With U.S. banks lagging behind in embracing the
In the U.K., progress on developing an open banking model — which involves using data portability and other technology to allow third-party access to a customer’s personal account — results from the U.K.’s determination to promote competition in a country where four retail banks dominate the market. Meanwhile, the EU directive on open banking is due to come into force in 2018. Despite
Regardless of the goodies associated with a bank offer — such as cash inducements or better interest rates — U.K. bank customers have stubbornly refused to switch from one bank checking account to another. Even if consumers aren’t especially fond of their banks, convenience and inertia rule and few individuals change their accounts. Open banking is seen as a way to make switching banks easier. The U.K. government also sees service advantages for customers if banks let third parties access personal bank accounts — once customers have given their "
This openness, however, is a slippery slope. Once customers have given permission, third parties would be able to access consumers’ banking data, including investment records, transaction histories, and checking and savings account data. Third-party providers could also debit payments for their services directly from the customers’ bank accounts. And, the third parties’ ability to crunch the financial data to offer customers additional and/or competing products puts banks’ cross-selling opportunities at risk.
Beyond issues related to competition, the plan — in the U.K., at least — effectively pushes the responsibility for identity theft onto the consumer, putting the onus on consumers to protect their own identities. In the open banking model, consumers would have to be able to show that their passwords — and any other personal information that enables hackers and identity thieves to access their accounts — had not been divulged, except by consent to certain third parties.
In other words, banks would no longer have to take responsibility for ensuring security for these accounts. They would not have to compensate their customers for the fraudulent use of their credit cards or the theft of funds from their current or savings accounts. The idea is consumers taking responsibility for who has their credentials through "informed consent" will add a layer of security.
But it is not clear that opening up customer accounts to third parties on the basis of "informed consent" — even if this is "subject to constraints" such as time limits or transaction size caps — is going to help prevent hacking and identity theft. Banks need to focus on protecting customer accounts from such misuse, instead of trying to evade monetary liability for customers who have lost money due to fraud.
Regardless of the country, the priority for banks should be on rebuilding trust, and allowing third-party access to foster open banking is likely not the best way forward. Sure, technology could be used to prevent identity theft in an open banking model but only if banks get together to consider how to do that. If done right, the data portability technology could benefit all the banks and their customers in the U.S.
Furthermore, consumers in the U.K. were never asked by the government or the banks if they wanted the ability to share their financial data with third parties. In the U.S., banks would be wise to find out what improvements in the system their customers would like before championing open banking.
Oonagh McDonald is a consultant and author of
