Open Banking – A short interview with Ralf Ohlhausen


Will privacy concerns undermine Open Banking?

Open Banking forces established banks to work collaboratively with other payment service providers by requiring them to share their customer’s data if they so wish, thus encouraging transparency and fair competition. Essentially, banks will be required to give their customers better access to their own banking data. So, Open Banking is focused on freeing up consumer data, rather than keeping it locked up as some of the banks want to continue doing. No one would have access to consumers’ data without explicit consent from the consumer, removing all privacy concerns from consumers.

What are consumers really worried about? Are they right to be worried?

The main worry for consumers is that open banking will enable third parties to steal their data or use it in a way they don’t like. However, this will not be the case as third party providers are subject to strict data privacy laws. In addition, under the Second Payment Service Directive (PSD2) these companies will need to obtain a specific license to prove the security of their systems to acquire consumer data. Moreover, the European Union (EU) data privacy law will be further strengthened when the General Data Protection Regulation (GDPR) comes into effect in May this year, applying an obligation to implement technical and organisational measures into data processing activities. Consequently, consumers should not be worried about their data being stolen by third parties due to the strict privacy laws and licences that come with PSD2.

Will attitudes to Open Banking change over time (ie, is this just a passing phenomenon)?

Over time people will realise that they can only profit from sharing their banking data with third party providers. Doing so will provide consumers with innovative value-added banking services, such as the ability to manage all accounts on one platform. This situation can be compared to the de-regulation of telecoms a few decades ago, whereby British Telecom (BT) was no longer the dominant player in the industry. The de-regulation meant that phone lines were no longer monopolised by BT, driving more competition, reducing costs and providing greater choice for consumers.

How can banks and providers re-assure consumers? Is there privacy technology that will help, or is this an emotional issue best tackled with marketing?

Banks don’t want to re-assure their customers. They are scaremongering to discourage their customers from using third party services as this challenges their dominance in the sector through boosting online competition. Banks have a natural interest to undermine their new competitors, as Open Banking allows customers to change providers in just a few clicks. One can only hope that the regulators will watch the banks behaviour carefully and that the media stop fuelling their scare tactics.

What experiences have banks and providers had with Open Banking so far regarding security and privacy?

Many EU countries have seen third parties accessing consumer personal banking data for many years. In the UK we saw only a few and more recent examples, like HSBC inviting 10,000 of their customers to trial a new app where they can add account details from up to 21 different banks so they can view all current accounts, savings and mortgages in one place. Across Europe, there has not been any known fraud or data leak cases by third party providers in the past 15 years during which they processed hundreds of millions of transactions. Third party providers now need to prove their level of security to obtain licenses and, as a result of PSD2, will be under ongoing regulatory supervision, which reduces the likelihood of security and privacy problems even more. In addition to this, the sharing of static bank credentials must now be complemented with transaction specific one-time passwords, which will add an additional layer of security. Therefore, Open Banking and PSD2 further strengthen the already very good security and privacy practices currently displayed by payment service providers and banks.