25/1/2023 14:00

Open Banking and security best practices

The consolidation of Open Banking around the world has reduced bureaucracy in banking, making life easier for financial institutions and clients. 

Still, it has to be admitted: the sharing of consumers' banking data between companies - the process that underlies this technology - causes skepticism. Now the question is: Is open banking secure? The answer is "Yes". What is needed is to grant time for adaptation and, more importantly, to comply with some specific rules. Let's get to know them. 

Who authorizes it is the client

The migration or sharing of data between banks or other financial institutions has to be previously authorized by the customers. Moreover, consumers decide which entities will be able to access this banking information. 

Dedicated regulation

In addition to the consent of the customer to the transfer of any data, Open Banking is a properly regulated activity. In fact, through the creation of the so-called Services Payments Directives (PSD 1 and 2), the European Union has regulated the use of this technology. Orlando Costa, nBanks CEO, complements this data: to enrich the "strong layer of regulation" already in place, he explains, "there are good practices such as double authentication, or the renewal of credentials every 90 days. And the API (Application Programming Interface) component itself follows a strong encryption and security component.

In practice, the following happens: on the one hand, institutions that integrate Open Banking activities are subject to authenticity and security requirements; on the other hand, these entities will have to develop APIs (the software that enables the exchange of banking data) also properly regulated as required by the European Central Bank. Compliance with standards under the RGPD (General Data Protection Regulation) also strengthens this need for security. 

Orlando Costa adds that banks themselves "have to ensure that what is required by the European Directive is met, so that on a competitive but also cooperative level, Fintechs and Banks can innovate and provide services that truly create value for each client. 

To strengthen the foundation of these pillars, the behavior of bank customers also counts. On the consumer side, there is, in fact, a set of best practices to adopt:

  • Always validate the authenticity of the companies we interact with - banks or other institutions;
  • Always maintain contact with these entities through official channels (websites and applications, mainly), avoiding e-mail and chats;
  • Before authorizing data sharing, ensure that the purpose of such sharing is fully known and ensure that cancellation of the service is possible when desired;
  • Be as suspicious as possible of attractive promotions or instant benefits;
  • Never click on hyperlinks, especially when they are sent through channels such as SMS or social media.

Security behaviors, strictly speaking, start in more mundane applications, such as Facebook - and other social networks - or E-mail. As the CEO of nBanks says, with an open banking solution, "the customer is much safer than in many other scenarios where he surfs the internet without any precautionary measures". 

At nBanks, we maintain very close contact with customers to clarify all questions and ensure the necessary security. This is the maxim that applies to both business customers and accountants. Try it for free.