The reality of Open Banking Security

Published Date: 12 July 2024

Open Banking is not only safe and secure but also faster and more efficient than regular online banking methods. However, many people are still concerned over the security of Open Banking.

According to I-Finity’s 2024 survey, more than 1 in 3 people would be unhappy giving their personal details to an Open Banking platform.

What is Open Banking?

Open Banking is a system that allows third-party financial service providers to securely access authorised bank data using APIs (Application Programming Interfaces).

It enables customers to share their financial information securely and accurately with other financial applications and services, such as budgeting apps or accounting platforms.

The system aims to increase competition and choice in the financial services industry, improve accuracy, and ultimately benefit consumers by providing them with more control over their financial data.

Open Banking Statistics

Value of Open Banking transactions worldwide reached $57 billion in 2023[1]
The number of Open Banking API calls will increase to 580 billion in 2027[2]
Open Banking surpassed 11 million payments in July 2023[3]
The average transaction value of Open Banking payments is around £450[4]
11% of British consumers are active users of Open Banking[5]
17% of small businesses use Open Banking[6]
Financial decision-making, payments and borrowing account for 75% of all propositions[7]
Europe makes up 49%of all Open Banking users[8]
Large businesses saved 150 hours a year by using Open Banking platforms[9]

Open Banking survey: our findings

I‑Finity surveyed 200 people who have used or are currently using third-party banking apps to discover the public’s views on Open Banking security.

Open Banking Security Survey Info Graphic

The results showed:

46% of people were aware of Open Banking.
Only 1 in 10 felt it was not secure, with 23% feeling it was. 67% were unsure.
36% of people would be unhappy to give their personal data to an Open Banking app or platform.
47% were unsure of whether they would give personal data, with just 18% certain they would be happy doing so.
Bank details being stolen was the biggest concern around Open Banking with 20% choosing this option.
18% were worried an Open Banking site might be a scam or phishing site.
12% worried that their personal details would be stolen
3% were concerned that they would be unable to pay

While the survey highlights some reluctance from the public to adopt Open Banking, it also suggests that education around the topic would be beneficial.

How secure is Open Banking?

Like most new technologies – especially ones that involve personal data and money – there has been some scepticism around Open Banking’s security. But this is unfounded.

Russ Huntington, CTO of I-Finity, said: “The reality is that Open Banking is very secure. In fact, it’s more secure than traditional banking.”

Open Banking technology was designed and built by the banks themselves to facilitate online banking. Banks invested heavily in the security of these systems – which is now being applied to Open Banking.

What sort of security is used with Open Banking?

Open Banking requires the use of secure data-sharing practices to protect customer data and provide secure access online.

Some of the methods used to protect data include:

Secure API endpoints
Secure API architecture
Encryption during transit
Digital certificates
Authentication
Active consent

APIs use encryption protocols to safeguard data during transit, making it extremely challenging for fraudsters to intercept and misuse information.

They facilitate the secure exchange of financial information between banks and authorised third-party providers.

Russ added: “The connection between apps and Open Banking is encrypted, which helps to keep data safe.

“Authenticated access management controls, which can be achieved with multi-factor authentication, help verify users to ensure they are authorised to have access.

“There are also rigorous compliance checks on third parties wishing to obtain access to Open Banking APIs.”

At the bank-level, a customer will never be asked for bank login details, PINs or passwords when Open Banking is in use.

How much control do service providers have over Open Banking security measures?

All these security practises and measures are not a choice – they are a mandate to be able to use Open Banking.

“Any third-party provider wanting to use Open Banking has to undergo strict security assessments and adhere to strict data protection standards,” explained Russ.

“Anyone providing Open Banking services is vetted and approved to ensure high security standards are met for the protection of customer data.”

Is Open Banking regulated?

The FCA (Financial Conduct Authority) creates the standards that all third-party providers must adhere to if they want to use Open Banking as part of their service or solution.

“Accessing Open Banking APIs is only possible for apps that have been through an independent audit to prove their systems and security controls meet FCA standards,” Russ explained.

After the initial audit, third-party providers can also expect regular audits to ensure ongoing compliance and authorisation to use Open Banking.

Only companies authorised by the FCA can use Open Banking APIs to access financial information or initiate payments on behalf of a customer.

Is Open Banking easy for service providers to use and set up?

“No – you will need to find a third-party developer/partner who must go through the FCA verification process and deliver on the secure API and authentication needed to be able to connect to Open Banking,” said Russ.

These verification checks and audits will cover:

Compliance of the system
Security measures with the standards set by financial regulator
Adherence to the regulatory requirements of a particular region (for example, PSD2 and GDPR for Europe)
Ability to detect and prevent scams and respond to cyber-attacks.

I‑Finity and Open Banking

I‑Finity is a vetted and approved third-party provider of Open Banking solutions. They have previously enabled financial services customers to integrate expense management products with Open Banking.

They have experience in building APIs and securely connecting newly built platforms with UK banks to pull through authorised transaction data.

I‑Finity can also support customers who must undergo security pen testing each year to comply with the ongoing compliance and FCA regulations.