Imagine a world in which individuals and businesses are able to not only access the data that financial services companies hold about them, but securely share it with third parties to obtain more competitive products and services.
The good news is, there’s no need to dream. In Australia, open banking will be up and running and local businesses and consumers are set to reap the benefits. Later this year, the country’s big four banks – CBA, NAB, ANZ and Westpac – will need to provide account holders with access to data about their deposit, transaction accounts, and credit and debit cards, and at the customer’s direction, they must also share that data with an authorised third party.
Roll-out of the open banking regime has been preceded by a federal government review into open banking in 2017 and the passing of legislation to mandate the practice in August 2019. As part of that process, Australia’s newly introduced Consumer Data Right makes it clear that the ownership of customer data sits squarely with the customer to whom it pertains, not the institution which collected it.
Realising the benefits of increased data access
The unlocking of product, customer, account and transaction data will benefit Australian customers in a number of ways. Applying for a new credit facility is likely to become a much more straightforward affair than it was historically. Rather than having to jump through hoops to demonstrate creditworthiness, businesses and individuals will be able to authorise and share electronic access to their history with a past or current lender.
Data will also be able to be shared with third-party applications, such as personal budgeting applications and cloud accounting software solutions. Xero, the market leading local accounting vendor, and NAB already have a successful arrangement of this nature in place and the benefits for their mutual customers have been significant. They include seamless creation and approval of business payments, instant notification of remittances and faster access to unsecured finance.
Other use cases are likely to emerge, as more financial institutions enter the Australian open banking movement.
Open banking abroad
Australia is not the only country to embrace open banking. Other nations around the world, including the UK, Japan, Hong Kong and New Zealand, have implemented standards, initiatives and regulations to encourage and compel financial institutions to exchange data amongst themselves, and with authorised third parties. Modus operandi differ but the underlying motivation is similar – the transfer of data ownership, and the power it creates, from organisations to the customers they serve.
Cyber security technology to underpin safe information sharing
Securing the exchange of individuals’ and businesses’ financial data is critical to the success of open banking in Australia. Understandably, it’s been a primary concern for all stakeholders, particularly given the sector’s longstanding reputation for running stable and secure core systems and maintaining rigorous cyber security regimes.
Compliance with local and international privacy standards has also become a top priority following the introduction of tougher regulations by the Office of Australian Information Commissioner in 2018, which govern the way data breaches are handled.
Application programming interfaces (APIs) are integral to the open banking model – they enable developers to build authorised applications and services around existing financial institutions.
APIs have also been a long-time target for hackers and cyber-criminals, because of the lack of testing at the API layer and the valuable data a vulnerable API interface can expose.
As the stakes increase – and in the financial services world, they’re already sky-high – APIs are likely to become even more attractive to unscrupulous and opportunistic adversaries. So much so that high tech research house Gartner has predicted that, by 2022, API abuses will be the most common cause of data breaches in enterprise web applications.
Foundational technologies for identity and access management, including authentication, authorisation, secure identity data storage, consent management and API security, are needed to create an impervious architecture that can support current and future open banking needs.
If such technologies are not leveraged, realising the full potential of the open banking model, whilst maintaining the Australian public’s confidence, will be a tough ask.
Mark Perry, Asia Pacific chief technology officer, Ping Identity