Understanding Open Banking Security: What Makes it Safe
As a licensed payment institution, we take payment and data security very seriously. In fact, the security protocols we use here in Norway are amongst the most stringent in Europe and we apply those in every market we operate in. We take pride in providing not only a very cost-effective and user-friendly solution, but a very secure one as well.
To help you understand open banking security and the benefits of this new way to pay and use bank accounts, we’ve created this easy-to-understand guide for businesses that want to learn more about open banking security. If you are an end-user, we recommend checking out this article: What makes pay by bank safe.
Here is a quick overview of the security benefits open banking offers:
What makes open banking safe
Open banking is a modern data aggregation infrastructure that operates on top of existing payment rails that streamlines payment and data processes to reduce costs and risk. There are several factors inherent to it that make it a safer system for making payments and sharing data.
- Transactions occur in a closed environment across secure and dedicated open banking APIs provided by the banks
- Utilizes the bank’s own security systems and multifactor identification
- Leverages secure account holder verification and strong customer authentication (SCA) to identify senders and recipients
- Provides real-time anti-money laundering monitoring and know your customer screening (AML/KYC) to ensure ongoing vigilance against fraud
- Follows eIDAS and ISO27001 security standards
- Transaction and user data is encrypted in transit and at rest
- Provides real-time payment status transparency and ‘completed’ payments guarantee
- Enables consumers to safely leverage their bank account data to access better customer experience and tailored financial services.
Solid Security Grounding with PSD2
The electronic payments landscape was redefined by the EU Payment Services Directive 2 (PSD2). This directive is more than just a set of rules; it is a commitment to introduce more consumer protection online and innovative new payment solutions that are safer and more cost effective.
PSD2 introduced open banking and made it possible for licensed payment institutions to offer secure payment initiation and account information services (PIS/AIS) via dedicated open banking APIs eliminating the need to use intermediaries and card payment rails. This makes the transaction simpler and reduces potential points of failure and vulnerabilities.
Secure Customer Authentication (SCA)
One of the key security measures PSD2 introduced is Strong Customer Authentication (SCA) to connect to a bank account to make a payment or share account data. SCA is a type of multi-factor authentication that leverages the banks' own security or national electronic identities (eIDs) systems, such as BankID and MitID in the Nordics, to verify the user and safeguard the transaction against fraud.
In open banking, there are two types of SCAs, one to utilize Account Information Services (AIS) and one to authorize payments made through Payment Initiation Services (PIS). The SCA for AIS is to access a user's account details for making a transaction, such as making a payment, opening an account, or applying for credit. Payment SCA is for authorization of a specific payment and is required every time a user initiates a payment through PSD2.
Current regulations allow the AIS SCA to be saved up to 180 days, and the user can revoke that permission at any time after the initial transaction is completed. Businesses can also request shorter time limits if desired. The timeframe is there for user convenience and the user's authorization is encrypted and tokenized to ensure it is stored safely.
Does SCA make a difference?
The results from the past few years show that SCA has been extremely effective in reducing fraud according to the European Banking Authority (EBA)1.
- Fraud rates are 3x lower with payments that use SCA2
- SCA has an estimated 87% rate of fraud detection3
- SCA is further strengthened when used combined with biometric authentication
Fast and Secure Account-to-Account Payments
Open banking facilitates a secure payment method known as account-to-account payments (A2A). These direct transactions happen near instantly between the senders' and recipients' account (10 seconds or less), reducing the handing, errors transaction time, and costs. The direct API connection with banks enhances efficiency and transparency, allowing real-time payment status updates. Completed transactions are guaranteed, minimizing risks like chargebacks. A2A payments can be used as standalone payment method or integrated with other methods. Many providers are beginning to refer to A2A payments as ‘pay by bank’ which makes it easy for consumers to understand.
Real-time AML/KYC monitoring
Open banking providers are required to provide real-time anti-money laundering monitoring and know your customer screening (AML/KYC) to ensure ongoing vigilance against fraud in the payment system. At Neonomics, we take an ambitious approach to fighting financial crime. We don’t just want to be compliant; we want to be excellent. To do this, we have invested heavily in security and enhanced controls, including AI and machine learning, to monitor transactions and keep your business safe from fraudulent activities.
Account Data Use and User Controls
Open banking allows businesses to securely access account information with the account holder's consent. This can be basic account details for identity verification, for example when making a payment, or more detailed information such as transaction history. In the case of the latter, the provider typically states what data will be retrieved and the purpose.
There are many use cases where secure access to account data can be useful, for example to streamline processes like account opening, loan applications, personal finance management, and tax filing. Real-time account data offers an advantage over credit bureau or registry data, which relies on past tax records. This enables your business to get a more holistic picture of the individual to better tailor the service to their needs.
As with payments, the data is shared via secure open banking APIs is encrypted both in transit and at rest to ensure end-to-end safety. Account owners can choose to allow ongoing data provision for services like money management apps or one-time access for instant credit checks. Access can be revoked by the user at any time after the intended transaction.
Beyond a Payment Method: The Power of Open Banking
Open banking is far more than just another payment method. It is a powerful tool that offers secure, streamlined access to account-to-account payments and financial data, enabling your company to reduce processing time, risk, and cost. It also empowers consumers to make secure payments quickly and easily directly from your app or website and provides a safe way for them to share their financial data to facilitate opening accounts, applying for credit, and accessing more tailored services.
Could your business benefit from open banking?
Let's Talk!
Learn more:
- Less Friction for Open Banking Payments
- You’re in for smooth ride with Biometric login
- A2A is on the rise in the Nordics
--
Footnotes:
1 The EU takes stock of whether PSD2 is a success, Raconteur
2 Global Fraud and Payments Report 2023, Cybersource/Visa
3 Global Fraud Trends, Fraud & Payments Survey 2023, Ravelin
