Is Open Banking More Open to Fraud?

Open banking (under the European Union’s Revised Payment Services Directive or PSD2), means third parties can link up to customers’ accounts, provided the customer consents. With data-sharing as the central feature, open banking is designed to encourage higher product and service innovation, make it easier for non-banks to participate and streamline user experience.

With open banking, the volume and value of transactions have grown exponentially. With more banks across the globe getting ready to open their doors to third parties to access their customer data, open banking is also expected to bring in a new era of fraud. So the new legislations intended to democratize banking and provide a better deal for customers has also necessitated increased and smarter vigilance.

According to KPMG’s latest Global Banking Fraud Survey, open banking is considered a significant challenge in fraud risk by banks. Questions are being raised on the reliance that can be placed on third party controls. Open banking also presents an opportunity to gain a richer customer dataset, which can be used to prevent and detect fraudulent activity and recover fraud losses.

Among some of the emerging threats are copycat websites pretending to be third-party providers, scammers hacking into a third party to gain access to information held in current account statements are scammers posing as a third party in correspondence to extort information. This then allows fraudsters to access customers’ money fraudulently. In more complex scams, information, e.g. which service provider the customer has a utility contract with, could be used to extract money.

One fundamental challenge banks face is the absence of a single source of ID verifiable data to use. For instance, they require access to different streams of data for KYC compliance. This makes it essential to have access to the most up-to-date and relevant data from billions of global contact records. The data should be from trusted sources such as credit agencies, government agencies, utility companies, and international watchlists.

If data is not obtained from trusted sources, banks might end up with incomplete reference data sets that could have errors and this in turn puts a question on the reliability of the data for fraud prevention.

While sourcing data for ID verification, it is also crucial that it improves on existing customer data, to gain a 360-degree customer view to aid the bank’s future revenue generation efforts. It could even be data that completes the missing parts of a postal address or adds a new contact number.

Customer data could be used for purposes other than those agreed by the customer. For example, their data could be sold to unscrupulous marketers or fraudsters for use in ID theft. This can cause newer problems. Fraudsters can phish for client details tricking customers into giving approval to access account information. This data could then be used to trick customers into divulging more sensitive data later. While legacy banks have invested heavily in reinforcing their digital infrastructure, newer/smaller banks could be more vulnerable.

Banks are also now investing more in identifying anomalous behavior. Real-time analytics is now at the forefront of risk reduction. Banks are mitigating newer fraud risks by implementing controls based on advanced analytics to detect attacks. Real-time risk analysis helps detect abnormal behavior in requests originating from third-party providers, identify suspicious transactions and detect abnormal API calls.

Not all banks are confident that customers’ data will be protected from fraud. A bank cannot refuse to hand over data, contrary to PSD2, so banks need to educate customers on vulnerabilities.

Banks strive to deliver an excellent customer experience when onboarding new customers and to existing customers accessing their accounts. That makes it all the more important to have the appropriate depth of ID data.

The innovators in this increasingly competitive world will be the ones that enhance the customer journey while maintaining substantial due diligence over customer data in their systems. Such due diligence ensures that they become a source of trusted identity for their customers who use it for all their digital banking activities.

Providing secure infrastructure to TPPs is a significant challenge for banks. Banks’ fraud analytics departments will need to perform proactive transaction monitoring and develop their own rules to prevent fraud in open banking. Under PSD2, banks can block third-party access to accounts if they have evidence that the activity is fraudulent.

To manage open banking fraud, banks must use stronger user authentication and invest in fraud detection tools with anomaly detection and risk-based analyses. AI-driven fraud monitoring tools help detect fraudulent activity even before it happens.

Cybersecurity platforms are capable of providing adaptive authentication and cross-channel protection with options such as biometrics, OTPs, emails, knowledge-based authentication, and transaction signing. Vendors can implement an adaptive authentication platform, maintain it, and operate it with a managed service model.

Banks can adopt adaptive authentication to safeguard customers’ experience while enforcing strong customer authentication (SCA) requirements. An agile and intelligent approach with advanced analytical methodologies is key to detecting fraud in an open banking environment. A single view of all accounts undoubtedly means that users are much more likely to initiate transactions.

Banks must be able to embrace open banking without fear of fraud and to deliver superlative customer experiences. With real-time, cross-channel anti-fraud software and depth of data available for effective KYC compliance, that is possible. Frictionless fraud solutions can increase customers’ confidence levels when they know that their banks are taking every effort to prevent fraud.

Banks must have a real-time, cross channel fraud monitoring framework to insulate customers from compromised providers, and a centralized but agile dispute resolution service to manage issues consistently. By ensuring a secure environment in which open technologies can evolve, banks can enhance customer trust and enable it to grow further.

With higher transaction volumes, an open banking environment evidently attracts more fraud. Banks face reputational risk, fines and losses to fraud and with open banking, there has never been a better time to focus on more advanced financial crime defense mechanisms.


Like this article? Share it!


About the author


Balakumaran S

Manager – Strategic Sales
With a focus on Sri Lanka and Africa markets, Balakumaran has been instrumental in opening up newer geographies for Clari5.