The Paypers has been a media partner with Fintech Vortex at The Hague this week and had the opportunity to sit down and talk with Jeroen Starrenburg from Onegini about the security solutions they provide for insurance and online banking businesses.
Your company is focusing on providing security solutions for the online insurance sector. Do you also offer solutions for online banking since the two segments are well linked to each other?
Onegini provides horizontal solutions so any industry can use them. What we do is make apps absolutely secure. We also see banks using our products, creating cost-effective apps, especially Tier 2, Tier 3 and savings banks. We are also interested in ordinary industries like retail and telcos companies that spend a lot of money to create apps for both insurance companies and banks. Certainly, there is a link between insurance and banking products but it depends per country since some deliberately separated the two business segments. If one looks at the insurance sector, a lot of their services are financial products, pensions, life insurances, and a lot of insurance companies have savings banks, so there is a mix between insurance companies and online banks, with a lot of financial products on both ends.
From a data protection perspective, what would be the impact of GDPR on the online banking services?
Nobody knows what the GDPR impact is going to be. It is a strict regulation regarding what companies should do. I think that the main approach towards it will be to wait and see who is going to end up into trouble first and how the problem will be tackled. Interesting about the GDPR is the 4% of the annual revenue penalty in case you fail to avoid security breaches. What I experienced in the past both on the banks and the insurance side is that if companies lost money, for example EUR 50,000, they didn’t have to report this to authorities; now that is changed, they need to report it and if authorities consider they didn’t take care of their business in terms of security they get that fine.
However, it is important to figure out what is the objective of GDPR. Certainly, the objective is to protect your data, which makes the security part of the regulation, but it also talks about the right to be forgotten (to be allowed to say that you don’t want to have your data retained by an online entity), the right to minimize data (to make sure you are not required a lot of information which does not involve the business process itself), the right of portability, which the whole PSD2 is all about.
Therefore, if I switch from one bank to another or want my book keeping system to have access to my data, that should also be facilitated. The whole new cookie law is within GDPR. That is why I consider that the regulation is not just about leaking data, but also about data portability, minimizing data. In this respect, companies will need a solution that could take care of these aspects. Self-paid bill systems mostly focus only on first level of security but they also should address all others concerns like minimizing data or the right to portability because this is also GDPR.
Do you think there could be some conflicting issues regarding data between GDPR and PSD2?
I don’t see a potential conflict between the two regulations. GDPR has as objectives the right of portability. It is important to say that the customer owns the data not the bank; if the customer wants the data to travel from A to be B with his own consent this should happen. I would rather say that PSD2 is a part of GDPR.
GDPR is very high level, so to speak; for example, a company should take care of its organizational and technical levels so that all the data is secure, but it could do this in numerous ways, which all can create a balance between user experience and level of security. If one does a risk analysis, he will learn that there is always a risk left which companies accept and control; GDPR doesn’t accept this risk and, from here on out, there is extra complexity for companies. I noticed that it is not the end user who is the most upset about his privacy, but the regulator.
About Jeroen Starrenburg
Jeroen Starrenburg is CEO and founder of Onegini. He majored into software engineering and artificial intelligence at the University of Amsterdam, and held several positions at companies like Vodafone, Accenture, Microsoft Group. He also founded Innovation District and Vinopedia.
About Onegini
Onegini protects customer personal data and enables secure transactions, using any device any time. The company’s Mobile Security Platform helps organizations deliver mobile apps, with the best end-user experience and high security for external users. The Onegini team consists of security specialists whose job it is to identify new threats in the mobile space and translate them into state-of-the-art mobile app protection. Onegini already protects data for millions of end users in the banking, insurance and transport markets.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now