Under the open banking framework, customer data will be made readily available, allowing them to more easily shift between financial providers and compare different service offerings. There are also plans to make such data portability a requirement in other areas such as energy and telecommunications.
However, while the consumer benefits of these changes are evident, there remain questions around accountability and liability if personal data or digital identities are stolen or compromised. This has resulted in some in the technology industry posing the question of whether more accessibility equals to more vulnerability.
From next year, the task of defining, securing and deploying digital identities will be a key issue for many organisations. They need to balance customer demands for access to services with protecting those same customers’ identities and data from harm.
No trust = no business
With regular media coverage of large-scale data breaches around the world, consumers are at last becoming more aware of the issue. Many are demanding that the companies they interact with have in place sufficient security measures to protect them and their data.
When you consider online customer experiences, it’s clear that cyber security and digital identity management will become clear market differentiators for many companies. While consumers will always want the slickest, most gratifying brand experience, increasing numbers also now expect safety and security.
Organisations that cannot demonstrate they can be trusted when it comes to security will miss out on business as consumers won’t hesitate to shift their allegiance to those that can. Here, identity and access management will play a key role, allowing customers to prove their authority to access services while preventing malicious actors from doing the same thing.
Security is key
In essence, the drive behind open banking – and more broadly open business – is to increase competition and innovation, thereby unleashing greater economic value. The theory is that, once trusted third parties can access the wealth of customer data held by financial institutions, fintech start-ups will offer a greater range of innovative solutions. This, in turn, will increase consumer choice, drive down costs, and open markets to spur economic activity.
The framework that underpins this new model relies heavily on secure application programming interfaces (APIs). These define how two systems should speak to each other when handing over a consumer’s data.
This is where knowing who a customer is at all times, even when they’re currently undertaking a transaction, is essential. There are fears that hackers could impersonate a customer as that customer moves between providers or systems and snatch their digital identity. This is often termed a “man-in-the-middle” or “man-in-the-browser” attack.
Security can be lucrative
While avoiding a damaged reputation is often the reason given for why businesses should handle customer data securely, there is little evidence that consumers actually punish companies that fail them. Interestingly, share valuations are remarkably resilient to news of major data breaches.
Since January last year, Australia has had a Notifiable Data Breach (NDB) scheme operated by the Office of the Australian Information Commissioner. It requires certain businesses to disclose suspected breaches on their networks. And, while the number of breaches reported rose 712 per cent in its first year (albeit off a low base), there’s somewhat surprisingly scant evidence that reporting entities faced serious customer revolt.
Of concern is that 28 per cent of breached companies didn’t know how their customers’ credentials were stolen. Also, in the finance sector, 41 per cent of breaches were attributed to human error.
But just because consumers aren’t yet directly punishing companies that fail when it comes to security, it’s not going to stop rivals from using breaches as an opportunity to win them over. Those that have their identity and access mechanisms under control will be well placed to take commercial advantage when their competitors stumble.
Protecting the keys to the kingdom
When it comes to digital transactions in an online world, the keys to the kingdom are customer identities. They become as important as passports and driver licences in the physical world.
As more businesses change from protecting things such as physical assets to protecting digital identities, they need to consider carefully how this added responsibility is going to be undertaken. They need to be aware of the risks involved and the steps that can be taken to ensure their mitigation.
The time to do this is now. Any delay will risk loss of data, reputation, and customers to a rival.
Ashley Diffey, country manager, ANZ and Japan, Ping Identity