The alternative, current financial aggregator systems are far less secure. They rely on “screen scraping” – a monolithic information-gathering practice that grabs far more user financial data from your accounts than is needed for any particular activity and then stores it, along with your account credentials, i.e., user names and passwords.
This process initially was used as a convenience for financial institutions so they didn’t have to reenter data. But the treasure trove of information that’s swept into those databases makes them ripe for exploitation, theft, and other fraudulent activities.
In contrast, open banking through APIs provides direct access to only the payment and financial account data needed for each task and without accessing the accounts via formal credentials.
Still, open banking security is important. That’s why we need a solid regulatory structure around it to ensure the systems utilize and integrate only approved trustworthy APIs and that the data they’re entrusted with is well-protected. Consumers must be able to maintain ultimate control of, and rights to, their data.
Most observers agree that it’s high time the Consumer Financial Protection Bureau, responsible for consumer financial data matters, gets more active in these matters to provide these assurances. Consumers want open banking. Banks and financial institutions want to offer it.
Open Banking is Over There
As this PWC analysis lays out, the UK has made the most headway with open banking, and banks there are required to cooperate with approved Third-Party Providers. The banking industry there began exploring the concept of open banking in 2016, taking a strong consumer service expansion approach.
The EU was working in this area at the same time, focusing on standards for consumer convenience and security to provide a framework for member nations to adopt in their own open banking policies.
But What About Here?
By contrast, open banking in the U.S. is still industry-driven, happening in the vacuum of government guidance as noted above. Many banks are working with core providers like FIS, Fiserv, and JHA that have already developed and continue to maintain the necessary, secure API-based infrastructure. Alternatively, banks have the opportunity to incorporate their own API tools on top of that core.
Additionally, industry groups are developing protocols for API security performance. Individual banks are working with core providers and fintechs to implement agreements on APIs and data usage. Millions of Americans are benefitting from these early adoptions of open banking
But public and institutional acceptance in the U.S. will lag behind much of the rest of the world unless a strong regulatory infrastructure is put in place that provides both consumer and institutional confidence to engage.
- Outlawing data scraping as a means to access personal financial data.
- Requiring fintechs and other participants to be authorized to engage in open banking services only after they demonstrate appropriate privacy, security, and liability protection.
- Prohibiting the use of customer data in ways not authorized by the customer.
This seems like a reasonable framework, and I believe we’ll see a similar regulatory structure emerge in the U.S. within a few years – after all, nothing happens quickly in Washington!
Within a decade, the average U.S. citizen will have a far more effective way to utilize their own financial data for personal financial planning, payments management, subscription management, personal loan activity, and to access a wider variety of financial products.