For a long time, the U.S. financial system has been dominated by traditional institutions. Banks, credit unions, and credit card companies controlled most products and services. To a large extent, consumers knew no different, especially regarding payments. A credit card, a check, or an electronic transfer was good enough.
Yet each payment method has limitations, whether it be a delay in payment processing or a consumer being forced to use a credit card rather than paying directly from a bank account. That might change as more financial institutions participate in Open Banking. With Open Banking, third-party providers can access financial data from a bank, such as account balances and transaction history.
Global Open Banking users are expected to reach 132 million by 2024. Security, privacy, and identity verification will be paramount as usage rises sharply.
Fraud risks associated with Open Banking
At its core, Open Banking is consumer permissioned, meaning that consumers must consent to the sharing of their financial data. Data sharing happens via APIs, allowing account information to pass securely between parties. For Real-Time Payments, this would occur at checkout or via account-to-account transfer. Open Banking is a vast improvement over “screen scraping” technology, which allows a third party to access a bank account using the customer’s login credentials.
Yet as Open Banking is on the rise, so is fraudulent activity. Real-Time Payments, in particular, can be a prime target for fraudsters that can initiate unauthorized transactions or transfer money between accounts. A study by Juniper Research found that online payment fraud will exceed $206 billion cumulatively between now and 2025.
Tactics range from stolen login credentials to phishing scams to the unauthorized access of Open Banking data. As more and more financial transactions take place online, the schemes have become increasingly sophisticated.
Technology can identify fraud and reduce risk
Financial institutions and third-party providers must implement strong security controls and fraud prevention strategies to reduce fraud risks. The risks can hit both sides of the transaction. Merchants can lose money in fraudulent transactions. And if consumers fear that malicious actors could drain their bank accounts, they may be reluctant to use Open Banking technology.
Technology is an essential component of any fraud mitigation strategy. Initiating a transaction with a username and password isn’t enough. Additional layers of robust security should protect Open Banking processes, such as identity verification, biometric authentication, behavioral analysis, SCA, etc.
Biometric authentication uses a physical characteristic to verify identity, such as fingerprints, facial recognition, or retina scans. Biometric authentication can enhance security in Open Banking and is very convenient for consumers.
Many cell phones already use biometric identification (such as a fingerprint to unlock a device), so consumers are used to its capabilities. Biometric authentication is also already a complement to digital payments, such as Apple Wallet, as an added layer of security.
Strong customer authentication (SCA)
Strong customer authentication is a regulatory requirement for online and contactless offline payments in Europe. Checkout flows have to verify identity in two of the three following ways:
- Something the customer knows, such as a password or PIN
- Something the customer has, such as a mobile phone
- Something the customer is, such as a fingerprint or other biometric data
Many companies in the U.S. offer similar security capabilities through multi-factor authentication (MFA). A consumer might have to enter a password and then enter a security code sent to an email address or via text. By requiring two forms of authentication, SCA makes it more difficult for fraudsters to gain access.
Risk-based authentication is similar to SCA, but requires additional verification based on real-time intelligence. With each login, the risk of account compromise gets assessed.
Most commonly, the factors analyzed include device, location, or network. The username and password might be enough if the consumer is logging in from a home computer with a familiar IP address. But if a login is attempted from another country, risk-based authentication would require another form of identity verification, such as biometrics or answering a security question.
Machine learning (ML)
Machine learning is artificial intelligence that gathers data from algorithms and “learns” to make predictions over time. In Open Banking, ML can analyze and detect patterns in large volumes of data. Specifically, ML can look for anomalies in transaction amounts or locations, which may indicate account fraud.
Consumers who don’t check their accounts regularly, such as the elderly, are at high risk for account fraud and may not even realize it’s occurring. If a malicious actor compromises credentials, machine learning can pick up on an unusual activity that may be occurring through Open Banking platforms.
Blockchain is best known for its role in cryptocurrency, but the technology provides a secure and unalterable transparent ledger of transactions. This can prevent fraud because it reduces the risk of data or transaction manipulation. A truly open financial system would facilitate transactions and payments, including traditional currency and cryptocurrency.
Blockchain-based identity verification systems store data that is “auditable, traceable, and verifiable,” according to IBM. Sensitive data is secured and only accessed by authorized parties, with all actions captured as permanent transactions on the blockchain.
Building a sustainable Open Banking system
Open Banking can drive innovation in a way that is often lacking in traditional financial institutions. Financial technology companies can focus on solving specific pain points (such as real-time payments), bringing new services to market, and creating niche product offerings.
While consumer data protection laws exist today and financial institutions must follow “Know Your Customer” regulations for identity verification in the U.S., Open Banking has emerged without specific regulatory guidance and oversight. It’s up to the participants: financial institutions, fintechs, and merchants, to come together and enforce strong identity verification requirements that protect consumers.
Data Security at Trustly
If fraudulent activity runs rampant and unchecked, it can erode trust in Open Banking’s role in the larger financial ecosystem. While implementing fraud prevention measures and technology will come at a cost, it’s nothing compared to the potential losses and costs associated with fraud. Trustly’s proprietary Risk Engine, in combination with enhanced security measures, ensures the security, confidentiality, and integrity of sensitive data.