Open banking myths debunked: mistakes and misconceptions
Last editedMay 2023 5 min read
As with every new technology, lack of information, familiarity, and trust lead to the creation of different narratives about its usability. Open banking is no different, and in this article we’ll take a close look at all the myths and inaccuracies surrounding it, debunking them one by one.
Misunderstanding of the word “open”
All myths start with lack or misinterpretation of information. The term “open banking” does not mean “we’re open, come in and get what you want”. It refers to a set of rules put forward by the Competition and Markets Authority (CMA) and the European Commission in 2018, including the revised Payment Services Directive (PSD2).
These reforms aimed to give consumers more control on how they view and interact with their financial information. Their purpose was to allow third-party developers, FinTech companies, and apps to connect to bank accounts via a centralised platform that could analyse the data and do things like:
recommend a new product, like a credit card
Suggest the opening of a savings account to help put money on the side
Categorise spendings to know what, when, and where money is spent
set budget filters to regulate spendings
Let’s take a deeper dive into some of the most common mistakes and misconceptions about open banking.
1. Open banking is a risk to customer data security
In Europe, open banking follows the revised Payment Services Directive (PSD2), drafted with consumers’ data security as one of the top priorities and concerns. The new directive instructed banks to develop their own application programming interfaces (APIs), making sure third-party providers would have facilitated, safe, and reliable access to customers' account information.
With that in mind, there are several security measures in place that assure customer data safety.
The most important, and directly visible to the customer, is known as Strong Customer Authentication (SCA), and adds an extra layer of security to previously used methods, such as using one time codes via SMS.
Essentially, SCA relies on the collection of two pieces of information that only the user has access to, such as:
Something they own (e.g., smartphone)
Something they know (e.g., PIN code)
Something they are (e.g., fingerprint)
The introduction of PSD2 regulated APIs also made it possible to get rid of the dangerous use of screen scraping methods, used as a standard during the early days of open banking. This legacy method endangers customer private data, since it requires third-party providers to impersonate the user on the bank online platform, and store their credentials.
Customer data can be shared without consent
The million-dollar question is whether third-party providers and apps can just look at accounts, balance, and information whenever they feel like it — without consent.
The answer is no, nobody can do anything without explicit consumer consent. You don't have to share your data if you don't want to.
Each provider will ask for consent before accessing your information, so it’s wise to always read documents, pop-ups, and emails that have to do with your finances very carefully. If and when you agree, they send a request to your bank, which will in turn share your details. If you change your mind, you can revert this action whenever you desire.
To be compliant with the current regulations, TPPs need to clearly indicate which information users are required to share. Anything that is not relevant to a particular use case will not be available to the provider, requiring new consent to access additional information.
Who can I share my data with?
While we have already debunked the myth, we’ll take it a step further and give you even more insight regarding open banking security. Who can you share your data with? What if you receive an email asking for access? How will you know that this isn’t a phishing scam or an attempt to steal your data?
These third parties need to be regulated and authorised by the Financial Conduct Authority (FCA) or another European regulator. They will also appear on the FCA's Register, the Open Banking Directory or on the complete list of 30 authorities that regulate the issuance of open banking licences in Europe we have prepared.
It was only natural that people would have second thoughts about sharing their data, and that’s why safety is one of the main pillars this technology was built on. More specifically, all providers have to comply with GDPR regulation and data protection rules.
The provider should break down exactly which data they will use, the duration they will be using it for, and how will they use it before you agree to give them access.
You’ve been sharing your data with third parties for years
The idea of sharing your data may sound intimidating when you hear it in a financial context, as this is a very private and confidential area of our lives. The actual concept of sharing data to encourage innovation has been around for quite some time, and you’ve been part of it without probably realising it.
If you have ever used Facebook, Uber, LinkedIn, or Citymapper, you have consented to share your personal data.
A recent study by cloud storage provider pCloud found that 52% of all apps share your data with third parties. The stats in this study are jaw dropping, and it just goes to show that we don’t really pay attention to what we agree to when we download and sign up to an app.
The emergence of open banking has shed some light on the issue of data sharing and our role in this entire process. Sharing data is a choice, and none of these apps do it without our consent — or, in most cases, negligence.
2. Funds can be easily compromised
With the rise of open banking, users voiced concerns regarding the security around their personal details, which could compromise their funds. By following all regulations and security measures, open banking regulated services are as secure as your bank.
Sensitive information, such as passwords and account numbers, are encrypted to avoid potential access from external malicious parties (like hackers, etc.). This provides a thick security layer, ensuring bad actors will never have easy access to data or funds.
In case of fraud, the customer won’t be able to get the money back
In open banking, there are several security protocols that are implemented to reduce the potential of fraud to a minimum.
If an issue like fraud arises, financial services providers are also insured to protect their customers (and their funds). Your bank is responsible for settling these problems, guaranteeing you get your money back.
3. Open banking is the beginning of the end of traditional banking
Open banking shouldn’t be seen as a “traditional bank killer”, but rather as the perfect tool to help banks adopt new technologies and improve their services.
Although open banking has significantly changed the banking industry, creating greater competition for banks, it also opens many doors — allowing them to improve their offerings.
Through open banking, banks can improve their products and services, giving users new ways to use their accounts. New technology, alongside competition, breeds innovation, which ensures customers’ needs are met to the highest level.
4. Open banking doesn’t simplify banking processes for users
Even though the open banking framework might be a complex environment for the average user, the way its final form presents itself greatly improves all the banking experience.
Users no longer need to provide card details or login credentials to proceed with online payments. This, along with the fact that payments are made directly between the payee and payers bank:
Drastically reduces the processing times
Reduces fees
Increases security levels
On the account information (AIS) side of open banking, allowing users to display all their accounts in one single place, greatly simplifies the personal finance management of all their assets.
5. Open banking being disruptive is a bad thing
Open banking APIs are a disruptive change for banks, but that doesn’t mean it’s a bad thing. Until now, banks had exclusive access to customers' financial information, keeping it safe and closed off from the outside world.
On the other hand, this was a very limited situation where customers couldn’t do anything else with their own data. Open banking allows third parties to create new products and services that maximise the potential of financial data, while making sure it is safe.