Fintechs and neobanks benefit greatly from the API ecosystem. But there are also open banking fraud risks involved…
On paper, open banking APIs are a win-win proposition.
By allowing customers’ financial and personal information to be shared, you drastically improve the user experience. You avoid redundant KYC checks and speed up access to financial services.
Fintechs, especially challenger banks and neobanks who deliver value for the on-demand generation, have built entire business models on a frictionless experience.
The reality, however, is that adoption from the consumer side hasn’t been without its obstacles. Allowing your financial data to be passed around is counterintuitive and certainly perceived as risky.
This is not an unwarranted concern. Every month, a new data breach proves that companies can barely be trusted with user information.
But another challenge people fail to mention is that open banking APIs can also carry risk with them.
Let’s see how that may impact Risk Operations at your organisation.
Open Banking: The Story So Far
While the UK has taken the lead in open banking initiatives, other countries are following suit.
The Payment Services Directive (PSD2) and General Data Protection Regulation (GDPR), are driving Europe towards an open banking standard. The US, LatAm and Asia are also toying with their own versions.
According to Payper’s Open Banking Report, 87% of all analysed countries surveyed said they had open banking initiatives in readiness.
What Are the Benefits of Open Banking?
Open Banking is a user-centric process. It allows customers to access a wider range of financial products and services that are tailored to their needs, by breaking up the monopoly of banks.
What Will Open Banking Allow?
More of what’s already happening now. From the consumer side, you’ll reduce the need for KYC checks each time you purchase a financial product (mortgage, loan, credit card etc..). You will also gain access to more products and services.
For fintechs, it will be easier to target customers who would have otherwise been tethered to a bank’s financial services. Banks and traditional financial institutions will be able to partner with agile startups that can provide more interesting features to their pre-existing customers.
Examples of Open Banking Applications
Open banking enables a variety of product and services related to:
Identity networks and hubs connect retail and banking by proving people’s identity. In short, they leverage Know Your Customer and Customer Due Diligence processes that banks already performed to demonstrate that the user’s identity is valid. Third-party services also aim to decouple KYC from financial information, so that ID data is kept secure elsewhere.
A growing number of services offer bank account aggregators, that let customers control all their accounts from one app dashboard only.
From mortgages to loans and even overdrafts, there is no shortage of new apps that take advantage of open banking APIs to offer tailored products to customers.
The Risks of Open Banking
Sadly, open banking risk may sometimes overshadow its benefits. The technology may also put organisations at risk. This is due to several factors.
Larger Ecosystem = More Risk
An open banking ecosystem may include various players such as data providers, third-party providers, customers, regulators and government agencies. That’s a lot of potential points of failure for data security, and fraudsters are adept at targeting the weakest link in a chain.
Account Takeovers Bring Higher Rewards
As we know, accessing banking information is the holy grail for fraudsters. And they are adept at mining every account they infiltrate for personal information as well as currency, reward points, or crypto.
In the context of ATO fraud, the problem of linked accounts via open banking is evident: losing control of one account could mean losing much more for customers. Their ID documents or card numbers could end up on the dark web, where they will fuel synthetic ID creation and fraudulent transactions.
One Bad Apple Spoils the Lot
If all these services are connected by one technology (the API), you’re essentially at the mercy of the initial KYC check. What happens when fraudsters have successfully bypassed it? You have an infiltrator who can open neobank accounts, apply for loans, take out a mortgage, and essentially scam every partner involved.
The problem is exacerbated when it comes to AML compliance. If one money launderer manages to enter through the front door for one fraudulent transaction, who gets blamed by the government bodies? That is to say: who will pay the massive financial crime fines that inevitably result from failing to meet AML requirements?
Single Point of Attack
Even if banks’ security is watertight, what happens when every interconnected service offers the same single point of attack? Security and data protection hygiene are increasingly important in the API economy. Open banking fraud would give hackers and fraudsters a potentially higher reward.
Information and security asymmetry
Last but not least, there is something to be said for the false sense of security that open banking APIs may create. It’s not unlike a digital version of the bystander effect, where organisations are less likely to verify data when they trust it comes from a reliable source.
This is something fraudsters may exploit to their advantage. Once again, the weakest link in the chain of the open banking system may be targeted with the bare minimum of personal information to pass a KYC check. If you fail to double down on the verification, you are likely to open a backdoor into your platform for criminals.
Don’t Lose Customer Trust Because of Open Banking
Open banking is a response to customer demand for more choice and a better, frictionless user experience. By sharing data via APIs, fintechs, third-party service providers, neobanks and challenger banks can offer personalised products.
The key, however, is that customers need to have trust in these organisations and in the security of their data ecosystems. And there is no surer way to lose trust than to allow one bad agent into your ecosystem, especially if they can then exploit the whole lot with one attack only.
We believe that open banking risk and open banking fraud can only be reduced if every organisation takes risk management and risk assessment and fraud detection into their own hands.
See a live demo of our product
Bence is the co-founder and COO of SEON whose vision is to create a safer online environment for merchants in high risk verticals.