Is Open Banking safe?
Archie - 12/3/23
Everyone’s in safe hands with Open Banking: providers have to be regulated, the customer stays in charge throughout the process and it uses banking-grade security to handle data.
In order to appreciate just how safe Open Banking is, it’s useful to understand a little bit about how it works behind the scenes.
Application Programming Interfaces (APIs) are the whizzy bits of (very secure) tech at the heart of Open Banking: these are the channels that computers can use to talk to each other and share data.
In the context of Open Banking, a regulated third-party provider (like us!) gets consent from the consumer to connect to their bank, then uses an Application Programming Interface (API) to access their data.
And of course, wherever data access is involved it’s only natural to have security concerns. We’ve run all the angles and answered some of the key questions you might have about the safety of Open Banking, to help clarify exactly how everyone stays protected.
Why do third-party providers need to be regulated?
Open Banking is regulated by the Financial Conduct Authority: in a nutshell, the regulator’s job is to protect consumers and keep industry standards high across the board.
Businesses can’t access Open Banking Application Programming Interfaces (APIs) without authorisation from the Financial Conduct Authority. Anyone can check the Financial Conduct Authority’s Financial Services Register and the Open Banking Directory to confirm a third-party provider’s authorisation.
All this means that when a third-party provider is authorised by the Financial Conduct Authority, consumers and organisations can rest assured that it’s totally trustworthy and that it treats its customers in line with the regulator’s rules (phew).
Can a non-regulated business use Open Banking?
Yes, but only by partnering up with an already-regulated third-party provider.
A regulated third-party provider typically provides an Application Programming Interface (API) for the business to use, giving them access to Open Banking and making development both easier and more productive (win-win all round!).
Whether or not they’re already regulated themselves, organisations that opt to work with a third-party provider could benefit from access to a sandbox* and built-in simulator to test the tech out before going to production, as well as helpful toolkits geared towards their specific business needs (think: software development kits, code examples and Application Programming Interface [API] documents).
*A sandbox is where we test the technical stuff, to make sure it’s all working properly. For example, we might use the sandbox to check that our software is playing nicely with the Open Banking Directory and that everything is running as we intended.
Are Application Programming Interfaces (APIs) secure?
Yup: in terms of security, using a bank’s Application Programming Interface (API) is basically the same as logging on to regular online banking (in other words, about as secure as it gets).
To break it down a bit further: the point where the two Application Programming Interfaces (APIs) connect with each other (known as the endpoint) is built and rigorously tested by banks to guarantee that everything’s solid.
Banks maintain these Application Programming Interfaces (APIs) in line with strict standards and procedures outlined by the Open Banking Implementation Entity (OBIE), which is backed by the Competition and Markets Authority (CMA) regulatory body.
Are third-party providers safe?
Yes, as long as they’re regulated – which they have to be to access Open Banking tools.
Third-party providers take security very seriously, guaranteeing banking-grade encryption: this is the seriously heavy-duty protection that banks use to protect sensitive information from hackers. They’ll also only use the data that the customer has consented to share, and won’t access or store their credentials – unlike when you manually have to input bank details. So it’s much more secure than the alternative, if you ask us!
Most third-party providers will use the industry-standard mechanism (OAuth 2.0) for securing the connection between their Application Programming Interfaces (APIs), and consent tokens to securely share data with authorised third parties.
And on top of all that, third-party providers usually also have a crack team of dedicated experts working to keep their infrastructure security tight. We know ours are.
Will customers be asked to share their banking login details and passwords with third-party providers?
Never. Using Application Programming Interfaces (APIs) allows the customer’s bank to connect directly with the third-party provider without them needing to manually log in.
Who can access the customer’s data?
Only regulated providers can access the data, and only after the customer has given their consent.
Can third-party providers access whatever information they want?
No: the customer stays in control throughout the whole process. Always.
Before anything can happen, the customer needs to give consent. They choose what data to share and how long they want to share it for.
They can also withdraw their permission at any point: either directly through the app or website or by contacting their bank to let them know they don’t want to share information anymore.
Security is built into the Open Banking ecosystem
Businesses and customers alike can be rest assured that security has been embedded into every step of the Open Banking process.
- Banking-grade security: Application Programming Interfaces (APIs) use encryption and banking-grade security to protect data.
- Regulatory protections: providers must be regulated by the Financial Conduct Authority, and follow its guidelines.
- Customers stay in control: they decide who can access what and for how long, and will never be asked to share their banking login details with anyone other than their own bank.
In short – Application Programming Interfaces (APIs) are your new best friend, because they’re the safest and most secure way of communicating between parties.
Do you have any questions or want more information about Open Banking?
We’re advocates of keeping the market as clear and accessible as possible. For any advice or support (or if you just fancy a chat), get in touch with one our friendly experts.