Banks urged to share data but warned over security

Experts voice concern over security of open API recommendations

Online banking details

Banks should open up data, including product and services information, to consumers in order for them to make more informed choices about services and value for money, a new report has urged. However, security industry figures have warned that any framework put in place must be secure.

In a report published by the Open Banking Working Group (OBWG), a new framework was unveiled that supports the use of open APIs in the banking sector with a number of measures put forwars on how to deliver them.

Advertisement - Article continues below

It said these APIs would be created so additional services could be built using bank and customer data. These would include open data about products and services as well as shared data about bank transactions that individuals or businesses can choose to share themselves through secure and controlled means.

It added that bank data, including information about banks' products and services, should be made available as open data so that services can be built allowing customers to get more out of their financial relationships.

"Banking as a service has long sat at the heart of our economy. In our digitally enabled world, the need to seamlessly and efficiently connect different economic agents who are buying and selling goods and services is critical," said Matt Hammerstein, co-chair of the OBWG and Barclays' head of client and customer experience for Personal and Corporate Banking. "The Open Banking Standard is a framework for making banking data work better: for customers; for businesses and; for the economy as a whole."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Fellow OBWG co-chair and ODI CEO Gavin Starks said the efforts of the OBWG and the Open Banking Standard "demonstrate the powerful result of leaders coming together to wrestle substantial challenges facing the banking sector."

"It will also set precedents across many sectors: a strong data infrastructure will be as important to the UK's economy today as roads have been to our success in the industrial economy for over a century."

The report said a minimum viable product for an Open Banking API based on open data is recommended to be launched towards the end of 2016, with personal customer transaction data included on a read-only basis starting at the beginning of 2017. The Open Banking Standard's full scope, including business, customer and transactional data, should be reached by 2019, according to the report.

However, Florian Malecki, international product marketing director at Dell Security, warned that if UK banks are to open up customer data to third parties, they must "follow a three-phase IT security process to ensure data are fully protected along their journey".

Advertisement - Article continues below

He said that banks must ensure that their partners' and their own networks have adequate network security protection before, during and after the data transfer.

"Both banks and third parties should anticipate an increase in data traffic and have next generation firewall technology in place which can ramp up network protection during particularly busy transfer periods," he said.

He added that banks should guarantee that customer data are sufficiently encrypted prior to sharing with third parties.

Lastly, he urged banks to ensure that both they and third parties have adequate identity and access management controls in place when receiving customer data to ensure they are viewed only by those who have a valid business reason to do so.

"If this measure is not followed, data could be viewed by unauthorised parties, resulting in failed audits or malicious or unintentional public disclosure of personal data that could impact the bank's reputation," said Malecki.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement
Advertisement

Recommended

Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020
Visit/security/hacking/355382/whatsapps-flaw-shoulder-surfing
hacking

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
Visit/security/cyber-security/355368/microsoft-builds-ai-to-detect-security-flaws-with-99-accuracy
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020

Most Popular

Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
Visit/security/cyber-security/355797/microsoft-bans-trend-micros-rootkit-buster-from-windows-10
cyber security

Microsoft bans Trend Micro driver from Windows 10 for "cheating" hardware tests

27 May 2020
Visit/policy-legislation/data-protection/355835/nhs-yet-to-understand-the-risks-of-holding-test-and-trace
data protection

NHS yet to understand risks of holding Test and Trace data for 20 years

29 May 2020