Back in January, we were promised a revolution in banking, with the introduction of PSD2 - or the Open Banking legislation. By requiring traditional banks to share customer data with third party providers, the new rules were designed to bust open the big banks’ monopoly over customer data, while encouraging innovative new financial services and increasing choice for consumers.
So, now that we’re nearly eight months into this ‘new world of banking’, we wanted to take a look at how things are going?
Are the big banks playing ball?
The success of open banking has always depended on the big financial services providers, who ultimately hold the keys to the data. For it to work, they need to make it easy for third party providers to access their Application Programme Interfaces (APIs), as well as helping to promote the new options and benefits to consumers. Has this happened?
Well, reports suggest not, with fintechs claiming they’ve been held back by the big players dragging their feet and not promoting the new rules proactively enough. Recent figures showed that since PSD2 launched, 63 firms have started using Open Banking, while the technology was used 1.2 million times in June to securely share data. That might sound like a lot, but the numbers are still lower than expected.
Additional research highlights another big problem – that most consumers simply aren’t aware of the legislation. A recent survey by YouGov found that three quarters of people (72%) haven’t heard of it, with just 14% of 18 to 24 year olds aware of it. This makes it significantly harder for fintechs to achieve cut-through regarding the benefits of their services and the security safeguards in place.
There are signs however that young people would in principle be happy to use such services, with research by Altus showing that over half of 25-34 year-olds (54%) are happy to share information on their savings, investments, pensions, other assets and their debts. For this demographic, the convenience and accessibility offered by open banking would definitely be a plus.
Are some fintechs breaking through?
It might be slow going from an awareness perspective, but there are some success stories to be had. Moneybox is one of those leading the charge, having announced integrations with Santander, Monzo and Starling Bank. It’s the first third party provider to integrate with Santander, enabling users to save money through rounding up card transactions, weekly and payday deposits. It claims to have around 100,000 savers so far using its app.
Challenger banks are definitely ahead of the Open Banking curve with Starling also announcing integrations with Wealthify, Money Dashboard and Emma. Meanwhile, Metro Bank has built a developer portal, enabling FCA-registered third parties to build services on top of its APIs.
What about security concerns?
Of course, some of the initial concerns around Open Banking were security related. Would it make banks’ systems more vulnerable to attack? Could consumers trust new fintech providers?
Well on that front, so far so good. We haven’t seen any PSD2 related cyber incidents to date, although the Financial Conduct Authority is investigating opaque marketing and use of data by some digital providers, particularly in light of GDPR which came into force this year.
In one sense Open Banking has decreased the risk to customer data by reducing the prevalence of scraping, the original route taken by many fintech providers to access users' account information. In addition, under PSD2, AISPs (Account Information Service Providers) and PISPs (Payment Initiation Service Providers) must be registered, licensed and regulated at an EU level, as well as abiding by a number of security requirements, including two-step verification. This appears to be keeping hackers at bay for now.
The onus is on third party providers (TPPs) to safeguard against cyber-attacks of their own infrastructure, whereas for banks, the concern is mitigating fraud risk, as they are the first party liable for unauthorised financial transactions from a user’s bank account. As a result, banks should be investing in an extensive armoury of analytical tools to validate legitimate users and detect attacks. These include 2-Factor and multi-factor authentication, biometrics, behavioural analytics, and ‘offline’ validation like Yubikey.
Security has also been bolstered from an insurance perspective, as the PSD2 legislation requires that PISPs and AISPs have a specific type and level of technology-based professional indemnity and cyber security cover. If a TPP is compromised, it has an obligation to rectify the situation and refund any money to the customer, via their bank, within 72 hours. The right business cover ensures they can mitigate their risks and honour their responsibilities, while allaying consumer concerns.
What can we expect?
General consensus is that Open Banking was always going to take a while to catch on, as the big banks cranked their legacy systems into gear, and consumers got to grips with what is, on the surface, a pretty dry piece of legislation. But with a handful of tech leaders already showing what’s possible, and winning over early adopters, it seems that things are moving in the right direction. And with PwC predicting that the market could be worth £7.2 billion by 2022, fintechs certainly have a big incentive to stick at it. We can’t wait to see what the coming years have in store.
As a fintech specialist, Superscript has worked with one of the leading providers in the market to build a specialist PSD2 policy, to meet regulatory requirements and give you the peace of mind that you’ll be protected.
We can also help you calculate the level of cover you need, based on your unique risk profile.
To discuss your needs further and get your business protected for PSD2, book an appointment with one of our team.
We've made buying insurance simple. Get started.
- 17 March 20212 minute read
Regulations dictate that a basic level of insurance is a necessity for fintech firms, but it's not always easy to secure. Here's how Superscript is leading the way.