Open Banking: Banking Done Right!
Open Banking and PSD2 have flooded headlines months, rivaling GDPR for the coveted title of “hottest non-BREXIT topic”. I know what you’re thinking, technology was supposed to bring us robots, space travel, and flying cars, not data mining, API’s, data protection, and more data. So let’s pop the hood and try and understand this in layman’s terms.
Understanding the Basics
On 14 September 2019, the Second Payment Service Directive (PSD2) came into effect. PSD2 is an EU wide legislation introduced to make electronic payments safer and more user-friendly from a technical perspective. Open Banking gives you the option to securely share your online payment account information and/or make payments directly from your online payment account with authorized or registered parties you trust, known as Third Party Processors. Open Banking allows third party processors, fintech apps, and online retailers to connect directly with your bank, simplifying all things finance for you.
What does Open Banking mean for me?
Open banking puts the customer in the driver’s seat, giving you the freedom to share your data with the services you trust, and allowing you to pay in a way that’s convenient for you. Open Banking is an option for donors, not a requirement. If you do not want to avail of the benefits of Open Banking you don’t have to. The choice is entirely up to you. You decide which apps, and organizations get to connect with you.
All that the EU is saying is this, “We recognize banks are not as nimble as a fintech company. They’re rigid with legacy systems, and we want you (the customers) to be able to avail of the latest and greatest technology. We’re making banks open up their doors to innovative new companies, and making life easier for the general public.”
In summary: Open Banking means banks are required to create a secure gateway (API) that authorized third parties can connect with, to access customer data if, and only if, that customer chooses to share their data.
Safety and Security
The core objective of PSD2 and Open Banking is to provide a secure connection. All Open Banking API endpoints have been built by the banks, and tested extensively before release. Multi-factor authentication processes have been implemented by each bank, to ensure that only the customer can authorize access to account information. Furthermore, in order to get approved as an organization capable of connecting with a bank’s API, businesses need to go through a strict assessment by the Irish Central Bank. The CBI verifies that the company has systems, processes, and security standards in place that are as robust as a bank. This essentially puts a second level of security around the bank’s existing security measures. You can go to your bank’s website to find their specific security protocols and Open Banking processes.
What information am I sharing?
The information you share is up to you. Most third parties are looking to connect with your transaction history, account information, or account balance. Companies offering loans, money management tools, financial planning services, and other fintech offerings need this information in order to conduct business. In the past, if you wanted to go out and get a loan, or use a financial planning tool, the process would entail heaps of paper documents changing hands and could take weeks. Now you can do it with a click of a button.
It’s important to remember, that when you’re giving a third party access to your Online Banking, you’re not giving them your login information. You are verifying that you would like to work with them by logging into your bank through their secure portal. You are logging in to your bank through their “bridge” into your bank. The third party never sees, keeps, or stores your login information.
It’s also important to remember, Open Banking refers to open access of information not open access to the money in your account.
What was the old process?
We’re simplifying a bit here, but the old authorization process was basically “Scrooge McDuck meets Nuclear Launch codes”. The only two people who could authorize our online banking information were you and your bank. To access your account information, you and your bank would turn your “nuclear launch keys” simultaneously. The bank was the only one who had access to the other key (hence Scrooge McDuck).
Now the banks are saying, you (the customer) can decide who has access to the information (the other key). The simultaneous launch key analogy still applies, but this time, you decide who has the other. — Hopefully, that was more enjoyable than confusing.
What does Open Banking look like for my bank?
We know there are a lot of great banks out there, but let’s take a look at AIB and BOI for starters.
AIB launched Ireland’s first industry-standard open application programming interface (API) allowing trusted third parties to interface with its platform to offer services to customers. They are positioning themselves to become a more tech-savvy bank to appeal to the needs of their customers. All you need as an AIB user is to have downloaded the “AIB Mobile” app.
If you’re downloading a fintech app that needs to use open banking, it is a simple 3 step process.
Step 1: Enter your 8 digit online registration number.
Step 2: Enter 3 digits of your 6 digit pin.
Step 3: Your AIB app will send you a notification on your phone and you will have to hit “confirm”.
BOI has taken a slightly different approach. They are simplifying the authorization process by creating a separate app which helps you verify in seconds. BOI users will need to have both the “Bank of Ireland Mobile Banking” app, and the “Bank of Ireland Keycode” app. The BOI Keycode app links directly with your 365 account. You can download the app on your phone and register it in minutes through your 365 account. The full process can be found on their website. Once you register the keycode app, that becomes your authorization gateway.
If you’re downloading a fintech app that needs to use open banking, it is a simple 2 step process.
Step 1: Enter your 365 User ID.
Step 2: Enter the password generated by your BOI Keycode app into the fintech app portal.
