Banking & Finance November 1, 2017
By Brooks Miller 3 min read

Banking is set to significantly change as Payment System Directive 2 (PSD2) regulations are introduced across Europe. In fact, open banking regulations are being considered in a number of regions around the world. The directives will require financial institutions to adopt open banking by safely and securely allowing customers to view account information and initiate payments through third-party providers that access bank data via open application program interfaces (APIs).

Open banking can help fintechs and other third-party providers develop new applications and services as they gain access to a bank’s customer financial and transaction data. As a result, traditional banking business models are being disrupted. Consumers can now conveniently manage their money, initiate transactions and even apply for new financial services using third-party applications.

As open banking opens the door to new competition, it provides an opportunity for banks to form partnerships and deliver their own innovative products. These fresh opportunities, combined with the right security strategies, can help banks evolve and drive customer loyalty in this new era of banking.

Read the white paper: Harnessing the power of open banking

Customer Expectations Drive Innovation

As technology expands, financial transactions that used to take days can now be completed in a matter of minutes. If you owe a friend money, just jump on your phone, open your payment service app and transfer funds on the spot.

As banking becomes more digital, consumers are visiting banks less. The traditional business model seems to be disappearing. Financial institutions should rethink their offerings and IT design to help position themselves as innovative leaders and meet consumer demands.

Banks that embrace this evolving digital landscape can drive innovation and create new opportunities on their own. If they don’t change with the marketplace, customers may leave to find a different bank that does.

A New Frontier for Fraudsters

As fintechs make their way into the banking ecosystem, this migration may add a new layer of complexity and opportunity for fraud. Financial institutions should consider the following security capabilities to help them fulfill customer expectations.

  • API security: Securing and managing APIs will be valuable when participating in the open banking ecosystem. Security, traffic management and mediation policies can help banks securely expose APIs to connect and build trust with third parties.
  • Customer authentication: Using multiple authentication mechanisms allows banks to offer customers the type of authentication experience they find most convenient, which can help lower abandonment rates and protect against cybercriminals.
  • Risk assessment: Fraud teams may not be able to obtain traditional risk indicators from a user’s device when transactions are submitted via an API in an open banking environment. Consider analyzing a wide range of risk indicators and fraud patterns across channels and institutions.

Security Risk Assessment Basics

So what are some of the security basics that banks should consider in the age of open banking? To start, financial institutions should incorporate a multilayered approach that provides insights into a vast range of risk factors and visibility across digital channels.

Banks should also consider working with partners that can provide omnichannel visibility and risk-based authentication to help identify threats and protect against fraud. Omnichannel visibility typically spans phone (call center) risk, cyber risk, cross-channel transaction anomalies and API risks. Looking at these areas in unison can help detect and prevent cross-channel fraud as it happens.

Risk-based authentication is another key component to open banking. Banks need to authenticate end users even when there might not be a direct channel between a given user and the financial institution. Banks can combine authentication modalities with behavioral biometrics to help confirm the identity of a customer.

Succeeding in the Open Banking Era

Open banking is fundamentally changing the relationship between consumers and banks, and transforming how people manage their money. Financial institutions that embrace the evolving banking ecosystem, deliver new value-added services and add the right layers of security will set themselves up to drive customer loyalty.

To learn more about the challenges and opportunities presented by open banking, download the white paper, “Harnessing the Power of Open Banking,” and listen to our podcast, “Security in the Age of Open Banking.”

 |  |  |  |  |  |  |  |  |  | 
Brooks Miller
Product Marketing Manager, IBM

More from Banking & Finance
August 30, 2023

Cost of a data breach 2023: Financial industry impacts

3 min read - According to the IBM Cost of a Data Breach Report 2023, the global average cost of a data breach in 2023 was $4.45 million, 15% more than in 2020. In response, 51% of organizations plan to increase cybersecurity spending this year. For the financial industry, however, global statistics don’t tell the whole story. Finance firms lose approximately $5.9 million per data breach, 28% higher than the global average. In addition, evolving regulatory concerns play a role in how financial companies…

August 17, 2023

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

July 28, 2023

The rise of malicious Chrome extensions targeting Latin America

9 min read - This post was made possible through the research contributions provided by Amir Gendler and Michael  Gal. In its latest research, IBM Security Lab has observed a noticeable increase in campaigns related to malicious Chrome extensions, targeting  Latin America with a focus on financial institutions, booking sites, and instant messaging. This trend is particularly concerning considering Chrome is one of the most widely used web browsers globally, with a market share of over 80% using the Chromium engine. As such, malicious…

July 14, 2023

BlotchyQuasar: X-Force Hive0129 targeting financial institutions in LATAM with a custom banking trojan

16 min read - In late April through May 2023, IBM Security X-Force found several phishing emails leading to packed executable files delivering malware we have named BlotchyQuasar, likely developed by a group X-Force tracks as Hive0129. BlotchyQuasar is hardcoded to collect credentials from multiple Latin American-based banking applications and websites used within public and private environments. Similar operations conducted in late 2022 have also been noted delivering an earlier variant of this modified QuasarRAT by likely Spanish-speaking actors. BlotchyQuasar, which X-Force describes as…

© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature