Opportunities in Open Banking – HID Global interview

How do you see consumer expectations and financial regulations evolving?

Today’s digital natives are inundated with cool apps that let them not only move their money but select any number of banking services. To stay ahead, financial institutions need to focus not only on providing value-added services but also need on delivering a seamless/frictionless user experience. In a recent survey, financial institutions stated that the most important thing to them and their customers were a user-friendly application and the assurance that financial data is protected. An important element that surfaced on several occasions in their answers is that it isn’t enough to have secure systems, it is important that their consumers feel secure. Perception of security being key here. With challenger banks, apps are quickly downloaded, opened, and once the necessary documentation is scanned, the bank account is opened; this contrasts significantly with some legacy banks. When surveyed, only 11% of banks have fully automated onboarding solutions, 14% of them still say ‘we’re going to refer you to a human’, and, 24% of banks still take a week to complete the opening of a new bank account. Although shocking, in a market striving to deliver the ultimate user experience this is real.

What are the opportunities in Open Banking, beyond regulation?

Open Banking has further enabled the fintech industry; it enables and supports competition, and promotes the idea that the best app wins. Open Banking is disruptive to all banks, especially legacy banks. Why would you open an old legacy banking app when a neobank has an app that lets you see and analyse all your accounts? When a bank can do this, they can also effectively use this data to highlight things such as better interest rates, cheaper insurance, etc. 15% of banks are prioritising in-app ‘Data sharing for personalised services’. Open Banking is not just about technology and APIs. It is about speed, interconnectivity, and security. Standardising protocols helps us to protect our assets but while we see alignment at a regional level, this is not the case globally. The differences across markets are big  and the customer needs are different, even if the foundational concept of Open Banking is the same.

How are traditional institutions seizing the opportunities created by Open Banking?

In the UK, the large legacy banks were the first to adopt Open Banking, under CMA-9. Neobanks followed suit, coming to market, proactively working with fintechs, and delivering agile internet-only banking solutions. Through Open Banking and by partnering with fintechs, legacy banks can launch new solutions more efficiently and secure their market position by delivering best-in-class service. They can build highly secure digital-only banks to attract the younger generations while servicing their traditional customers.

The UK and Europe lead the way in Open Banking regulations with PSD2. In the UK, the CMA increased competition through Open Banking but this only applied to the nine largest banks. In the EU, it was PSD2 that promoted innovation and transparency through Open Banking while working to enhance consumer protection. The US doesn’t have Open Banking regulatory directives, there we see more industry-led initiatives wherebanks have started collaborating independently under the FDX seeking common technical standards facilitating interoperability. Contrary to Canada where interest for Open Banking is strong  and where conversations center around delivering greater opportunities to customers before the end of 2022.

APAC’s digital ecosystems and its consumers’ willingness towards data sharing make it a leader in Open Banking. The MAS revolutionised data sharing standards across the entire region. In 2022, Hong Kong and Australia will seek to complete Open Banking phased launches. In China, tech companies like AliPay and WeChat utilised their market presence to develop easily accessible payment ecosystems. This suits the market and allows banked and unbanked consumers to transact digitally. Next, the focus will remain on privacy and consensual sharing of information, security, delivering the best customer experience possible, customer adoption and retention, standards and interoperability across the region, and innovation.

How can financial institutions ensure balance between cybersecurity and user experience?

Banks can mix exceptional user experience with an appropriate level of security by implementing security at all layers and, when in doubt, question the authority to transact or the nature of the transaction itself by using adaptive authentication. The use of secure elements on mobile devices to approve authentication and transactions is becoming more accepted both by banks and the consumers alike. 34% of banks are working to remove the friction associated with multi-factor authentication by enabling biometrics on their mobile banking applications and a quarter of banks are prioritising the implementation of adaptive authentication solutions that can recognise threats in real-time and take appropriate actions. 21% of surveyed banks  are already using a form of behavioural analysis to confirm the identity of their customers.

The most security-sensitive part of digital customer onboarding is the issuance of the initial credential to the customer (the boostrapping) following the KYC. This doesn’t have to be the case when you combine digital identity verification with the same banking application and your strong customer authentication (SCA) along with adaptive authentication and behavioural analysis. A new-to-bank customer downloads the mobile application, scan their government-issued ID, and provide supplementary information. Their account is opened and they can then interact with the bank. What happens under the covers is the technology enforcing the banks’ security policy and we can then step the customer’s level of authentication up where needed.

It’s important to address the top two priorities for consumers of digital banking services: a ‘user-friendly interface’ and the ‘Perception of Security’ while addressing the security, compliance, and risk considerations of the banks themselves.

This interview was originally published inside the Open Banking Report 2021. To download the report, please click here.

About Paul Jones

Paul is the Senior Director of Strategy and Product Delivery for the IAM Consumer Authentication business unit at HID Global. He has over 25 years of IT security industry experience supporting banks, government institutions, and enterprise customers around the world successfully implementing identity assurance, secure authentication, and digital signature programmes.

About HID Global

HID Global facilitates trust in a digital world by enabling secure and seamless customer interactions by providing world-class SaaS ecosystem to orchestrate customer identification, authentication, and risk management.