Blog article
See all stories »

Banking data – who owns it?

Banks have long been the custodians of our financial assets – our money, credentials, and our data – and the heart of our society. However, as digitisation has developed, so has the realisation of the importance of data’s value in enabling new services; from the latest Netflix suggestions based on our viewing history or emails on the latest trends from brands due to previous purchasing. The role data plays now is in providing that convenient and personal service we all want in this digital-first world.

As brands realised the value data could bring, so did lawmakers. More than anyone, banks hold the keys to the kingdom when it comes to our activities, from where and what we’re buying, to how often and how much. As a result, lawmakers updated the Payment Services Directive (PSD2) pushing banks to create APIs that are shared with officially approved third parties. It means customers can then give brands their bank credentials to simplify payments or access new services. The UK start-up Funding Options is a great example. It matches businesses with lenders, and, by using bank APIs to scrutinise accounts, it can help customers avoid filling out forms and sharing sensitive identity documents. This reduces lengthy processes to just a few minutes.

Banks under threat

Sharing data though can naturally increase its risk from a security point of view, so it’s easy to see why banks might be nervous. After all, they are most likely to come under fire from customers should a data breach occur, even if it is ultimately a third party’s fault.

It isn’t just from a security point of view that banks are feeling the pressure either. Many are concerned at whether small start-ups or established brands such as Amazon and Facebook can steal their customers. Fortunately for the banks, they still hold the sway over newcomers.

A recent Payments and Open Banking survey found customers are reluctant to share personal data. While banks are out in front with 17% of European respondents saying they trust traditional banks and card providers to exchange their personal information, it falls sharply for payment service providers (9%), internet giants (7%) and online banks and fintechs (3%).

So, with banks in a prime position to take advantage of this continued digital revolution, what steps should they take to cement that position?

The data aggregators

The first thing banks should look to do is innovate. France's Crédit Agricole opened its APIs as early as 2012 and launched its own CAStore to unveil applications and services created on top of them. Spain's BBVA opened its APIs in 2013. Banks should be looking to hire developers to build innovative new services using their own customers' account information.

Another option for banks to become the aggregators themselves. In Germany, challenger bank Fidor has already made this move. It offers customers access to a number of products from multiple providers inside its portal. It’s initial baby steps from an industry that has so much potential but has yet to deliver the more transformative innovation that many people expected when APIs were opened up. However, for this to ultimately happen, users will have to overcome trust issues.

Security to the fore

In order to enable this to happen, the banking industry must work to convince users that sharing their data is not just advantageous, but secure too. Fortunately, PSD2 doesn’t just promote open banking but also security through strong customer authentication and it will continue to apply in post-Brexit UK.

However, the legislation hasn't yet precisely defined what strong consumer authentication is. The good news is that the security industry is already developing secure digital banking solutions that go way beyond two factors. Risk management services, for example, analyse thousands of attributes from the device and the user, such as geo-location, behavioural biometrics, device profiling, device assessment and IP address. Crucially, it provides the trust to make the authentication process not just strong, but also fast and friction-free.

So, even as we try and get back to normal, the digital-first world we find ourselves in is not going to slow down. Banks can be at the heart of it, be it as innovators or aggregators, but only if they seize the opportunity now and do it securely. Instead of looking over their shoulders at the new upcoming players for potential threats, they could be the ones to lead the way. Just as they have done for decades.



Comments: (0)

Howard Berg

Howard Berg

Senior V President,North and Central Europe, BPS

Gemalto DIS

Member since

18 Nov 2009



Blog posts




This post is from a series of posts in the group:

Data sharing

Trust is the essential oil needed to make data flow in today’s transactional era. However, privacy and security concerns mean that many people and organisations are increasingly unwilling to share their data. We believe that data sovereignty forms the cornerstone of digital trust. Making data sovereignty a key design principle will stimulate data sharing as the basis for enabling everyone – not just the big tech giants, but also all other businesses, organisations and especially citizens.

See all

Now hiring