Last editedMay 20233 min read
Open banking is safe. In fact, it may even be safer than traditional banking methods. Open banking relies on secure data-sharing practices, such as using APIs and encryption, to ensure that customer data is protected. These practices are often more advanced and secure than the security measures used in traditional banking.
Additionally, open banking regulations require that third-party providers undergo strict security assessments and adhere to strict data protection standards. This means that any provider offering open banking services must meet high-security standards to ensure that customer data is protected.
First and foremost, what is open banking?
Before examining whether open banking is safe and secure, it’s worth defining exactly what open banking is.
Open banking refers to services and customer data being freely exchanged between banks, and other financial organisations such as third-party payment providers, with the express permission of the customer.
How third-party providers take advantage of open banking
Verified Mandates and Instant Bank Pay – which GoCardless currently offers in the UK and Germany – are examples of the kind of innovation which open banking has made possible. In both cases, processes which would once have taken a frustrating amount of time to be completed can now be done instantly.
Verified Mandates is a tool for verifying the ownership of an account – i.e. for ensuring that the account details a customer provides for payment actually belong to them.
Instant Bank Pay, on the other hand, offers an alternative to card payments which is cheaper for merchants to operate with the same speed of payment confirmation, completed in a friction-free shopping experience the modern consumer demands.
How safe is open banking?
The technology which enables open banking to operate is the application programming interfaces (APIs) of the banks themselves. These can be accessed by third-party payment providers and then used to either verify the information contained within the accounts or move payments between accounts.
The fact that the API endpoints which open banking technology make use of were designed and built by the banks themselves offers a huge degree of assurance when it comes to the question of safety. The same technology was created in order to facilitate online banking, which emerged in 1996 when Wells Fargo became the first bank to offer online access to accounts.
In the years since then banks have invested hundreds of millions in ensuring the security of online banking, and this investment, know-how, and experience has now been applied to the technology underpinning open banking.
Open banking is also safer than screen scraping, a legacy data collection methodology that required the sharing of passwords and user credentials to access customer financial data.
How open banking is kept safe
Security is one of the most important aspects of open banking. Not only is it critical at the API management level, but banks also take extra precautionary steps to vet end-users to ensure that the data remains in safe hands.
This security is based upon the fact that despite the term ‘open banking’, the actual data in question — i.e. the details of the bank account — still belong to the holder of the bank account. Any connection between the bank account and a regulated third party – such as a third-party payment provider – has to be authorised by the account holder.
Features like Strong Customer Authentication (SCA) and Consent Management are essential. Consented access gives control to bank customers and ensures no data is accessed without their knowledge.
Luckily, for financial products and service providers, it's not as easy as just asking for a customer's online banking credentials. Third-party financial service providers are obligated to demonstrate necessary data security procedures for banks to even be able to exchange data with them in the first place.
The businesses which are able to make use of open banking are all highly regulated and governed by strict rules and stringent standards to keep your data secure.
Any of the organisations which are allowed to use open banking are listed on the FCA’s Open Banking directory. This means companies In order to be listed in this way — and to therefore have the FCA seal of approval — the organisation in question needs to work through an extremely strict assessment process. All security standards, systems, and processes will be tested to ensure that the correct protections are in place and that they are every bit as effective as those used by the banks themselves.
Once an organisation has been authorised in this manner, it will be subject to regular security checks and auditing to make sure that they maintain the rigorous standards expected. Knowing all of this makes it fairly plain that open banking is safe in the UK, and that working with GoCardless as your payment platform will enable you to take advantage of everything which open banking has to offer.
In general, all providers must comply with data protection rules. The provider is responsible for telling customers how the data will be used, for how long, and what they will do with it — all before customers give their consent.
This means that open banking APIs provide transparency and control to customers regarding their financial information, enabling them to better understand their data and how it is shared. Within regulated open banking infrastructure, customer data is guaranteed to be secure.
We can help
GoCardless is a global payments solution that helps you automate payment collection, cutting down on the amount of financial admin your team needs to deal with. Find out how GoCardless can help you with a one-off or recurring payments.