Open Banking
Open banking: Designed with security at the center
Digital financial experiences are becoming central to our lives. In a recent Mastercard poll, eight in 10 U.S. consumers reported using technology for financial tasks like paying bills, sending money to friends, checking or improving credit scores or applying for loans.
These are not mere conveniences, but tools that meaningfully impact people’s lives, providing them with more choice in financial services and more opportunities than ever before. Many of these innovations are made possible by open banking — technology that allows consumers and small businesses to permission their financial accounts’ data to the financial apps and services they want to use.
As digital payments continue to increase exponentially, so will the flow of financial data between parties. The massive increase in digital financial experiences is underway, according to Mastercard’s Rise of Open Banking report, 93% of US consumers currently using technology to manage their money. Security is more important than ever and, to ensure privacy, consumers want transparency and more control.
Mastercard improves security through open banking by driving new technology innovation while meeting governmental regulations and helping to establish industry standards.
Trusted financial data aggregation platforms, such as Mastercard’s open banking, facilitate secure access to consumers’ permissioned data via traditional connections and APIs. However, there are additional technological and regulatory measures at work that add more layers of protection to consumers and small businesses alike.
Here are some of the ways open banking keeps your customers’ financial data secure:
Tokenized Access
The industry is rapidly moving toward “tokenized” access. Also known as “Open Authorization” or “oAuth” connections, “tokenized” access involves providing an open banking platform with a “token” that is used as an access key rather than account credentials to access consumer-permissioned financial data.
Regulatory Movement
Across the globe, government regulations of consumer technology have emerged to protect people’s data from leaks, fraud or loss. For example, in the U.K. and Europe payment service providers must register with the Financial Conduct Authority to provide certain open banking services. Only registered providers can access consumer bank accounts, and they require explicit consent from consumers.
Meanwhile, new technological advances are accompanying Open Banking regulations to further protect consumers and provide clear boundaries for innovators. For instance, a crucial component of Europe’s PSD2 regulation is Strong Customer Authentication (SCA), a tool that guarantees user ID verification. As a stronger form of multi-factor authentication, SCA requires that customers share something they know (i.e. password or PIN), something they own (their mobile phone’s unique identity) and a biometric (facial profile or fingerprint). SCA will not authorize a payment without two of these three factors.
There are also regulations being worked on in other regions.
Industry-Driven Technology Standards
Establishing common industry standards around security will also help open banking to more clearly define access and sharing of financial data. In North America, a cross-section of banks, fintechs and financial services groups have come together to form Financial Data Exchange (FDX), a nonprofit aligned around a single data-sharing standard entitled FDX API. As an interoperable and royalty-free standard, the FDX API could accelerate the adoption of open banking API frameworks.
FDX adheres to five key principles for data sharing – control, access, transparency, traceability and security. Taken together, these five principles prescribe how consumers can be empowered and protected via data sharing by giving them a better view into what is happening with their data, who is accessing their data and what consumers are getting from their data.
Data Access
To protect the security of customers’ data, Mastercard, through its wholly owned subsidiary, Finicity, takes additional steps. In the United States, Mastercard has direct bilateral agreements for data access with most of the largest financial institutions. Our open banking platform is guided by our data responsibility principles.
When choosing an open banking platform for your fintech innovation needs, security is an important consideration.Our focus on building trust, stewarding data and driving choice have and will continue to drive how Mastercard looks to the future.
To learn more about open banking and how security is at the center of its design, download our whitepaper.