The main goal of the second payment services directive, or PSD2, is to make payments within Europe more secure. This guide will detail whether that has been the case, and what you need to know about the safety of open banking.
Is it safe to use open banking?
The short answer is that open banking is very safe. Providers of open banking use application programming interfaces, or APIs. APIs are a proven secure technology used throughout the digital economy. They promote a safe connection between third party providers of open banking and customers’ bank accounts.
The dangers of screen scraping
Some financial service companies have used screen scraping. Screen scraping is a way of accessing financial data. A consumer gives the service provider their online banking login details, allowing the company to log into the customer account to “scrape” the data. The practice of screen scraping has been banned in some countries, and is considered to be out of date.
Screen scraping and open banking are not the same. Though the end result may appear similar from a user perspective, the infrastructure and mechanisms involved are quite different.
In screen scraping, the login credentials and password must be shared with a third-party provider. If a person no longer wants this information shared with the third party, the only option is to change the login details or close the account.
With open banking, a consumer does not always need to share their login information with a third party. kevin. doesn’t use the outdated practice of screen scraping, making sure that the consumer’s personal data is never compromised.
Bank authorisations for card payments prior to PSD2 could mean that the information was able to be stored, and could then be used maliciously. For example, there could be a second payment initiated without the consumer having any knowledge about it, or the transaction amount could be changed.
In open banking, these risks are either covered by technology (for example, getting a notification in your banking app with a transfer amount) or the risk is covered by the regulations of the bank. In the case of any fraud, the bank should compensate for the loss.
How is open banking data protected?
Data is protected in open banking in many ways. First and foremost, it puts greater control in the hands of the consumer.
Furthermore, the open banking application programming interface (API) endpoints used have been built by the banks. They’ve been through extensive testing by the banks, as well as authorised third parties.
Since control is in the hands of the consumer, the individual is the only person who can decide to allow a third party to connect with their bank. This is also beneficial to banks, as it can reassure potential customers that they can be trusted and thereby allow the bank to gain more customers. It shows in the numbers, too – over half of consumers want greater control over their finances, and open banking presents the opportunity to give it to them.
How kevin. protects data
kevin. boasts robust security, adhering to GDPR and PSD2. That means a secure online or in-store payment platform for merchants and individuals to use seamlessly and without worry.
Each of these compliances means greater safety for the consumer. In the case of GDPR, there are stringent requirements about the collection, processing and retention of personal information. It includes the right to data portability, the right to withdraw consent, and the right to erasure.
Under PSD2, third-party providers like kevin. must be fully licensed as a payment services provider, or PSP.
With SCA, all payments can only go through if a two-factor authentication is completed correctly. Some transactions, however, are exempt from SCA. These include low-risk transactions, low-value transactions, recurring transactions and when trusted beneficiaries are the receiver of funds.
kevin. has robust security measures, which results in a secure online payment platform that businesses can use with the utmost confidence.
Tips for safer open banking
When using open banking, there are steps customers can take to ensure their safety. For example, the EU has its own regulatory body governing open banking, as may individual countries. Any third-party provider should be compliant with the regulations in the region or country in which the provider operates.
Businesses should be knowledgeable in how any third-party provider in open banking works. When watching a demo of a provider, you’ll be able to see how the account linking process works. You should see an option that gives clear consent to link your account and enable open banking.
In some cases, the customer may be redirected to your bank website, logging in with your information there. Other times, the customer receives a separate authorisation notification request and can then authorise a payment on a different device or platform.
It is important to note that it is up to each bank to ensure security. If money is stolen, it must be returned to the customer by the bank.
What are the security risks of open banking?
There are security risks involved in open banking, but it is widely considered to be as safe as internet banking. The risks involved in open banking, then, are similar as they would be for internet banking, such as phishing. When users choose a trusted payment services provider like kevin., phishing isn’t possible, or is far more complicated than it would be with internet banking. A main goal of PSD2 was to make the security level of open banking the same as traditional bank operations.
When using a card, there are risks that do not apply to open banking. For example, card data can be stolen. When an item is purchased with stolen card details, chargebacks are a risk to merchants. In some cases, the losses can be accounted to the merchant. With open banking APIs, they are new and regulated. PSD2 requires that it is not possible to steal credentials that could later be used for subsequent payments.
How can kevin. help?
Finding a payment initiation service provider that has a high level of transparency about the processes in place, along with the proper security checks, is essential to the safe use of open banking.
kevin. is disrupting the payments industry, giving an alternative to merchants who don’t want to give up their profits to cover card processing fees. That’s where open banking comes in. Plus, security is a top priority at kevin., so you never have to worry about having a safe payment infrastructure. With our advanced features and tokens, sensitive data is always protected.
Learn more about the advantages of kevin. by getting in touch with us!