News & Insight

Open banking is on the horizon - but will it end up making your business vulnerable to fraud?

Oliver Jones

New regulations which force banks to share customer data with third parties are set to become law.

New regulations which force banks to share customer data with third parties are set to become law in January next year.

But security experts have warned the ‘open banking’ revolution could put banking customers at risk from phishing scams, fraud and identity theft.

New pro-competition legislation

The legislation, known as PSD2 (the Second Payment Services Directive), is hailed by price comparison sites and the like, for breaking the banks’ ‘monopoly’ on user data, allowing them to figure out whether or not you’re getting the best deal for you or your business.

But it also means your data is going to be shared with multiple companies, including price comparison sites, Amazon, payment providers, start-ups and lenders. This creates many more access points for hackers and cyber-criminals to attempt to snare you in a scam, or steal your identity.

Many banks have already sent out letters warning customers of the change, with updated terms and conditions – though most consumers are unlikely to read these (studies show that three quarters of us don’t even look at T&Cs, and pretty much none of us read them).

**Is there anything I can do?

The change isn’t automatic, so you won’t be signed onto open banking without your consent, and you won’t experience any service interruptions if you choose not to sign up. That said, most customers are likely to simply sign up once the benefits are advertised and some assurances given.

Your data will only be shared with third parties under FCA (Financial Conduct Authority) jurisdiction, but it is going to be less safe than with a bank, as smaller firms will be less able to protect your information from hackers, who will be seeking fresh markets once the legislation goes through.

**Former MI6 officer offers warning

Stuart Poole-Robb’s a former MI6 intelligence officer and CEO of Knightsbridge Company Services (KCS), a strategic intelligence and risk management consultancy in London, which opened a cyber crime division in 2009.   In his opinion, open banking means more cyber risks for banking customers. In a press release, he warns us:

“Because open banking means more data shared, this problem is going to get worse. It creates more points of failure. Either the bank is hacked and your data is compromised – or you approve it being passed to a new start-up, which is hacked and your data is compromised.

Banks and financial technology firms cannot protect you against something they do not know about. It is all very well having firewalls and encryption against known threats, but all organisations are susceptible to social engineering and unwittingly giving attackers footholds.”