RegionsEEAAre you ready for the security obligations of PSD2?

Are you ready for the security obligations of PSD2?

An open letter to the banking industry, which is far from prepared for the wide-ranging impact of open banking.

As we close out 2016 and welcome 2017 as a year fresh with promise, it’s impossible to ignore the fact that Europe’s new revised Payments Services Directive (PSD2) is a reality that still looms large and uncertain in our future.

Even if passporting isn’t negotiated as part of Brexit and as a result PSD2 doesn’t come to fruition (a distinct possibility), open banking is nonetheless here to stay. Frankly, it’s about time – the industry is long overdue for a more competitive environment. Open banking will encourage exactly the type of innovation necessary to stimulate the development of new business models, as well as a wide range of new banking services.

But are banks really ready for all of the ramifications that open banking brings? In many cases, the answer is a resounding ‘no’ – although not for the reasons you’d think.

While everyone has been talking ad nauseam about the innovation and competition aspects of open banking, one critical impact has been notably absent from the majority of discussions, and that’s security.

Open banking throws the doors wide open to sensitive, valuable customer data and payment infrastructure. It’s easy to overlook the security implications of that fact when access is only being granted to appropriately regulated organisations, but let’s be realistic. The industry is already in an arms race with hackers, fending off attacks of every conceivable type. Who knows what kind of havoc can be wrought with free access to customer data and an open payment infrastructure; things we couldn’t even imagine. There’s already been talk about the risks of fraudulent third-party providers (TPPs) – what next?

Convenience versus security

In fairness, one of the main goals of open banking is actually to increase the security of payments. PSD2 specifically includes key security considerations, such as mandatory use of two-factor authentication; security incident reporting to both regulators and customers; as well as mandatory security assessment reporting to regulators that addresses security measures and their effectiveness.

All this provides some level of reassurance, but it certainly doesn’t relieve banks of the responsibility of making sure that their systems are properly secured against the potential barrage of inventive new attacks that could come – for example implementing behaviour monitoring technology to ensure that incidents of fraud can be identified and stopped before doing any damage.

There’s no question that open banking will change the payments industry as we know it, promoting innovation and driving competition like never before. It will make payments easier than ever. But convenience shouldn’t come at the price of security. Banks need to seriously consider the security threats of open banking – and they need to prepare for those threats now, before it’s too late.

* For more on PSD2, click here.

Related Articles

All change: the state of today’s banking market

Banking All change: the state of today’s banking market

2d The Global Treasurer
How banks are preparing (or not) for T2/T2S consolidation

Banking How banks are preparing (or not) for T2/T2S consolidation

4w Mario Mendia
Driving digital transformation: what does the future hold for transaction banking?

Banking Driving digital transformation: what does the future hold for transaction banking?

1m The Global Treasurer
Webinar: CGI & The Global Treasurer’s Transaction Banking Survey 2018

Banking Webinar: CGI & The Global Treasurer’s Transaction Banking Survey 2018

1m Jerry Norton
BoA Merrill Lynch adds data analytics to foreign exchange payments platform

Banking BoA Merrill Lynch adds data analytics to foreign exchange payments platform

2m The Global Treasurer
Retail payments may be trendy, but transaction banking never goes out of fashion

Banking Retail payments may be trendy, but transaction banking never goes out of fashion

2m Lu Zurawski
Banking, technology and the shape of things to come

Banking Banking, technology and the shape of things to come

2m Jean-François Mazure
What can we expect from the banks of tomorrow?

Banking What can we expect from the banks of tomorrow?

3m Marc Hurr and Daniel Eduardo Suero