With the rise of “open banking”, application-based security becomes a concern

An iPhone is used to make an Apple Pay purchase at the Post Office on July 14, 2015 in London. (Photo by Peter Macdiarmid/Getty Images)

More and more financial institutions are often leaning towards an “open banking” experience where customers use apps to transact through their bank.

While useful, relying on apps can open the door to new streams of potential financial fraud. Apple’s entry into open banking not only lends more weight and importance to this approach, but it predicts the possibility of a more secure digital banking experience.

“Apple certainly sees the potential for open banking with its recent acquisition of UK-based Credit Kudos, which many people refer to as an ‘open banking’ company,” said Gary McAlum, principal analyst at TAG Cyber. “They could potentially move into payments technology, financial tools like budget alerts, and products like buy now, pay later (BNPL).”

With the open banking movement, Apple is looking to potentially leverage account-to-account payments in Apple Pay, allowing UK users to pay directly from their spending or checking accounts.

Elan Amir, CEO of MeasureOne, a consumer-authorized data exchange platform, said it’s “always unclear what Apple’s plans are, but being a ‘gated garden’ is not. not contradict the use of public APIs such as open banking”. Most Apple apps already use external APIs, and open banking is no different in that regard,” Amir said.

“If Apple actually wants to enter the world of open banking, they will have to modify their security model to accommodate it,” McAlum said. “While they limit the third parties they work with, flexibility will be important to make relationships work. Financial privacy and the security of consumer finances are primary concerns for anyone involved in the open banking environment.

European security standards raise the bar for digital financial services

Entering the open API banking world also means engaging in a more global digital financial services environment, which may also cause financial companies to rethink their security and compliance stance.

McAlum said: “We can see how Europe is raising the safety bar through increased regulation and we expect a similar approach in the US.”

For example, McAlum said that in the UK, financial regulators and government bodies have created standards that all third-party providers, including fintech companies, must follow if they want to be part of the environment. open bank.

Also in the UK, access to open banking APIs is only possible for apps if they go through an independent audit and prove that their systems and security controls comply with Financial Conduct Authority standards. They must do this regularly after the initial audit to maintain authorization.

In addition, open banking regulations, such as the European PSD2, and local and regional protection laws such as the GDPR, “create a level playing field for all and impose a high level of security [so] API security will be the centerpiece of the open banking security model and Apple will undoubtedly have to adapt to some extent,” McAlum added.

Unsurprisingly, when it comes to open banking, online retail Goliath Amazon also has its own game.

“In a sense, Amazon is building a bank for itself by taking core components of modern banking (deposits, credit cards, loans, insurance) and adapting them for Amazon merchants and customers,” according to a report. of 2021 from CB Insights.