Open Banking: an Open Goal for Security?

Open Banking ultimately refers to the underlying financial technology, born alongside a new regulation – the second ‘Payment Services Directive’ (PSD2) – which came into force on January 13th of last year. This new regulation will see the banks’ previous monopoly on their customer’s account information and payment services being challenged; 3rd party organisations are now competing with banks for access to customer data. PSD2 is the successor to the first Payment Services Directive (PSD1) that came into force in 2009 and which facilitated the provision of uniform payment services across the EU. PSD2 sets out to (in addition) provide consumers with better security to take advantage of using third-party providers (TPP’s) and their services which ultimately integrate directly with an individual’s bank account.

A white smartphone with tangled earphones,a credit card from Deutsche Bank,a notebook,and a pen arranged on a dark surface.

Probably the main concern surrounding banking was how very closed their environments were. Now that legislation is forcing them to open them, or at the very least expose an API, they have had to make huge changes to their architecture because of this completely different approach. Whilst traditionally ‘disconnected’ from the internet, they were able to do pretty much anything, they could skip all of the traditional security measures that you take when you’re on public networks or in the cloud. Now with an open environment, the banks, at the very least, need to protect the API with stringent security measures. And customers will also want to know that their data is kept securely as the banks open up their infrastructure to the public.

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

Reputation, compliance and relationships with key partners are key factors when doing business in this landscape. TPPs have to have professional indemnity insurance to cover liability in the case of a security breach or unauthorised transaction. Liability and security are major issues in earning the trust of consumers and their payment providers. One dodgy outfit and the whole sector could end up being tarred with the same brush.

PSD2

A cornerstone of PSD2 is the abolition of the monopoly that banks have over accessing their customers’ account data. This will allow consumers (or businesses) to unlock their data and obtain a wide range of value-added services. It will strengthen the position of financial start-ups, and should invite widespread development and innovation in key areas such as online and mobile payments and account information services. Consumers will need to be really careful when it comes to sharing data. They will only be protected by their bank (if something goes wrong) if they share their data with an authorised company, and these authorised third parties will be regulated by the Financial Conduct Authority (FCA) and will appear on the FCA’s Register, and/or the Open Banking Directory.

Banks are now obliged to grant these TPPs access to their customers’ accounts through open interfaces. This in turn will allow TPPs to build financial services on top of banks’ data and infrastructure. Consumers will benefit from things such as easier online payments (without the need for a credit or debit card) and money management services that better help consumers keep on top of their finances.. Whilst the competitive landscape will undergo massive change, consumers face relying on new institutions, instead of the traditional banks to keep their sensitive financial data safe. This will require a different security mindset as companies investigate and implement new security measures.

Banks have traditionally been victims of a style of attack that is able to alter transactions while they’re happening in the browser and steal user’s credentials without them knowing. With the introduction of open banking, data will become increasingly vulnerable to attack as it passes through an open interface; this could happen on any customer’s device, for example, a mobile phone. In the process of ‘opening up’ the access to customer data, TPPs suddenly become very attractive targets to attack by cybercriminals.

Many high-profile companies, including banking institutions, have been attacked and users are rightly more concerned than ever with privacy. Even with the rising amount of attacks on mobile devices and applications, financial institutions and other organisations are still not taking proactive steps to protect the user’s apps on their devices. We hope to see open banking also provide the opportunity for developers and the like to work hard to provide robust protection against hacking and phishing attacks in the light of the new landscape.

Application shielding will continue to play a major role in protecting mobile applications. It does this by detecting and mitigating any tampering with a mobile app to prevent any damage. Open banking could see a rise in overlay attacks, phishing attacks, and mobile app threats, perhaps even more dangerous versions. It is estimated that users are three times more likely to fall for phishing attacks via mobile devices than they are other channels! In order to meet PSD2 compliance, which is due before the end of the year, financial organizations need to investigate new solutions to block these threats. Remember, preventing this type of fraud is key for financial organisations if they want to avoid costly reputational and brand damage.

Conclusion

It is still early days for TPPs in the UK but the way is paved for significant change in the way we understand payment services. Many firms are currently exploring opportunities that are being presented and others will be looking to come up with the next big idea. However, now that open banking is a reality, consumers need to be able to trust those charged with looking after their assets and feel confident when carrying out banking transactions online. Don’t let it be an open goal for cybercriminals!

If you have any questions about how to effectively protect your web applications, or how to optimize your cloud performance and reduce costs, contact us today to help you out with your performance and security needs.

Latest Articles

Complying with AWS’s RI/SP Policy Update: Save More, Stress Less

Shared Reserved Instances (RIs) and Savings Plans (SPs) have been a common workaround for reducing EC2 costs, but their value has always been limited. On average, these shared pools deliver only 25% savings on On-Demand costs—far below the 60% savings achievable with automated reservation tools. For IT and DevOps teams, the trade-offs include added complexity, […]

Itay Tal Head of Cloud Services
5th December, 2024
The Future of Cybersecurity: Shlomo Kramer’s Bold Predictions for the SASE Era

What does the next decade of cybersecurity hold? Few can answer that better than Shlomo Kramer—co-founder of Check Point and Imperva, and founder & CEO of Cato Networks. In a candid conversation on the CloudNext podcast, Shlomo shared bold predictions and actionable strategies for navigating the challenges and opportunities ahead. From the rise of SASE […]

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots
4th December, 2024
Three Ways CISOs Can Combat Emerging Threats in 2025

73% of CISOs fear a material cyberattack in the next 12 months, with over three-quarters convinced AI is advancing too quickly for existing methods to combat it. But what can CISOs do to prepare for the coming wave – and access the resources they need to deal with this evolving threat landscape? To find out, […]

11th November, 2024
How Optimizing Kafka Can Save Costs of the Whole System

Kafka is no longer exclusively the domain of high-velocity Big Data use cases. Today, it is utilized on by workloads and companies of all sizes, supporting asynchronous communication between even small groups of microservices.  But this expanded usage has led to problems with cost creep that threaten many companies’ bottom lines. And due to the […]

Itay Tal Head of Cloud Services
29th September, 2024

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser

    CTO

    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni

    CIO

    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services