FinTechs and banks are collaborating to give their customers unprecedented flexibility, control and speed, but that can create new security gaps. In the Real-Time Payments Tracker, Dwolla’s Dave Glaser says banks need to think differently about protecting financial data if they want connected banking to flourish in the U.S.
Consumers and companies worldwide are finding it easier to conduct business digitally, making it necessary for all players involved to look out for each other and their customers. FinTechs in particular are beginning to take on more responsibility in keeping funds safe as they travel from payors to payees in the connected banking ecosystem.
Thus, the onus is on FinTechs and financial institutions (FIs) to ensure consumers can trust the frameworks on which their payments travel, according to Dave Glaser, president and chief operating officer at Dwolla. The company uses application programming interfaces (APIs) to provide account-to-account payment solutions for innovative businesses, from boot-strapped startups to large digitally-transforming enterprises.
“I think it falls on all of us to make sure that these interactions are as secure as possible using modern security protocols,” he said. “It’s important for everybody in the open banking ecosystem to employ multilayered approaches to protect consumer credentials.”
The United States banking system is in a transition period. The established automated clearing house (ACH) Network, which has been in place for more than 40 years, is working to innovate alongside even faster rails such as the RTP network, an interconnected system of banks that can securely and electronically transmit money and financial information instantly.
As the robust proliferation of APIs within the space makes it easier and safer for sensitive financial and personal information to be shared with third parties, the trend of open banking has created a market in which nimble startups are joining banks in offering cutting-edge financial solutions. FinTechs, even those without banking licenses, now can act as intermediaries when moving money to consumers, and they are not always subject to the strict government regulations to which traditional FIs must abide.
“We see these startups that are inventing brand new ideas trying to disrupt existing financial services players by inventing a new feature or set of features, like a new brokerage platform, a new lending platform, a new banking platform or moving money in and out of crypto wallets,” Glaser said.
He added that open banking and APIs, as well as pandemic-driven digital transformation, also are prompting companies’ chief information officers to rethink their own strategies. Many are moving away from legacy systems that rely on mainframe computers in favor of cloud-based solutions with modern interfaces and apps to take advantage of being more remote.
The Open Banking ‘Triangle’
Open banking and APIs have fostered FinTech innovation, paving the way for companies such as Uber to provide instant payments over the RTP network to workers in the gig economy. Others, such as financial services provider Robinhood, allow users to trade cryptocurrencies and receive instant dividend payouts.
These innovations are part of what Glaser calls the “open banking triangle,” which includes banks that provide payment rails, providers that move money and third-party data providers to build new financial solutions. He explained that as third-party data becomes easier to access, innovative solutions will become more widespread.
These developments have the potential to give consumers and businesses unprecedented control of their payments and money management in addition to real-time speed. Still, fraud threats and security issues could plague this evolving ecosystem, and these issues must be mitigated if open banking is to become as widespread in the U.S. as it is in Europe and elsewhere.
Glaser said enhanced security could take the form of more comprehensive government regulations. The European Union, for example, implemented the revised Payment Services Directive (PSD2) in 2015 to enforce online security measures for the protection of consumers. The Payment Card Industry Data Security Standard did much the same for the credit card industry in 2004.
Glaser also explained that security in an open banking ecosystem must come in the form of consumer education and embedded security protocols added to emerging platforms, such as data encryption, stronger authentication systems and better data storage hygiene. This could even include destroying or wiping unnecessarily stored consumer information.
“I think, with more retail opportunities and more consumer opportunities, we’re going to see more account-to-account transactions occur, and I do expect we’ll see more fraud,” he said. “The fraudsters will catch on to it and try to work the system, so it’s important for everybody in this open banking ecosystem to employ multilayered approaches.”
Glaser said making consumers more comfortable with sharing their financial data requires merchants and innovators in the open banking ecosystem to consider how they handle fraudulent transactions and where liability falls when fraud occurs. Much like today’s environment, in which credit card issuers assume liability for theft caused by stolen information in return for higher transaction fees, FinTechs that ask consumers for routing and account numbers may have to find ways to provide financial insurance while eliminating fees that turn smaller merchants away from some payment rails.
“There’s an area of innovation opportunity for FinTech companies to build loyalty programs around using your bank account as a consumer, so that you’ll want to use your bank account to pay at retail [stores],” he said. “There’s all these components that need to be built out and fleshed out to make open banking truly successful in the U.S.”
Financial services companies, banks and FinTechs have ample opportunities to bring innovative solutions to consumers and businesses, but getting them to buy into the benefits of open banking requires a collaborative approach to security and standards. Making sure that all parties involved in the space are on the same page with compliance, authentication and a host of other responsibilities will allow the connected banking space to flourish across the U.S.