Open Banking and good security practices

The consolidation of Open Banking worldwide has streamlined banking operations, making life easier for financial institutions and customers. 

Still, it must be admitted: the sharing of consumer banking data between companies - a process that is at the heart of this technology - causes skepticism. Now, the question is: is open banking secure? The answer is “Yes”. What is needed is to ensure time for adaptation and, more importantly, to comply with some specific rules. Let's get to know them. 

The customer authorizes

The migration or sharing of data between banks or other financial institutions must be previously authorized by customers. Furthermore, consumers decide which entities can access this banking information. 

‍Dedicated regulation

In parallel with customer consent for the transfer of any data, Open Banking is a duly regulated activity. In fact, through the creation of the so-called Payment Services Directives (PSD 1 and 2), the European Union has regulated the use of this technology. Orlando Costa, the CEO of nBanks, complements this data: to enrich the existing “strong layer of regulation”, he explains, “there are good practices such as two-factor authentication, or the renewal of credentials every 90 days. And the API (Application Programming Interface) component itself follows strong encryption and security procedures”.

In practice, the following happens: on the one hand, institutions that integrate Open Banking activities are subject to authenticity and security requirements; on the other hand, these entities will have to develop APIs (the software that enables the exchange of banking data) also duly regulated according to the requirements of the European Central Bank. Compliance with GDPR (General Data Protection Regulation) standards also reinforces this need for security. 

Orlando Costa adds that the banks themselves “must ensure that what is required by the European Directive is complied with, making it possible for Fintechs and Banks, at a competitive but also cooperative level, to innovate and provide services that truly create value for each customer”. 

To reinforce the basis of these pillars, the behavior of bank customers also counts. On the consumer side, there is, in fact, a set of good practices to adopt:

• Always validate the authenticity of the companies with whom we interact - banks or other institutions;

• Always maintain contact with these entities through official channels (websites and applications, especially), avoiding email and chats;

• Before authorizing data sharing, ensure that the purpose of that sharing is fully understood and ensure that the cancellation of the service is possible when desired;

• Be extremely suspicious of attractive promotions or instant benefits;

• Never click on hyperlinks, especially when sent via SMS or social media.

Security behaviors, strictly speaking, begin in more mundane applications, such as Facebook - and other social networks -, or Email. As the CEO of nBanks states, with an open banking solution, “the customer is much safer than in many other scenarios where they browse the internet without any precautionary measures”. 

At nBanks, we maintain very close contact with customers to clarify all doubts and ensure the necessary security. This is the maxim that applies to both business customers and accountants. Try it for free.