches businesses with lenders. By using bank APIs to scrutinise accounts, Funding Options helps customers avoid filling out forms and sharing sensitive identity documents thereby reducing a lengthy process to a few minutes.
However, PSD2 doesn’t just promote open banking but also security through strong customer authentication and it will continue to apply in post-Brexit UK.
Opportunities and threats
It's easy to see why banks might be nervous.There's the liability issue: in the event of a data breach, most consumers will direct their complaints to banks, even if it was the fault of a third party.
They also worry that disruptive newcomers – whether small start-ups or established brands such as Amazon and Facebook – could steal their customers.
A recent Payments and Open Banking survey, suggests customers’ reluctance to share personal data remains a problem. According to the survey, payment service providers are trusted by 9% of respondents internet giants by 7%, while online banks and FinTechs would only receive data only from to 3% of consumers. Traditional banks still have advantage over newcomers as 17% of European respondents say they trust traditional banks and card providers to exchange their personal information (17%). This would suggest that banks themselves may be best placed to explore the new opportunities.
Banks as data aggregators
France's Crédit Agricole opened its APIs as early as 2012 and launched its own CAStore to showcase applications and services created on top of them. Spain's BBVA opened its APIs in 2013. Banks can commandeer developers to build innovative new services on top of their own customers' account information.
Another option is for the bank to be the aggregator itself. In Germany, challenger bank Fidor has already done this. It offers customers access to a range of products from multiple providers inside its portal. Analysts argue that more transformative innovations are yet to come with APIs set to move banking services into everyday life.
But for this to materialise, users will have to overcome their trust issues.
To reassure them, EU regulators are insisting on strong two-factor authentication for all PSD2-related transactions. But the legislation hasn't yet precisely defined what strong consumer authentication is. The good news is that security specialists are already developing secure digital banking solutions that go way beyond two factors.
Risk management services, for example, analyse thousands of attributes from the user and the device, such as geo-location, device profiling, IP address, device assessment, and behavioral biometrics.
Crucially, it provides the trust to make the authentication process not just strong, but also fast and friction-free.
Latest News from
UK tech sector steps into the breach to help close digital divide16/04/2021 14:10:00
Guest blog by Natalie Duffield, CEO, IntechnologySmartCities & Vice-Chair, techUK's Local Public Services Committee.
SME Market Research Insights16/04/2021 11:10:00
Working with our member Advanced-UK, techUK recently commissioned some market research looking at how small to medium-sized companies (SMEs) within the UK’s tech sector are dealing with the challenges of the current climate.
Tech7 outline key recommendations for the G715/04/2021 16:05:00
Tech7 call on G7 governments to work towards four objectives to improve economic recovery and resilience in the post-pandemic era.
Capita supports Ministry of Justice to deliver the first national rollout of sobriety tags in England15/04/2021 12:15:00
Guest Blog: Alistair Murray, Managing Director, Justice, Central Government & Transport at Capita shares information on the recently announced Electronic Monitoring Service (EMS), and their work with the Ministry of Justice (MoJ) to rollout the sobriety tags across England, as part of the Alcohol Abstinence and Monitoring Requirement (AAMR).
Guest blog: Unboxed's Women in Tech interview series, Michelle Isme15/04/2021 10:10:10
Read techUK member Unboxed's interview with Michelle Isme, Senior Product Manager with the agency
Guest blog: Fresh thinking needed on the National Data Strategy14/04/2021 14:15:00
Guest blog from Peter Dutton, Head of Public Sector, UKI at Elastic
techUK's Future Mobility Services in the UK Campaign Week12/04/2021 13:15:00
Get involved in techUK's first ever Future Mobility Services in the UK Campaign Week, running from 24 – 28 May!
New techUK guidance for SMEs on modern slavery12/04/2021 11:25:00
Modern slavery is a major crime that all businesses need to be aware of and is very prevalent in the UK with over 100,000 estimated victims.