This article summarises a few things about open banking:
how it works
benefits
use cases
security
Since 2017, I’ve built open banking software and have been active in fintech.
Open banking is the general way for apps to use APIs to access banking accounts securely and with your permission.
It’s trendy fintech. And Governments are taking an active role in its adoption, with more than 30 national regulators making at least some progress. A few even have open banking infrastructure up and running:
UK (2018)
EU (2018)
Brazil (2021)
Russia (2018)
Australia (2020)
Singapore (2018)
India (2016, in the form of UPI)
But most of these networks differ in quality and are incompatible.
We’ll mainly look at the UK and the rest of Europe. These nations share aspects of open banking because they adopted PSD2 (the second Payment Services Directive) into local law.
According to PSD2, banking accounts include:
current accounts
savings accounts
credit card accounts
Let’s look at how the journey looks for app customers.
How open banking works
Allowing an app or website to connect to your bank account works similarly to giving an app access to read your email address or edit a photo using your Facebook or Google login.
But instead of a “Login with …” button, a website or app will ask you to authorise their access to your bank account, usually through your online banking app.
The two main capabilities of open banking are:
reading bank account information (including transaction history)
initiating payments from the account
Managing access
Importantly, you have complete control over how long apps should access data.
You can revoke this access at any point.
Benefits of open banking
Efficiency
Using APIs drastically improves the speed of communication over traditional forms.
For example, banking APIs take 100s of milliseconds to return data, magnitudes faster than scanning or sending your statement by post.
Programmable money treats finances simply as information. The high-speed transmission of financial data helps people and businesses to reduce risk by closing the information asymmetry gap. These improvements will likely reduce the cost of finance overall, which benefits society.
A more direct benefit is that customers enjoy an improved user experience.
Financial inclusion
Being financially included means having sufficient access to financial products like current accounts and mortgages. There’s a spectrum of accessibility, which should be free or as close to free as possible. Therefore, open banking could help people better access financial products differently.
But not everyone has a bank account, which is often referred to as being unbanked. This could be for several reasons:
lack of a physical address in the country
lack of access to an institution’s branch
paranoia about monitoring
Open banking can’t help in the majority of these cases. BUT homogenous API networks make financial systems much more efficient, so they could significantly reduce the costs involved in making financial accounts more accessible to people that otherwise wouldn’t have access.
People with access to bank accounts experience many more tangible benefits.
Use cases
There are no clear limits to the number of services we can build with programmable banking, but here are a few examples of how websites and apps are using the tech today:
invoice payments
savings dashboards
digital wallet top-ups
better access to credit
carbon footprint tracking
bank feeds for accounting
subscription management
card payment alternatives
integrating payment systems
account ownership verification
building credit through rent payments
The security of open banking
Financial-grade security
Most open banking specification writers have either adopted or have plans to adopt a highly secure global standard called the Financial-grade API specification (FAPI).
FAPI sets the highest standard for open APIs that support data sharing between 3 parties. The OpenID Foundation can even validate banks’ implementations, which has multiple benefits, including:
reduced development costs through library compatibility
reduced number of implementation errors
transparency through open source
proof of security
In addition, PSD2 requires European banking apps to use strong customer authentication (SCA), basically multi-factor authentication.
The security standards for open banking make it prohibitively hard for bad actors to access your data, but only when implemented well.
Credential sharing
Because open banking standards aren’t interoperable, most apps rely on some variation of a bridge or gateway to connect to the banking API network. Unfortunately, this often involves introducing a fourth-party entity to the data-sharing relationship.
Most fourth parties used to ‘screen scrape’, which involved convincing people to share their online banking username and password by simulating the online banking experience.
Screen scraping is unpopular… unless it’s the only way for a company to get your bank account.
Even though some apps are likely still using scraping, the rest of the world might follow the FCA (UK regulator) in making screen scraping illegal, which they did in 2020.
Nowadays, most fourth parties don’t borrow customer credentials; they act on behalf of apps and are more likely to borrow theirs instead.
A better UX than the alternative
When properly implemented, open banking makes everyday finances faster AND more secure.
For example, to send your transaction history to a financial advisor or accountant, you would traditionally either:
transfer data out of a secure online banking portal and into an email
send a copy of your statement by post
These processes make your data susceptible to eavesdropping by malware, browser extensions, email clients, ISPs and other people that may have access to your printer or postal service.
Open banking can significantly reduce these security concerns by design.
Final thoughts
Overall, digital banking has greatly benefited financial inclusion worldwide.
Open banking seems like the natural next step in the evolution of digital banking. We can use it to add features to use bank accounts like digital currencies. However, one significant difference is the lack of interoperability between the 30+ open banking standards. The lack of standardisation surprises most developers!
Regardless, the future of finance is programmable money. So, the best developer experience should win by allowing diverse app teams to focus on their USP, which I hope leads to better financial inclusion.