Societal development and innovation go hand in hand. As we innovate our society evolves, and new systems and processes are born. But what do these new processes mean for us and how do they make our lives easier? Well, things become easier as a system opens up and becomes more accessible. Looking at the world of finance and payments, open banking is the major driver at the moment. The basic understanding of open banking is that open-source technology allows for greater transparency which in turn improves industry competition for financial services.
Improved competition results in more efficient transactional methods such as Third-Party Payment Providers (TPPP), which assist in making financial actions easier, more secure, and accessible.
Open Banking can be utilized in various ways:
If the premise of open banking is to make accessing information easier across websites and apps, concerns about its security are also understandable.
That’s why safety and security of open banking systems is a top priority for many financial industries.
The issue with financial safety and security is the number of vulnerable points along the system. Heathesh Bhandari, Ozow’s Head of Infrastructure in technology, mentions that “open banking protocols increase the attack surface area of systems and fans out all the issues that banks usually have to all the other third-party providers that integrate with them.” Essentially, all the issues your bank faces from a vulnerability perspective now gets shared with the parties that decide to work with them. While this might be the case, the most common point of attack us, the users.
According to Verizon’s 2022 Data Breach Investigations Report, 83% of successful breaches have a human element to them. This includes intentional misuse of information and negligence.
You might be wondering then, if open banking allows for easier access to information, wouldn’t that result in more issues of fraud? Well, yes and no. Open banking services enter a contract with both the merchant and you, the customer. This happens when you sign on to use the service.
This means that the service provider has an obligation to both you the customer and the merchant it integrates with. Done properly, this prevents any bad-faith arrangements between the three entities (you, the merchant, and the open banking provider). It prevents parties from taking advantage of sensitive information.
Tanya Tobin-Primo, Ozow’s Head of Compliance and Operational Risk, touches on compliance mentioning that “as a TPPP, we have to ensure our compliance that identifies and mitigates security risks.”
From a technological point of view, open banking service providers utilise APIs which automatically input your payment details for you, preventing user-fraud or brute attacks. Physical cards on the other hand have no strong Customer Authentication Features (SCA). According to University of Pretoria research on cyber security awareness, most consumer-targeted financial fraud happens when fraudsters use the actual information on a stolen card to make transactions.
But the benefits don’t stop there. Open banking TPPP’s still work in conjunction with your financial facility by prompting your banking app to verify you as the user before any transaction can be completed. This means that in the event of any fraudulent attempts, you’ll be notified instantly. In essence, you as the customer have a better handle on the movement of your money.
No matter the system or protocol in place, fraud is always a factor when it comes to the payments industry. “It’s important to have established fraud detection tools,” agrees Tobin-Promo. While there are many more vulnerable points along the open network, it also allows for increased monitoring of those systems outside of a banking institution.
Despite our already secure and compliant systems, Ozow still places great emphasis on customer security and the protection of their information. On top of our smart indicators and other security protocols, our risk and compliance team along with our fraud investigators operate closely with fraud departments across South African banks.
“We’ve established a relationship whereby as soon as a bank picks up any fraudulent activity on their side, we’ll also be notified. This gives us a chance to also investigate further,” says Tobin-Primo. This ensures an open line of communication for all parties involved, allowing for quicker response times in the event of any fraudulent transactions.
Our approach to umbrella security provides a firm, secure system that both customers and merchants can benefit from. Customers have the peace of mind knowing their data is securely encrypted and merchants have the benefit of touting the fact they utilise a secure transactional system to protect their customers.