Open Banking Takes On Financial Crime Big Time

online banking security

Partnerships of legacy financial institutions (FIs) and FinTechs are bringing forth some of the coolest experiences in banking. It’s a trend exemplified by open banking — the European invention that’s circling the globe, making news and putting some flash back into money.

New open banking options are inevitably attracting fans on the evil side of things as well. That’s a barrier to all that digital-first banking has to offer, and a number of companies in the sector are working hard to secure this emerging, possibly transformational form of finance.

“Open banking promises to bring benefits to consumers and businesses alike but also carries some threats. Moving to open banking with APIs has impacts on fraud systems,” Rob Tharle, head of fraud strategy at NICE Actimize, told PYMNTS. “These impacts are from session data relating to the device and other key data elements as well as attacks against third-party providers to target the end customer. They reduced the intelligence available to make risk decisions on transactions, therefore it becomes even more critical to have a multifactor authentication strategy.”

The June 2020 Preventing Financial Crimes Playbook done in collaboration with NICE Actimize offers an informative deep dive into reducing the security risks associated with open banking, along with over 20 pages of news and developments vital in counteracting financial crime.

Trust Is Earned

With 22 percent of Americans recently surveyed saying they have already fallen victim to pandemic-era financial crime — and summer only just started — the immediate fraud outlook isn’t optimal. Financial institutions and other businesses reported averaging 30 cyberattacks per hour pre-pandemic, and open banking is making an irresistible new target.

“Many banks are experimenting with open banking to improve their customers’ access to digital banking services, but these systems come with security risks of their own,” according to the latest Preventing Financial Crimes Playbook. “Banks are leveraging a number of security measures to protect their [open banking] APIs, such as multifactor authentication (MFA) and machine learning (ML), but customers are still hesitant about their use, with studies showing that 49 percent of bank customers believe their personal data will be less safe due to open banking. Protecting customers’ personal data and building trust will be vital when deploying open banking protocols. Both will be necessary if open banking is to make headway in the financial industry.”

Trust doesn’t come easy, and will have to be earned with reliable, resilient systems that make shielding user data a top priority. The most effective tend to be multi-layered and analytics-driven, combining authentication factors for just the right amount of friendly friction.

“This includes not just device and behavioral biometrics but profiles on the [third-party providers] themselves,” Tharle told PYMNTS.

“By understanding the genuine interactions … your customers [have] with [third-party providers] as well as the fraud rates via [third-party providers], risk-based strategies can help prevent and detect fraud in all channels. Like all tools, open banking can be used for good and bad, and I think we’ll see the fraudsters try to abuse it. However, by taking the correct action, you can help your customers achieve their financial goals safely.”

MFA Making Its Mark

While fraud detection loses some battles, it’s starting to win the war against cybercrooks. Much of that success is coming down to ingenious uses of artificial intelligence (AI) and ML, together with biometrics and other unique identifiers as part of a robust multifactor authentication strategy that hardens cards and accounts against various forms of intrusion and abuse.

“Experts say that the best MFA systems rely on three points of data: something the user knows, such as a password; something the user has, such as a key fob or a code sent via text message; and something the user is, which typically consists of a biometric identifier. Requiring any two of these three data points is enough to protect against 99.9 percent of fraud attempts, according to one study,” the June Playbook states.

“The small number of fraudsters that manage to bypass MFA systems can be countered with artificial intelligence (AI) and ML systems, which analyze the thousands of payments routed through open banking APIs and look for unusual system commands, transactions or other markers of suspicion. These systems can look through transaction logs much faster than human analysts, reduce fraudulent transactions by 65 percent and the total amount of money paid out through these transactions by 75 percent.”