The term “open banking” refers to a system for accessing data in accounts held at financial institutions via application programming interfaces, or APIs. This will allow customers to tap into their accounts through a variety of service providers instead of going directly to their bank accounts.
The simplest use cases are already here – payment information can already be stored with a variety of apps and sites, and sites such as Mint ask for online banking logins in order to “scrape” the data found there and display it elsewhere. But the vision of open banking is much grander. Instead of screenscraping or embedding a credit card number in an app, APIs will transmit selected data securely, allowing the bank more control of what is shared and when.
Bankers such as Jamie Dimon have long complained that screenscraping and credential storing by third-party apps makes customers less secure, and exposes the bank to additional risk. The majority of credit card breaches occur because of the way merchants store customer payment data – mobile payment methods such as Apple Pay mitigate their risk, and open banking could make accounts even safer, it is argued.
Apps such as PayKey offers one payment use case illustrating how customers might experience open banking. PayKey built a custom keyboard that can appear in social media apps viewed on mobile. Banks with which it is partnered can have a branded “pay key” on this keyboard, so instead of leaving the app to send that $50 to your friend Jim, or using the social media’s own payment functionality if available, the pay key accesses your bank account to send the money out.
Banks have several options to consider in moving to open banking. Institutions can build a proprietary suite of APIs to allow data-sharing in controlled channels, or build a marketplace and allow properly vetted fintech providers to join and offer services to the bank’s customers. There are many providers of such software, including, for certain cores, the core vendors. There are also intermediaries such as Plaid and Finicity that can help with credit decisioning by giving banks better views across a customer’s accounts held at other financial institutions.
This is part of what’s in it for banks – if banks allow other services to plug into their systems, customers wlll be encouraged to share more information with the bank and open up areas of their lives such as other banks’ credit cards, to which banks sometimes have little visibility beyond outgoing payments. An early example of this is Citibank’s new app, which allows users to enter other cards, much as personal financial management platforms have done for years.
In the U.K. and Europe, regulations have forced banks to unseal portions of customer data in order to allow third parties access. Elsewhere such regulations may be a long time coming, and in the absence of standards and a governing body, most banks are understandably reluctant to walk this path, seeing in open banking a loss of control and a surrender of some portion of the customer experience.
Banks such as Green Dot have built a business of banking as a platform, allowing services, including its basic checking account, to be embedded in other apps. What should underlie both banking as a platform and open banking is the bank’s API strategy that fits the institution’s goals.
Large banks are already inching toward this through fintech partnerships or proprietary API suites. Developers at data aggregators such as Plaid and Finicity are known to complain that bank APIs are not up to the standards of the tech world at large, but banks are still relatively new to the world of APIs, and have additional regulatory concerns that other technology companies, at least for now, do not. Smaller banks must decide what their data sharing and API strategy will be, and choose the course that makes sense with their broader strategic imperatives.