Securing The Future Of Open Finance

The world of finance has changed dramatically over the past few years. From consumer relationships with banks to the software financial institutions (FIs) are deploying to create a seamless experience for customers, those operating within the banking industry have had to adapt accordingly. With this adoption offers new opportunities, but also new challenges. 

The correlation between advancing technology and cyber security concerns is not new. In recent years, vulnerabilities have often been exploited as quickly as new technologies are rolled out, and while FIs are far wiser to the risks than they once were, there is still more that can be done. 

A key example of this is the continued rise of Open Banking on a global scale. Through Open Banking initiatives, Fintechs can utilise relevant consumer data, direct from banks and non-bank financial institutions, through Application Programming Interfaces (APIs) to build improved customer offerings. In turn Open Banking offers customers the opportunity to access these enhanced services across many different institutions and service providers, thus creating hyper personalisation and an improved user experience. While Open Banking has the potential to revolutionise the financial industry, recent research from Curity shows that concerns such as data sharing are prevalent amongst financial institutions, in part due to the introduction of several data protection regulations. 

Common Concerns & How To Address Them 

While 71% of businesses plan to adopt Open Banking in the next 18 months, the same number have concerns around security issues and the largest concern these businesses have on a global scale is related to outdated systems.  Businesses need reliable systems in place in order to manage the data sharing process, to introduce new applications and services that require a robust technology support system.

Without these systems businesses risk falling behind their more advanced counterparts and will lose customers who can find better experiences elsewhere. 

To the benefit of many businesses, Open Banking is built on data protection regulation on a global scale and requires financial-grade security protocols to be in place. OAuth 2.0 and OpenID Connect, while considered complex, support businesses in offering robust security frameworks that deliver Open Banking at no cost of safety to customers.

By implementing financial-grade security, businesses can gain peace of mind that the systems they are building are appropriate for their consumer audience. 

OAuth 2.0 is a crucial authorisation framework specifically designed for API security. It allows unrelated servers to authorise access without sharing the original log-on credential, and without giving third-parties full, permanent access. It offers businesses the flexibility to add additional layers on top of its framework, such as OpenID Connect. 

OpenID Connect is built as an identity layer that sits on top of the OAuth 2.0 protocol. It is the leading industry standard for cross-domain single sign-on and identity, and is known for its ease of use for web, mobile and script users who wish to request and receive information about authenticated sessions and end-users. By using JSON Web Tokens, and sitting atop of OAuth 2.0, it is considered API-ready, and feeds vital information back to businesses by showing who is logging on, and how regularly. Its main benefit is that it is “oven-ready” meaning businesses aren’t faced with surprises or additional add-ons due to the standardised set-up, instead operating as a standard protocol on how to authenticate log-in attempts, and how these results are presented. 

Paying Attention To Financial-Grade Security Is Key

Other concerns businesses have when it comes to Open Banking are around managing external third-party data providers and legacy systems. We know that ignoring these concerns and not effectively deploying the appropriate technology to manage them can have catastrophic consequences, in particular, increasing the risk of data breaches.                     

Businesses must ensure they are paying attention to financial-grade security, as well as regulatory requirements in order to maintain customer relationships and build their business acumen.  In doing so, this should give businesses peace of mind about their handling of customer data.

This will also provide organisations with the tools necessary to manage the Open Banking adoption and implementation, thus improving their offering to customers and addressing a key business concern. 

Jacob Ideskog is CTO at Curity

You Might Also Read: 

Identity Access Management  Essentials:

 

« Many Cyber Security Experts Don’t Understand The Systems They Are Trying To Secure
Why Companies Need A Next-Gen Approach To Business Continuity »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ComSec LLC

ComSec LLC

ComSec perform threat assessments to identify vulnerabilities and help protect businesses against corporate espionage via electronic eavesdropping.

Prewen

Prewen

Prewen provide solutions to protect sensitive data across the organisation.

Masergy Communications

Masergy Communications

Masergy delivers hybrid networking, managed security and cloud communication solutions to enterprises around the globe.

CISPA Helmholtz Center for Information Security

CISPA Helmholtz Center for Information Security

The CISPA Helmholtz Center for Information Security is a German national Big Science Institution within the Helmholtz Association. Our research encompasses all aspects of Information Security.

Ubiq Security

Ubiq Security

Ubiq has developed a software solution that secures any type of data, on any device, anywhere, with nearly no impact to system performance or user experience.

Quorum Cyber

Quorum Cyber

Quorum Cyber offer end-to-end cyber security solutions, specialising in Managed Security Services, Consulting and Resourcing.

Meiya Pico Information Co

Meiya Pico Information Co

Meiya Pico is the leading digital forensics and information security products and service provider in China.

TitanHQ

TitanHQ

TitanHQ offers ultimate protection from internet based threats and powerful Web filtering functionalities to SMBs, Service Providers and Education sectors around the World.

Zighra

Zighra

Zighra is a leading provider of On-Device AI solutions for continuous authentication and fraud detection on mobile and web applications.

Innovent Recycling

Innovent Recycling

Innovent Recycling provides a secure IT recycling & data destruction service to all types of organizations across the UK.

Eclypsium

Eclypsium

Eclypsium protects organizations from the foundation of their computing infrastructure upward, controlling the risk and stopping threats inside firmware of laptops, servers, and networks.

Internet Crime Complaint Center (IC3)

Internet Crime Complaint Center (IC3)

The Internet Crime Complaint Center provide the public with a reporting mechanism to submit information to the FBI concerning suspected Internet-facilitated criminal activity.

National Academy of Cyber Security (NACS)

National Academy of Cyber Security (NACS)

National Academy of Cyber Security provides Professional Training Courses and Programmes in Cyber Security.

Cyber CNS

Cyber CNS

CyberCNS is a Vulnerability Management Solution that is purpose built for MSPs and MSSPs.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Nextgen Group

Nextgen Group

Nextgen Group is a pioneering technology services group with innovative and unique services across enterprise software, cloud, data management, and cybersecurity solutions.