Treasury’s recent decision to push the open banking ‘switch on’ deadline by over six months is due to concerns around security. Albeit slowly, we are moving inevitably closer to a “brave new world of open data” (a term coined at 2018’s ARCA National Conference), so we cannot view privacy and security as an add-on, or something we ‘have-to-do’.
The data landscape is evolving with increasing complexity as consumers will soon enough take information ownership back into their own hands, and the sector is only as strong as its weakest link. We need to not only be worrying about securing our own backyards, but also those of whom we’ll be sharing data with, and work together on industry-wide security solutions in order to properly address security concerns and ensure the open data revolution is to be pitfall-free.
With this in mind, here are some areas that CIOs and the wider financial industry should consider ahead of the implementation of open banking in early 2020.
The first step is to keep the house secure
Amidst regulatory changes, economic pressures and changing consumer preferences, we as businesses have better insights to work with, more commercial opportunities and increased customer engagement. But we are also challenged with continuously maintaining a competitive edge, bringing relevant products to market and finding solutions.
It’s clear that innovation is vital – but without a robust security program in place, commercial risk is high, consumer confidence is low, consumer advocacy is absent and open data participation diminishes. Robust protocols, consumer ID validation, appropriate oversight, governance, reporting and monitoring give businesses the confidence and agility needed to drive innovation.
Think about it as a well-built house: The walls, windows and gates are like malware protection – structures that make the environment as hard as possible for the bad guys to break into. An alarm system acts as a backup to alert you if the bad guys manage to get in – for example, if traffic to your application hits levels that trigger alarms. And encryption is like the home’s safe – if the intruders do manage to get the data, they can’t do anything with it, and digital loss prevention picks up on people sending documents they shouldn’t or personal information leaving that shouldn’t.
If the house is secure, life can progress as normal, without constant fear and interruption from external threats.
Equipping your A Team
Among my peers, I am noticing that when organisations approach their boards and risk committees these days, the conversations are increasingly focused on data assets and data breaches. Risk is no longer the responsibility of Risk Officers alone – we are all accountable.
We need to be bringing people in and upskilling people across the business to understand cyber security and more complex data risks in the face of such influential change. Businesses can complement existing traditional risk functions by acquiring talent and knowledge around data security and hiring the skills to implement and manage the robust security programs we so actively endorse.
After all, without attracting the right people on the ground to carry it out, the advanced software and new systems in place won’t reach their full potential.
Consumer trust as part of the Open Banking puzzle
As with any major industry change, we’re on a steep adoption curve with open data that starts at hype and ends at broad-based adoption. But that trajectory will stagnate if we don’t ensure that consumers are on board with understanding the new landscape, and following the related security protocol.
We want consumers to be able to control their finances with smarter management tools in a secure way. We want mortgage providers to better understand a consumer’s affordability for an application, or a property company to qualify an individual’s income and rental history to better assess their eligibility to rent a property in a secure manner.
But we can’t get what we want without everyone being on the same page. Losing customer trust equates to halting innovation – it won’t matter how robust and appropriate the security framework is if no one knows or wants to use it.
As the UK’s Tony Blair once said, it’s all about ‘education, education, education’.
Providing Australians with the full picture
While there is some conceptual understanding amongst consumers, there is a real sense of consumer fear around ownership and security regarding open data.
Research we undertook last year across APAC revealed two thirds of consumers are comfortable with sharing basic personal data, however for highly guarded data and demographic information, their willingness radically decreases.
Interestingly, people are most comfortable sharing basic personal data with retailers. On the other hand, consumer trust in banks is underwhelming, even though there are fewer recorded breaches within banks than retailers. Retailers have been victim to some of the biggest breaches, such as Target’s breach which affected 41 million customer payment-card accounts and revealed contact information of more than 60 million customers.
But a large proportion of consumers are not clued up on data sharing. In fact, a fifth of consumers in the UK are oblivious to the way in which companies wish to use their data, often accepting it without really understanding the reason, the next step or the benefits.
If our local understanding of data use is not nurtured, people may feel cheated if their perception of the value-exchange is not positive, or will not be willing to participate in open data initiatives, significantly reducing the potential success of systems such as Open Banking.
With the timeline on open banking extended, it provides industry with the opportunity to get open banking right and truly harness the power of a data environment. Investing in robust security systems will ultimately lead to strong consumer trust and consequently a successful open data ecosystem.
Barry Libenson is global CIO at Experian.