With the advent of open banking, many people are wondering: how safe is it? Open banking benefits are numerous, and robust security is among the main features.
The main goal of the second payment services directive, or PSD2, is to make payments within Europe more secure. This guide will detail whether that has been the case, and what you need to know about the safety of open banking.
Is it safe to use Open Banking?
The short answer is that open banking is very safe. Providers of open banking use application programming interfaces, or APIs. APIs are a proven, secure technology used throughout the digital economy. They promote a safe connection between third-party providers of open banking and customers’ bank accounts.
Contrary to some legacy methods, such as screen scraping, with open banking, consumers never have to share their bank login details. Consumers grant access to their accounts by communicating directly with their bank via secure APIs.
Open banking providers must comply with various privacy and data protection laws as well as relevant security regulations. Regional regulators carry out regular audits and checks to ensure providers comply with the regulatory requirements.
The dangers of screen scraping
Some financial service companies use screen scraping. Screen scraping is a way of accessing financial data.
How does it work? A consumer gives the service provider their online banking login details, or this data is “scraped” from the web as the consumer enters their account details to login to their bank. Some countries have banned the practice of screen scraping.
Screen scraping and open banking are not the same. Though the end result may appear similar from a user perspective, the infrastructure and mechanisms involved are different.
In screen scraping, the login credentials and password are revealed to a third-party provider. If a person no longer wants this information shared with the third party, the only option is to change the login details or close the account.
With open banking, a consumer never has to share their login information with a third party. kevin. doesn’t use the outdated practice of screen scraping, making sure that the consumer’s personal data is never compromised.
Bank authorizations for card payments prior to PSD2 could mean that the account data was able to be stored, and could then be used maliciously. For example, there could be a second payment initiated without the consumer having any knowledge about it, or the transaction amount could be changed.
In open banking, these risks are either covered by technology (for example, getting a notification in your banking app with a transfer amount) or by the regulations of the bank. In the case of any fraud, the bank should compensate for the loss.
Who can access customers’ financial data through Open Banking?
Only regulated and licensed businesses can connect to consumers’ bank accounts to see financial data or initiate a payment. And even if a business is licensed to carry out these financial operations, it still requires an explicit consent from the consumer to access their data.
This enables consumers to control what information they want to share, which providers can access, and for how long. Open banking ensures that consumers never have to share their login information with a third party.
What information is accessible to third parties?
Open banking providers can be of two types. Account Information Service Providers (AISPs) have “read-only” access, which enables them to gather financial information. Payment Initiation Service Providers (PISPs) can initiate a payment on behalf of a consumer, with their consent.
AISPs can read account information such as account number, transaction history, balances, and standing orders. But they only see this information for a specific payment account the consumer grants access to. The exact information AISPs see also depends on the consumer’s bank.
Currently, customer consent lasts for 90 days and then expires. But the Financial Conduct Authority (FCA), an open banking regulator in the UK, suggests that after 90 days, it should be enough for a consumer to reconfirm their consent.
How is Open Banking data protected?
Open banking data is protected in many ways. First and foremost, it puts greater control in the hands of the consumer.
Furthermore, banks developed the open banking application programming interface (API) endpoints. They’ve been through extensive testing by the banks, as well as authorized third parties.
Since control is in the hands of the consumer, the individual is the only person who can decide to allow a third party to connect with their bank. This is also beneficial to banks, as it can reassure potential customers that they can be trusted and thereby allow the bank to gain more customers. It shows in the numbers, too – over half of consumers want greater control over their finances, and open banking presents the opportunity to give it to them.
Statistics show that more and more consumers are adopting open banking. In January 2023, over seven million people actively used open banking services in the UK alone, an all-time record.
How kevin. protects data
kevin. boasts robust security, adhering to GDPR and PSD2. That means a secure online or in-store payment platform for merchants and individuals to use seamlessly and without worry.
Each of these compliances means greater safety for the consumer. In the case of GDPR, there are stringent requirements for the collection, processing, and retention of personal information. It includes the right to data portability, the right to withdraw consent, and the right to erasure.
Under PSD2, third-party providers like kevin. must be fully licensed as a payment services provider, or PSP.
With SCA, all payments can only go through if a two-factor authentication is completed correctly. Some transactions, however, are exempt from SCA. These include low-risk transactions, low-value transactions, recurring transactions, and when trusted beneficiaries are the receiver of funds.
kevin. has robust security measures, which results in a secure online payment platform that businesses can use with the utmost confidence.
Tips for safer Open Banking
There are steps customers can take to ensure open banking security. For example, the EU has its own regulatory body governing open banking, as may individual countries. Any third-party provider should be compliant with the regulations in the region or country in which the provider operates.
Businesses should be knowledgeable in how any third-party provider in open banking works. When watching a demo of a provider, you’ll be able to see how the account linking process works. You should see an option that gives clear consent to link your account and enable open banking.
In some cases, the customer may be redirected to your bank website, logging in with your information there. Other times, the customer receives a separate authorization notification request and can then authorize a payment on a different device or platform.
It is important to note that it is up to each bank to ensure security. If money is stolen, it must be returned to the customer by the bank.
What are the security risks of Open Banking?
There are security risks involved in open banking, but it is widely considered as safe as internet banking. The risks involved in open banking, then, are similar as they would be for internet banking, such as phishing. When users choose a trusted payment services provider like kevin., phishing isn’t possible, or is far more complicated than it would be with internet banking. The main goal of PSD2 was to make the security level of open banking the same as traditional bank operations.
When using a card, there are risks that do not apply to open banking. For example, card data can be stolen. When an item is purchased with stolen card details, chargebacks are a risk to merchants. In some cases, the losses can be accounted for by the merchant. With open banking APIs, they are new and regulated. PSD2 requires that it is not possible to steal credentials that could later be used for subsequent payments.
How can kevin. help?
Finding a Payment Initiation Service provider that has a high level of transparency about the processes in place, along with the proper security checks, is essential to the safe use of open banking.
kevin. is disrupting the payments industry, giving an alternative to merchants who don’t want to give up their profits to cover card processing fees. That’s where open banking comes in. Plus, security is a top priority at kevin., so you never have to worry about having a safe payment infrastructure. With our advanced features and tokens, sensitive data is always protected.
Learn more about the advantages of kevin. by getting in touch with us!
Frequently asked questions
1. What is open banking?
Open banking is a term describing the practice of banks sharing data with regulated third-party service providers. This data is shared via secure APIs and only with the consumer’s consent.
2. What is the point of open banking?
The main goal of open banking is to improve financial services for consumers. Open banking creates an opportunity for companies to bring innovations to financial services and create a consumer-focused system while ensuring the highest security standards.
3. Can open banking be secure?
Open banking is secure. Only licensed and regulated open banking providers can communicate with banks via secure application programming interfaces (APIs). No third-party service providers can access consumer financial information without their consent.