Open banking is playing a pivotal role in creating and delivering new revenue-generating services that today’s customers demand. As part of open banking initiatives, financial institutions (FIs) globally are increasingly making application programming interfaces (APIs) available to a growing number of Fintechs and other third-party technology providers, such as account information service providers(AISPs)and payment initiation service providers (PISPs).
While there is momentum behind open banking, it does come with concerns. A report published by EY found that 48% of consumers cite data and cybersecurity as key concerns around open banking.
FIs must rethink their data privacy and security strategies along with their open banking initiatives to secure their businesses, safeguard their relationships with customers, and protect consumer privacy. Here are the top five proactive measures FIs can take to strengthen and accelerate their open banking initiatives.
Proactive threat detection
Proactive threat detection includes threat hunting and detecting in advance, as well as identifying the possibility of risks that can be introduced in the presence of existing or potential vulnerabilities in today’s dynamic digital environment. FIs need a holistic vulnerability management strategy (keeping people, process, and technology in mind), continuous scanning measures to identify real-time or potential vulnerabilities, and the ability to address them in near real-time.
Proactive threat detection extends to the risk associated with employees, accounting for human errors that can lead to malicious vectors creeping into the system. This demands FIs to rethink their integrated access management (IAM)systems. Moreover, stringent measures such as implementing strong customer authentication (SCA) via multifactor authentication (MFA), applying risk-based MFA across the whole infrastructure, and facilitating minimal role-based access, can help FIs further secure their businesses.
The success of open banking hinges on open APIs, and with open APIs come more security concerns. It’s imperative to secure open APIs because it can lead to leakage of even those hidden data points that were not accessible before. Therefore, it’s essential to have a security solution that can assess every open API in realtime and verify its security throughout the lifecycle in a quick and scalable manner.
Advanced authentication and authorization system
Today’s customers need the assurance that they alone are in control of their data. FI scan secures its customers’ trust by adding another layer of security with the help of MFAs. An authentication system built with artificial intelligence (AI) along with human intelligence can also help address the problem of managing multiple passwords.
In addition, technology solutions, such as biometrics tokens (OTP), can be helpful. It can help banks ensure enhanced security and provide better customer experience, with more efficient processes and workflows.
Eliminate the compulsion between security and ease tradeoff
Encryption is the first step to ensure data protection at all times. With proper audit trails, based on regulations and risk management standards, data sharing in FIs should only be permission-based or risk-based. Through identity and authorization validation, Know-Your-Customer (KYC) capabilities, and fraud detection techniques, FIs can improve on their security while seamlessly carrying out their operations
While API management, security, and integration are the heroes of open API implementations, their speed and compatibility with banks’ infrastructure are critical to a successful implementation. With risk-based and permission-based security implementations, banks can simplify the processes for their customers and exercise more control over security. In addition, it will help banks streamline their security architecture and make it more efficient as well as customer-centric.
It is crucial that every player in the FI ecosystem plays by the same rule and adopts a shared standard, which can be trusted by all. An industry-wide proactive defence approach based on the evaluation of FIs (including banks, Fintechs, regulators, and government agencies), security controls, and collated threat intelligence data can help in building regulatory compliance tools that not only help them provide security but also let them focus on innovation.
The collaborative intelligence, gained from shared information across FIs and automated threat responses, can help protect their businesses as well as customers by outpacing the potential attacks, thereby leading to a more secure ecosystem.
NextGen adaptability towards an open world
While the ability to predict customers’ future behaviour can help FIs improve customer experience, it can also enable them to anticipate unusual or suspicious activities.
AI-and-ML led solutions can help banks capture these behavioural patterns of their customers as well as assess and control their third-party providers (TPPs) behaviour. Real-time payments require real-time verification. Hence, capability in advanced analytics, AI, and ML learning tools can help FIs to detect cyber-crime and fraudulent activities. No surprise that FIs are embracing nextgen technologies faster than ever.
Additionally, such solutions will provide banks with an opportunity to become more adaptive towards any upcoming changes. For instance, regulations can be captured and processed through natural language processing (NLP) and be implemented to gain a significant competitive advantage.
When it comes to fraud and system breaches, ML can help detect abnormal behaviours. Starting with a random subset of data, the machine learns to detect fraudulent behaviour, identify the fraud and eventually, predict and prevent the threats.
Open banking presents a tremendous opportunity for both FIs and consumers. To capitalize on it, FIs must preserve the trust of the consumer and protect sensitive personal data.
Views expressed in this article are the personal opinion of Amit Bhute SVP & Global Head, Banking Practice, Virtusa Corporation and Shaik Ahmed, Senior Director Cyber Security, Virtusa Corporation.