Last editedMay 20222 min read
Before examining whether open banking is secure, it’s worth recapping exactly what open banking is.
In simple terms, open banking refers to services and data being freely exchanged between banks and their customers or organisations such as third party payment providers. As a third party payment provider, GoCardless harnesses the power of open banking to offer solutions such as Verified Mandates and Instant Bank Pay.
Verified Mandates and Instant Bank Pay – which GoCardless currently offers in the UK and Germany – are examples of the kind of innovation which the era of open banking has made possible. In both cases, processes which would once have taken a frustrating amount of time to be completed can now be done instantly. Verified Mandates is a tool for verifying the ownership of an account – i.e. for ensuring that the account details a customer provides for payment actually belong to them. Instant Bank Pay, on the other hand, offers an alternative to card payments which is cheaper for merchants to operate with the same speed of payment confirmation, completed in a friction-free shopping experience the modern consumer demands.
How safe is open banking?
The technology which enables open banking to operate is the application programme interfaces (API) of the banks themselves. These can be accessed by third party payment providers and then used to either verify information contained within the accounts or move payments between accounts. The fact that the API endpoints which open banking technology makes use of were designed and built by the banks themselves offers a huge degree of assurance when it comes to the question of safety. The same technology was created in order to facilitate online banking, which emerged in 1996 when Wells Fargo became the first bank to offer online access to accounts. In the years since then banks have invested hundreds of millions in ensuring the security of online banking, and this investment, know-how and experience has now been applied to the technology underpinning open banking.
This security is based upon the fact that, despite the term ‘open banking’, the actual data in question – i.e. the details of the bank account – still belong to the holder of the bank account. Any connection between the bank account and a regulated third party – such as a third party payment provider – has to be authorised by the account holder.
The businesses which are able to make use of open banking are all highly regulated and governed by the kind of rules which apply to banks themselves. Any of the organisations which are allowed to use open banking are listed on the FCA’s Open Banking directory. In order to be listed in this way – and to therefore have the FCA seal of approval – the organisation in question needs to work through an extremely strict assessment process. All security standards, systems and processes will be tested to ensure that the correct protections are in place, and that they are every bit as effective as those used by the banks themselves. Once an organisation has been authorised in this manner they will be subject to regular security checks and auditing to make sure that they maintain the rigorous standards expected. Knowing all of this makes it fairly plain that open banking is safe in the UK, and that working with GoCardless as your payment platform will enable you to take advantage of everything which secure open banking has to offer.
We can help
GoCardless is a global payments solution that helps you automate payment collection, cutting down on the amount of financial admin your team needs to deal with. Find out how GoCardless can help you with one-off or recurring payments.