Open Banking's Promise and Perils

By Vikas Vyas, Senior Business Analyst

Open Banking, a vision set into motion in 2015 by the PSD2 (Revised Payment Service Directive), aimed at reshaping the European financial landscape to foster a more secure, innovative, and competitive payments market. This transformative approach not only streamlines services but also elevates consumer protection. 

Echoing this initiative, New Zealand's financial sector, spearheaded by Payments NZ, embarked on a similar journey in 2017, laying the foundations for a unified payment interface inspired by the UK's Open Banking model. In March 2019 Payment NZ released the first common payment-related API standards, signifying a leap towards transparent and user-centric financial services.

Yet, as the financial terrain becomes increasingly digitized, it also becomes a fertile ground for fraudsters, requiring even more stringent security measures. This is emphasised by the introduction of PSD3 by the European Commission in June 2023, reinforcing the defensive wall against cybercrime. 

‍

The intricate web of APIs at the heart of Open Banking not only streamlines transactions but also multiplies the points of vulnerability, amplifying the risk of breaches and illicit access to sensitive financial data by multiple parties.

In the age of AI, we look forward to endless potential—a duality where sophisticated technology serves as both a guardian and a potential gateway for fraud. Financial institutions and tech innovators harness AI to stop criminal acts, while miscreants seek to exploit the very same technology to undermine the system.

As we delve into this article, we will explore the following queries:

1. Does Open Banking inadvertently heighten risks?
2. In what ways we can fortify our defence against fraud?
3. How can AI help in inherent risks of Open Banking?
4. How fraud detection service by third party works in Open Banking?

Join me to unpack this complex interplay of innovation and security in this new era of banking.

Does Open Banking inadvertently heighten risks?

Impact of Transaction Volumes: Open Banking is synonymous with rapid and user-friendly services, propelling consumer convenience to new heights. Yet, as digital management of finances becomes more prevalent, there's a surge in transaction volumes, which are projected to hit US$11.55tn by 2024. Open Banking market size will grow from $24.67 billion in 2023 to $31.01 billion in 2024 at a compound annual growth rate (CAGR) of 25.7%, whereas it is expected to $75.4 billion in 2028 at CAGR of 24.9%. This exponential growth could strain the capacity of banks and financial institutions to conduct thorough fraud profiling, given the vast number of transactions processed by varied entities.

Source: Open Banking Global Market Report 2024

Accountability in Fraud Incidents: The ability of third-party companies to access customer financial data via Open Banking's APIs is a double-edged sword. It streamlines interactions between customers and financial providers but also raises questions of liability in data breaches. Pinpointing responsibility becomes complex when fraud is as opaque as digital shadows, potentially imposing significant liabilities on third-party applications and financial institutions alike.

Enterprise-wide Fraud Capabilities: Open Banking's data aggregation, often into a singular user interface by third-party apps, opens a Pandora's box for cybercriminals. It grants them an overarching view of a customer's complete financial landscape. Such visibility into sensitive data not only makes specific accounts more vulnerable to targeted attacks but also enables fraudsters to orchestrate sophisticated schemes spanning across various accounts and identities.

In what ways we can fortify our defence against fraud?

In the dynamic world and progression toward Open Banking, prioritizing customer trust and security is non-negotiable. This calls for a defence mechanism highlighting strategic imperatives, including independent regulatory oversight, robust encryption, and the integration of cutting-edge technology, all within regulatory guardrails, to ensure fair play and fortify the digital financial landscape.

1. Independent Regulatory Oversight: Establish an independent governing body tasked with formulating and enforcing robust frameworks for seamless competitive payments, data protection, and privacy. These frameworks should be meticulously designed to align with the core objectives of open banking and become a mandatory regulatory requirement.
2. Implement Robust Encryption: Adopt strong encryption for data at rest and in transit as a core component of your security strategy.
3. Deploy Advanced Monitoring Tools: Use real-time anomaly detection systems to identify and react to suspicious activities swiftly.
4. Conduct Regular Security Checks: Perform consistent security assessments and stay connected with the global security community for shared intelligence on emerging threats.
5. Educate Consumers: Proactively educate consumers on safe Open Banking practices and the importance of data security.
6. Form Strategic Partnerships: Engage only with third-party providers who demonstrate high security standards and are committed to maintaining the integrity of the Open Banking ecosystem.
7. Embrace Technological Advancements: Integrate cutting-edge technologies like AI for predictive analytics, while exploring the potential of blockchain for enhancing API security and transaction integrity.

How can AI help in inherent risks of Open Banking?

AI's role in mitigating the inherent risks of Open Banking is poised to be transformative for financial services. By leveraging the rich data landscape that Open Banking provides, AI and machine learning algorithms can significantly enhance analysis and decision-making processes, tailoring services to individual customer needs. 

A global market survey indicates that a majority of financial institutions are already integrating AI to boost efficiency and fortify fraud detection. This investment in AI underscores the industry's commitment to customer security.

For example, JPMorgan Chase, a leader in financial innovation, has embraced AI to bolster transaction security. By integrating deep learning models into their monitoring systems, they have sharpened the detection of fraudulent patterns, reduced false positives and enhanced the speed and accuracy of fraud identification. 

Similarly, Mastercard has developed a proprietary AI model to assist banks in detecting fraud, investing substantially in cybersecurity technologies. Mastercard invested more than $7 billion in cybersecurity and AI technologies in the last few years.

Visa has also recognised the potential of AI, supporting AI startups through significant venture funding. Visa has made investments of its own into AI, including a $100 million venture fund for generative AI startups.

Revolut has also launched an AI-powered anti-scam feature to protect customers from falling victim to authorized push payment fraud. Since launch, Revolut has observed a 30% reduction in the fraud losses resulting from card scams where money has been sent for investment opportunities.

Source: Revolut launches AI-based scam detection feature

Source: AI in Banking Use cases

Source: Investments in AI

The strategic investment in AI by these financial giants is a testament to the technology's potential to safeguard the Open Banking ecosystem, ensuring customer trust and security in an increasingly digital world.

How fraud detection service by third party works in Open Banking?

Conclusion

The merger of AI with Open Banking is about to change the way we manage our money, making it easier and safer for everyone. Open banking serves as a prime example of how legislative action can accelerate technological adoption, to the benefit of both consumers and the industry. It sets the stage for a more collaborative environment, where traditional banks and fintech companies can coexist and even complement each other.  

With the help of future tech like quantum computing and blockchain, we're looking at a world where our financial data is more secure, and we can analyze large amounts of information quickly and accurately in a regulated framework.  

However, as we move forward, we must stay alert. The smarter our systems become, the more sophisticated fraudsters and criminals get. It's a reminder that as we embrace these exciting changes, we also need to keep our guard up against the evolving challenges of fraud and cybercrime.