‘Open banking’ raises cybersecurity fears
Canadian banks worried about personal data amid threat of cyberattacks
As banks work to fortify their cybersecurity defences amid a growing number of data breaches, they are also exploring the promise of so-called “open banking,” a concept that could finally disrupt the staid financial services industry.
Customers have increasingly moved away from physical branches toward online and mobile apps, but banking has yet to reach its “Uberization” moment, one that breaks down traditional models to usher in new innovations, as Uber has done for the taxi industry.
Open banking — granting thirdparties like financial technology startups access to bank data to develop innovative apps — could be such a “game changer,” according to Toronto Dominion Bank’s chief information officer, Jeff Henderson.
All but one of 100 payment executives at major banks globally said they were planning major investments in open banking by 2020, according to an online survey by consulting firm Accenture released last month.
But even as Canadian financial institutions toy with the idea, they’re concerned about the looming risk to consumers’ personal information amid the growing threat of cyberattacks.
The Accenture survey also showed that 50 per cent of respondents said that implementing the emerging concept increases risk.
“There’s no question this is a trend,” TD’s Henderson said. “(But) I want to make sure that any time we exchange information externally, that is done so in a very controlled and understood manner.”
In these early days, the exact nature of the innovation in the open banking landscape is unclear, said Bob Vokes, managing director of financial services at Accenture in Canada.
“What we’re trying to do in open banking is to create new sets of services off of the banking data, or alternatively, allow you to manipulate your banking information in a different way,” he said.
Open banking allows consumers to share their banking data, which proponents say will spur the creation of new apps and platforms that will make financial transactions easier or develop new use cases.
For example, a consumer could log into one app and see all their financial accounts, from various banks, to get a full picture of their net worth and move funds in real time. Or, geolocation data could be layered over payment data, allowing a consumer to analyze exactly where their money is being spent, while also allowing merchants to offer them location-based rewards.
The buzz around open banking is building just as concerns about cybersecurity mount.
Most recently, Uber announced earlier this month that hackers compromised some 57 million user accounts and Equifax Inc. disclosed in September a cyberattack that compromised the personal information of half of Americans and some 19,000 Canadians.
It also comes as the Bank of Canada once again listed cyber threats as a key vulnerability for the Canadian financial system in its semi-annual review released Tuesday.
“The high degree of financial and operational interconnectedness among financial institutions means that a successful cyber attack against a single institution or a key service provider could spread more widely within the financial system.”
Meanwhile, various jurisdictions are pushing ahead with legislation that would see financial institutions become even more interconnected.
By January 2018, banks in Europe will be required to share proprietary data, in a regulated and secure way, under the U.K.’s Open Banking Standard and Europe’s PSD2 legislations.
The Competition Bureau said in a report on fintech earlier this month that it is early days “but the potential impact on competition and innovation is promising.”
The Ministry of Finance said in August it is “examining the merits of open banking.”
“Open banking holds the potential to make it easier for consumers to interact with financial service providers and increase competition,” the ministry said in a consultation paper as part of a review of the federal Bank Act.