Co-sponsored: Is open banking a Pandora’s box?

Open Banking was a hot topic at Sibos last year, given the focus on Europe’s Revised Payments Services Directive (PSD2). This focus is set to continue as momentum builds in the rest of the world, especially in Asia-Pacific, around the value of collaboration and the sharing of data between banks, fintechs and other non-traditional entrants. But are banks able to fully protect their customers’ money and data when it comes to open banking, asks Temenos managing director APAC, Martin Frick.

The rise and rise of open banking

Open banking is fast becoming a reality not merely in Europe but in the rest of the world. In the Asia-Pacific region, both regulators and banks are making plans to boost open banking in many countries, in line with developments in Europe. Australia is leading the way with specific guidance on a phased implementation of open banking for the Big Four Banks by June 2019 in order to boost competition and innovation. Other regulators such as the Monetary Authority of Singapore and the Hong Kong Monetary Authority are promoting regulatory sandboxes for banks to work with fintechs on new ideas.

Open banking is already leading to the rise of new value-added services. When Macquarie Bank in Australia created an open API marketplace in September 2017, it allowed customers to integrate their account information with a personal finance software called Pocketbook. This made it possible for the customers to get real-time view of their budgets and manage their money.

Open banking and the increased risk of fraud – why?

The Australian Government’s Treasury cites data sharing as bringing specific benefits to the end-customer such as greater transparency and choice over what products and services they buy and from whom. However, in Australia and elsewhere, banks are understandably worried about cybersecurity and the risks of unauthorized data access posed by open banking. In our 2017 Transaction Banking Survey by Ovum, 67 per cent of the 200 of the respondents either agreed or strongly agreed that there was a higher risk of financial crime with non-bank TPPs (third-party providers).

As open banking takes off, the volume of queries on the customer data and transactions that banks process is expected to rise several-fold, with third party access from current and new remote channels. Also, open banking is not just about account aggregation services but also about payment initiation by trusted third party providers (TPPs) directly from customers’ accounts. Finally, open banking cements the need for real-time systems as payment initiation from non-bank providers on remote channels means customers expect near real-time responses to their requests for accurate balances and for payment execution.

Real-time payment execution increases the risks of fraud. Real-time payments need to be processed as they occur and cannot be reversed – there is no time for manual fraud review steps.

The challenge of fraud in real-time payments

Fraud in real-time payments requires faster and more accurate identification. Also, historical data alone is not sufficient when detecting fraud in real-time. With the increase in new payment schemes without value limits, processing a fraudulent transaction can also be very costly.

This issue is huge for retail payments, but in business-to-business (B2B) payments which tend to be much higher value, the impact of fraud in a real-time environment (domestic or cross border) could be catastrophic. The business case for a bank to provide B2B real-time payments is strong; they can create new revenue streams through value-added services. However, without a robust real-time fraud solution to detect and manage incorrect transactions, there is a danger that these benefits could quickly turn into damaged relationships, loss of customer confidence, possible fines and ultimately a negative impact on the bottom-line.

By using an AI-based system that uses sophisticated, self-learning algorithms, banks can identify if the individual accessing the account is the legitimate owner

Unlike challenger banks like volt bank or Judo Capital, many incumbent banks have legacy fraud systems with no automated decision workflows and they rely largely on manual screening. This makes banks vulnerable, particularly when there are large numbers of sophisticated attacks in short timeframes bombarding their systems.

Open banking means giving third party providers direct access to the customer’s account. Authentication methods for validating users and the devices they use for transaction initiation do help in fighting fraud, but can fraud still be prevented during the transaction as it occurs before the funds are moved?

Artificial intelligence (AI) may hold the answer. By using an AI-based system that uses sophisticated, self-learning algorithms, banks can identify if the individual accessing the account is the legitimate owner. Coupled with expert business rules, suspicious transactions can be detected and blocked, based on real-time behavioral analysis using elements such as unusual transaction amounts, abnormal frequency, suspicious location and transactions to not‑seen‑before business partners.

Integrated fraud systems powered by AI

In conclusion, the advent of open banking has made it ever more important for incumbent banks to review their financial crime systems. Banks must invest in an integrated real-time fraud and anti-money laundering system powered by artificial intelligence, to lower error rates, reduce false positives and minimize the costs of fraud. Without the right protection, as with Pandoras’ box, there is a risk that otherwise, open banking could become a curse rather than a gift.