4 Ways Open Finance Uplevels Security
August 28, 2023 | 2 min read
The financial industry is on the cusp of a new horizon. Complex and siloed legacy technology infrastructure hinders innovation and prevents consumers from accessing their financial data in a secure and reliable way. Simply put, financial data today is closed off. It’s difficult to access, causing ripples throughout the industry and creating friction in the consumer's money experience.
Consumers must look across a multitude of financial accounts to try to manage their financial life. On the other side, financial providers only glimpse a fragment of a consumer’s financial picture and lack visibility into where consumers are sharing data from their systems with others.
At MX, we believe the future of our industry means embracing Open Finance. Open Finance begins with secure and reliable data access for consumers to share their data with the financial apps, providers, and tools they choose to use. This helps break down barriers in today's broken money experience.
72% of consumers say they would switch their primary bank if it didn’t connect to their favorite financial app.
In this post, we will cover:
While Open Finance has been widely adopted in Europe and Australia, North America has its own perspective and regulations for what consumer-permissioned data sharing looks like in the future. As open finance regulations take hold in the U.S., from market-driven to government mandates, we are entering the next phase of secure and open data sharing.
Open Finance is the next step beyond Open Banking, enabling access and sharing of consumer data to even more financial products and services — not just banking.
MX defines Open Finance as the ability to access and act on financial data to build personalized experiences, increase the pace of innovation, and drive industry collaboration. Open Finance enables everyone to access and act on financial data to:
Open Banking is the structured and secure consumer-permissioned sharing of data via open banking APIs between financial service providers. Unlike Open Finance, Open Banking is limited to retail and investment banking. Check out this blog post to understand more about what is Open Banking and see examples.
Many organizations use the terms “Open Finance” and “Open Banking” interchangeably. However, there is a small but distinct difference. Open Finance is the next step beyond Open Banking.
Open Banking enables consumers to share their financial data from bank accounts with third parties. This consumer-permissioned data is limited to banking, whereas Open Finance is much broader.
Open Finance enables access and sharing of consumer data to even more financial products and services — not just banking, like Open Banking. This includes loans, consumer credit, investments, and pensions. It also enables wider integration of financial data with non-financial industries, such as healthcare and government. In Open Finance, consumers can grant trusted third parties access to their entire financial footprint for better experiences and personalized solutions to improve financial wellness.
Want to learn more about Open Finance? View more Open Finance resources.
Today, the majority of financial data sharing is done through screen scraping, which is less secure and less reliable. Connections frequently break and consumers are left wondering who has access to their data while businesses have little visibility into where data is shared. This leads to frustration and could potentially cost businesses customers in the long run. And, screen scraping requires consumers to share their usernames and passwords with a third party, which puts both consumers and businesses at risk.
FDATA reported that nearly 90% of data being shared is done by “other technology,” and only 10% is shared using APIs.
Consumer data sharing typically occurs in one of three ways:
1. Screen Scraping or Credential Sharing
Screen scraping or credential sharing require consumers to share their credentials (username and password) with the data recipient to gain access to their data. Screen scraping is less secure than more modern connectivity solutions like open finance APIs and places a heavy technical burden on bank infrastructure, which creates unstable customer experiences as a single point of access.
2. Whitelisted IPs
Whitelisted IPs allow the financial institution to sanction data sharing with specific IP addresses and see who is accessing their consumers’ data. Whitelisted IPs ensure a higher connectivity rate for consumers linking their accounts to valuable third-party apps, creating a more consistent experience.
3. Open Finance APIs
Open finance APIs allow consumers to access their transaction data without the need to share usernames and passwords, and eliminate the technical burden of screen scraping. Direct connections replace credentials with tokens, delivering higher levels of security, faster speeds, and higher connection success rates.
Of all the benefits that Open Finance provides, the most important is protecting consumer data while giving them control over sharing their financial data. Current data-sharing methods like screen scraping, for example, put a customer at higher risk unless careful security protocols are in place.
Open Finance helps alleviate security concerns and improves the experience for the consumer by offering:
This is why leading organizations are on a journey to secure access to open data in a digital ecosystem. Moving from screen scraping to whitelisted IPs to direct open banking API connections and secure, reliable open finance APIs is the best way to protect open data.
MX adheres to FDX specifications and standards. In order to maintain clarity and continuity, we use their terminology in our definitions.
Data Providers: The entities that hold End Users’ Financial Account Information, including, without limitation to, banks, credit unions, and brokerages.
Data Recipients: Service companies, applications (financial apps), financial institutions, products, and services where End Users (on their own or through their End User Delegates) manage or act on their finances, whether actively managing their finances (such as moving money or applying for credit) or passively doing so (such as garnering recommendations or insights).
Intermediaries: These are the intermediaries that facilitate financial data access, transit, storage, and/or permissioning on behalf of data recipients or end users, also commonly referred to as “Data Aggregators.” In some cases, intermediaries do not have a direct relationship with the end user. The data may be passed through without modification or normalized in line with permitted objectives (e.g., parsed for readability or used to confirm other data). Data Aggregators should not be misidentified with parties who do not obtain end users’ consent but gather data, sometimes referred to as Data Brokers or Data Harvesters.
Open Finance is being driven heavily by the market and consumer expectations but regulations will ultimately shape the best practices and standards for consumer data sharing.
In 2021, the White House issued an executive order that pressed the Consumer Financial Protection Bureau (CFPB) to finalize rulemaking on Section 1033 of the Dodd-Frank Act, the legal basis for Open Banking and Open Finance. The CFPB shared an advance notice of proposed rulemaking in late 2020 to guide how it might most efficiently and effectively develop regulations to implement Section 1033 of the Dodd-Frank Act, which provides for consumer rights to access financial records. Next steps include a SBREFA panel to elicit feedback from a panel of small businesses on potential impacts of proposed regulation.
In 2010, Congress passed the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act). Section 1033 authorizes the CFPB to prescribe rules requiring “a covered person [to] make available to a consumer, upon request, information in the control or possession of the covered person concerning the consumer financial product or service that the consumer obtained from such covered person, including information relating to any transaction, series of transactions, or to the account including costs, charges and usage data.”
The CFPB began the process with an advance notice of proposed rulemaking in late 2020 to guide how it might most efficiently and effectively develop regulations to implement Section 1033 of the Dodd-Frank Act.
At the same time, the CFPB announced it will use a 2010 legal authority to supervise non-bank companies that “pose risk” to consumers in an effort to “level the playing field” between banks and nonbanks. Supervisory determinations will likely focus on individual neobanks, ‘Buy Now, Pay Later’ companies, ‘super-apps’, and big tech.
More recently, CFPB Director Rohit Chopra announced in October 2022 that the CFPB would launch the process to formalize rulemaking under Dodd-Frank Section 1033 that establishes personal financial data rights for Americans. According to Director Chopra’s remarks at a recent panel discussion, the CFPB now expects to propose its rules later this year to accelerate the shift toward “open banking.” By giving consumers greater access to their data, we are seeking to promote increased choice and easier account switching. We expect there will be a ramp-up period beginning in 2024 for 2-3 years for those impacted by regulations where new APIs and other infrastructure must be implemented.
The CFPB isn’t attempting to boil the financial ecosystem ocean out of the gate. The initial proposal for its SBREFA process calls out Regulation E accounts and Regulation Z credit card accounts to start. This means any depository or nondepository financial provider checking accounts, savings accounts, credit cards, prepaid cards, digital wallets, and other electronic payments.
More financial products will be added over time. The CFPB says it “recognizes that many covered data providers also provide numerous consumer financial products and services other than covered accounts, such as mortgages, auto loans, closed-end installment loans, etc. These numerous other financial products would not be subject to the CFPB’s proposals under consideration.” For now…
That said, implementation to comply with outlined requirements and obligations will carry significant costs and impacts to covered data providers and authorized third parties that fall into this purview. In fact, in some cases, financial institutions, fintechs, other data recipients, and data aggregators may be considered both a covered data provider and authorized third party, requiring them to satisfy requirements on both sides of the flow of data.
In 2020, the OCC released new risk management guidance on third-party relationships, specifically called out screen scraping. The guidance calls on supervised banks to conduct governance over aggregators who employ credential-based scraping to collect customer data regardless of whether or not the aggregator has a contractual relationship with the bank.
Bottom line: As the finance industry awaits the codification of consumer data rights through Section 1033 rulemaking, banks and nonbanks have an imperative — competitive and regulatory — to lay groundwork for secure, consumer-permissioned data sharing now.
Open Finance puts the consumer in control of their data, and open data is the key to improving consumer outcomes. It means that companies, financial and otherwise, can build and offer solutions that help them understand and manage their financial lives better. And, it provides a foundation that gives consumers and financial providers better access, visibility, and control into who has access to financial data.
Consumers overwhelmingly agree (89%) that they own their financial data and should be able to control who has access to it. While this is the case, more than half of consumers (55%) also agree that they aren’t sure what companies or providers have access to their financial data.
With the freedom and flexibility that Open Finance enables, consumers have more choice and control over the data they share and how they engage with their finances. And, they gain unparalleled access to a broader range of products and services. It also allows consumers to more easily connect their various financial accounts and data together into a single view — enabling a more seamless money experience.
With open access to data, financial institutions, fintechs, and their consumers can better understand and do more with financial data. It enables:
Want to learn more? Read the Ultimate Guide to Open Finance.
MX is making it easier than ever for financial institutions of all sizes to accelerate open finance adoption and enhance the money experience for consumers through Data Access. The platform enables institutions to deliver a safe and secure connectivity experience for their customers. With consumer authorized and permissioned data sharing, customers gain visibility and control over which apps and institutions access their data — enabling them to grant, manage, and revoke access at any time.
Data Access is an open API platform built on FDX standards that improves time-to-market and reduces costs to deliver secure data sharing, as well as provide the groundwork for greater insights about customer behaviors, trends, and needs. It provides financial institutions with the ability to monitor and manage where consumers are sharing their financial data and the tools to implement a more secure data-sharing experience with token-based connectivity.
August 28, 2023 | 2 min read
August 7, 2023 | 4 min read
June 30, 2023 | 4 min read