Securing The Future Of Open Finance

Uploaded on 2022-09-27 in TECHNOLOGY--Developments, FREE TO VIEW, BUSINESS-Services-Financial

The world of finance has changed dramatically over the past few years. From consumer relationships with banks to the software financial institutions (FIs) are deploying to create a seamless experience for customers, those operating within the banking industry have had to adapt accordingly. With this adoption offers new opportunities, but also new challenges. 

The correlation between advancing technology and cyber security concerns is not new. In recent years, vulnerabilities have often been exploited as quickly as new technologies are rolled out, and while FIs are far wiser to the risks than they once were, there is still more that can be done. 

A key example of this is the continued rise of Open Banking on a global scale. Through Open Banking initiatives, Fintechs can utilise relevant consumer data, direct from banks and non-bank financial institutions, through Application Programming Interfaces (APIs) to build improved customer offerings. In turn Open Banking offers customers the opportunity to access these enhanced services across many different institutions and service providers, thus creating hyper personalisation and an improved user experience. While Open Banking has the potential to revolutionise the financial industry, recent research from Curity shows that concerns such as data sharing are prevalent amongst financial institutions, in part due to the introduction of several data protection regulations. 

Common Concerns & How To Address Them 

While 71% of businesses plan to adopt Open Banking in the next 18 months, the same number have concerns around security issues and the largest concern these businesses have on a global scale is related to outdated systems.  Businesses need reliable systems in place in order to manage the data sharing process, to introduce new applications and services that require a robust technology support system.

Without these systems businesses risk falling behind their more advanced counterparts and will lose customers who can find better experiences elsewhere. 

To the benefit of many businesses, Open Banking is built on data protection regulation on a global scale and requires financial-grade security protocols to be in place. OAuth 2.0 and OpenID Connect, while considered complex, support businesses in offering robust security frameworks that deliver Open Banking at no cost of safety to customers.

By implementing financial-grade security, businesses can gain peace of mind that the systems they are building are appropriate for their consumer audience. 

OAuth 2.0 is a crucial authorisation framework specifically designed for API security. It allows unrelated servers to authorise access without sharing the original log-on credential, and without giving third-parties full, permanent access. It offers businesses the flexibility to add additional layers on top of its framework, such as OpenID Connect. 

OpenID Connect is built as an identity layer that sits on top of the OAuth 2.0 protocol. It is the leading industry standard for cross-domain single sign-on and identity, and is known for its ease of use for web, mobile and script users who wish to request and receive information about authenticated sessions and end-users. By using JSON Web Tokens, and sitting atop of OAuth 2.0, it is considered API-ready, and feeds vital information back to businesses by showing who is logging on, and how regularly. Its main benefit is that it is “oven-ready” meaning businesses aren’t faced with surprises or additional add-ons due to the standardised set-up, instead operating as a standard protocol on how to authenticate log-in attempts, and how these results are presented. 

Paying Attention To Financial-Grade Security Is Key

Other concerns businesses have when it comes to Open Banking are around managing external third-party data providers and legacy systems. We know that ignoring these concerns and not effectively deploying the appropriate technology to manage them can have catastrophic consequences, in particular, increasing the risk of data breaches.                     

Businesses must ensure they are paying attention to financial-grade security, as well as regulatory requirements in order to maintain customer relationships and build their business acumen.  In doing so, this should give businesses peace of mind about their handling of customer data.

This will also provide organisations with the tools necessary to manage the Open Banking adoption and implementation, thus improving their offering to customers and addressing a key business concern. 

Jacob Ideskog is CTO at Curity

You Might Also Read: 

Identity Access Management  Essentials:

 

« Many Cyber Security Experts Don’t Understand The Systems They Are Trying To Secure
Why Companies Need A Next-Gen Approach To Business Continuity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Korea Information Security Industry Association (KISIA)

Korea Information Security Industry Association (KISIA)

KISIA is a non-profit organization for the information security industry in Korea.

HvS Consulting

HvS Consulting

HvS Consulting is a specialist information security company offering a full range of services including IT security architecture, ISO 27001 audits, Pentesting, Security monitoring and Training.

Hexatrust

Hexatrust

The HEXATRUST club was founded by a group of French SMEs that are complementary players with expertise in information security systems, cybersecurity, cloud confidence and digital trust.

Cryptosense

Cryptosense

Cryptosense provides the first application security software dedicated to the detection and remediation of crypto vulnerabilities.

Plug and Play Tech Center

Plug and Play Tech Center

Plug and Play is the ultimate innovation platform, bringing together the best startups and the world’s largest corporations.

Chicago Quantum Exchange (CQE)

Chicago Quantum Exchange (CQE)

Chicago Quantum Exchange is an intellectual hub and community of researchers with the common goal of advancing academic and industrial efforts in the science and engineering of quantum information.

Acreto

Acreto

Acreto is an end-to-end security infrastructure that protects all your technologies with a single, simple cloud service.

LogMeIn

LogMeIn

LogMeIn makes it possible for millions of people and businesses around the globe to do their best work simply and securely—on any device, from any location and at any time.

Bechtle

Bechtle

Bechtle is one of Europe’s leading IT service providers offering a blend of direct IT product sales and extensive systems integration services.

FoxTech

FoxTech

FoxTech is an independent, friendly and deeply specialised cyber security company in the UK, with expertise spanning decades of Public Sector and Government services.

Core4ce

Core4ce

Core4ce is a mission-oriented company that serves as a trusted partner to the national security community.

Space Hellas

Space Hellas

Space Hellas is a dynamic, established System Integrator and Value Added Solutions Provider, holding a leading position in the high technology arena.

Minorities in Cybersecurity (MiC)

Minorities in Cybersecurity (MiC)

MiC was developed out of a unique passion to help fill the gap that exists in the support and development of women and minority leaders in the cybersecurity field.

Codenotary

Codenotary

Codenotary provide a comprehensive suite of verification and enforcement services to guarantee the integrity of your software throughout its entire lifecycle.

Cylerian

Cylerian

Cylerian is a Next Generation SaaS Security Platform - One unified cloud platform to achieve your security, compliance, and operational objectives.

Scope AI

Scope AI

Scope AI is an innovative technology company specializing in quantum security and machine learning.