Banking is set to significantly change as Payment System Directive 2 (PSD2) regulations are introduced across Europe. In fact, open banking regulations are being considered in a number of regions around the world. The directives will require financial institutions to adopt open banking by safely and securely allowing customers to view account information and initiate payments through third-party providers that access bank data via open application program interfaces (APIs).

Open banking can help fintechs and other third-party providers develop new applications and services as they gain access to a bank’s customer financial and transaction data. As a result, traditional banking business models are being disrupted. Consumers can now conveniently manage their money, initiate transactions and even apply for new financial services using third-party applications.

As open banking opens the door to new competition, it provides an opportunity for banks to form partnerships and deliver their own innovative products. These fresh opportunities, combined with the right security strategies, can help banks evolve and drive customer loyalty in this new era of banking.

Read the white paper: Harnessing the power of open banking

Customer Expectations Drive Innovation

As technology expands, financial transactions that used to take days can now be completed in a matter of minutes. If you owe a friend money, just jump on your phone, open your payment service app and transfer funds on the spot.

As banking becomes more digital, consumers are visiting banks less. The traditional business model seems to be disappearing. Financial institutions should rethink their offerings and IT design to help position themselves as innovative leaders and meet consumer demands.

Banks that embrace this evolving digital landscape can drive innovation and create new opportunities on their own. If they don’t change with the marketplace, customers may leave to find a different bank that does.

A New Frontier for Fraudsters

As fintechs make their way into the banking ecosystem, this migration may add a new layer of complexity and opportunity for fraud. Financial institutions should consider the following security capabilities to help them fulfill customer expectations.

  • API security: Securing and managing APIs will be valuable when participating in the open banking ecosystem. Security, traffic management and mediation policies can help banks securely expose APIs to connect and build trust with third parties.
  • Customer authentication: Using multiple authentication mechanisms allows banks to offer customers the type of authentication experience they find most convenient, which can help lower abandonment rates and protect against cybercriminals.
  • Risk assessment: Fraud teams may not be able to obtain traditional risk indicators from a user’s device when transactions are submitted via an API in an open banking environment. Consider analyzing a wide range of risk indicators and fraud patterns across channels and institutions.

Security Risk Assessment Basics

So what are some of the security basics that banks should consider in the age of open banking? To start, financial institutions should incorporate a multilayered approach that provides insights into a vast range of risk factors and visibility across digital channels.

Banks should also consider working with partners that can provide omnichannel visibility and risk-based authentication to help identify threats and protect against fraud. Omnichannel visibility typically spans phone (call center) risk, cyber risk, cross-channel transaction anomalies and API risks. Looking at these areas in unison can help detect and prevent cross-channel fraud as it happens.

Risk-based authentication is another key component to open banking. Banks need to authenticate end users even when there might not be a direct channel between a given user and the financial institution. Banks can combine authentication modalities with behavioral biometrics to help confirm the identity of a customer.

Succeeding in the Open Banking Era

Open banking is fundamentally changing the relationship between consumers and banks, and transforming how people manage their money. Financial institutions that embrace the evolving banking ecosystem, deliver new value-added services and add the right layers of security will set themselves up to drive customer loyalty.

To learn more about the challenges and opportunities presented by open banking, download the white paper, “Harnessing the Power of Open Banking,” and listen to our podcast, “Security in the Age of Open Banking.”

More from Banking & Finance

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today