From Money to Data to Trust: How Open Finance Improves Security

As the industry embraces open finance ecosystems, it’s an opportunity to raise the bar on securing financial data.

resource cover image
gradient background

The financial services industry has long been a trusted steward of consumer’s money. Consumers turn to banks, credit unions, and other financial providers to keep their money safe and make sure their funds are accessible when they need them. But in today’s data-driven world, being a trusted steward of money is just one piece of the equation. Now more than ever, financial providers must be a trusted steward of the consumer’s personal data and also, a steward of trust itself.

“Customers need to be able to trust financial institutions and fintechs to keep their money safe, to protect their personal data, and to deliver reliable services that help them manage and use their money responsibly. However, trust in financial services is hard won and fragile.” A Time for Trust: The Consumer Money Experience.

It’s no surprise that security is at the core of building and maintaining trust. As our industry embraces open finance ecosystems, it’s an opportunity to raise the bar on securing financial data. 

The Need for Open Finance

At MX, Open Finance means secure and reliable access for consumers to share their data with the financial apps and tools they choose to use. It is based on the idea that consumers own their data and should have control over who has access to it. 

And, of all the benefits that Open Finance provides, the most important is protecting consumer data while giving them control over which organizations they choose to share it with. Current data-sharing methods like screen scraping, for example, put a customer at higher risk unless careful security protocols are in place. 

Open Finance helps alleviate security concerns and improves the experience for the consumer by offering:  

  • Safe and secure data connections through industry standards provided by FDX 
  • Future regulations that help protect consumers and ensure they have control over their data
  • Reliable access to accurate financial data that is permissioned by the consumer

Simply put, Open Finance can be more secure as it eliminates the need for consumers to share their credentials in order to connect financial accounts into a single view. This is why leading organizations are on a journey to secure access to open data in a digital ecosystem. Moving from screen scraping to secure, reliable open finance APIs is the best way to protect open data.

A Call for Better Security

Data breaches, scams, and fraud have reached record levels. The Federal Trade Commission reports that consumers lost nearly $8.8 billion to scams in 2022 — an increase of more than 30% over the previous year. Among the types of scams where consumers fell victim, imposter scams top the list as the most prevalent form of fraud with losses of $2.6 billion. 

For financial institutions, the story is the same. A recent study found that credit union call centers saw over a 70% increase in fraud rates last year. This same report also shows that more than 300 million people have been affected by data breaches since 2020 — and that data compromises are at an all-time high. 

While better controls won’t completely eliminate fraud, financial institutions and fintechs should look to not only strengthen, but promote their security practices to protect consumers and their business. And, they should consider how Open Finance can enhance their processes and systems throughout the consumer money experience to mitigate risk: 

  1. Account Openings

The touchpoint with one of the highest levels of associated risk along the customer journey is when they first open an account. In fact, new account fraud increased 109% in 2021 according to Javelin Strategy & Research’s 2022 ID Fraud Study

At the same time, consumers are quick to bail if the account opening process is too cumbersome. This makes the account opening process a critical touchpoint for both security and a business’s bottom line. 

Leveraging Instant Account Verification (IAV) and identity verification technologies can enable a smoother and more secure experience. Organizations can verify accounts in less than 5 seconds using direct OAuth connections that eliminate the reliance on microdeposits to verify an account. With microdeposits, the customer typically has to wait anywhere from one to three business days for these small deposits to show up on their account, and then they have to log in again to validate their account. 

By contrast, IAV is faster, more cost-effective, and helps significantly decrease drop-off rates as customers aren’t weighed down waiting to verify via microdeposits for several days. Additionally, IAV technology is able to determine whether or not the connected account is owned by the same person who is opening a new account, further safeguarding the account opening process. 

  1. Account Logins 

Previous MX research shows that consumers across all generations want more security and control of their financial accounts. And, when it comes to logging in, most consumers pointed to multi-factor authentication (MFA) and biometric login options as features they want in their money experience

That said, adding layers like MFA can make the login process longer for consumers who have little patience. Financial providers should consider how to strike the balance between a speedy login process and a secure one. Financial providers should consider how to keep pace with new authentication standards and experiences across other industries to ensure they are delivering a secure, seamless experience for their consumers.

  1. Account Aggregation

Account aggregation enables consumers to link together all of their financial accounts into a single view. This financial data sharing enables consumers to gain a 360-degree view of their finances, empowering them to make better financial decisions and get closer to reaching their financial goals. 

However, the majority of financial data sharing is historically done through screen scraping, which requires consumers to share their usernames and passwords with a third party, putting both consumers and businesses at risk. Open Finance enables a better way. 

By leveraging an open finance API, consumers never have to share their username and password. Instead, organizations leverage tokenized API and OAuth connections to enable consumers to connect to and share their financial data — on their terms. Only authorized third-party providers can connect to bank APIs. Consent management gives control to the end user, not allowing their data to be shared without their consent and knowledge. Connecting to financial institutions through secure connections also activates anti-fraud systems already in place.

  1. Day-to-Day Financial Management

The better financial providers understand their customers, the more risk can be curbed. Financial institutions have a wealth of data about their customers including where, when, and how they manage their money. 

By tapping into this data to establish and monitor patterns, financial providers can better identify anomalies and proactively take action or alert the customer when something doesn’t look right. Greater insights into the financial lives of consumers means it’s easier to spot anomalies and potential fraud, reducing risk for both the organization and customer.


Open Finance not only enables organizations to reduce risk and mitigate fraud, but also improve the money experience for consumers. And, in today’s economic landscape, delivering world-class experiences backed by secure, reliable systems are two ways companies can become a trusted partner for consumers.

Open Finance Security Check

Account Opening and Connection:

  • Do you have the login capability to block devices that look like an anomaly or display risky characteristics? Is blocking manual or automated?
  • How are you connecting funding accounts during account opening? Microdeposits, IAV, or via debit cards? If using IAV, have you paired it with account owner verification?
  • What verification method(s) do you use when consumers connect their accounts?

Information Security:

  • Have you seen a change in account takeover and fraud? An increase could mean your login security needs to be refreshed.
  • Are you able to identify when a breach has occurred?
  • In the event of a breach, do you have visibility into where it originated and what the hacker did while in your systems?

Open Finance:

  • Are you able to differentiate between a consumer’s actions and an aggregator they’ve authorized?
  • Does your aggregation require user login credentials? Is this inbound aggregation or outbound?
  • Are you able to provision access to a third party?
  • Are you able to tailor security measures based on the data involved?
  • What is the customer’s connection experience?
  • Can you identify a user based on their device settings?