Skip to content
CCG Insights

Research Snapshot

  • Research Snapshot

Security Is Biggest Open Banking Concern in US

Security Is Biggest Open Banking Concern in US

Security Is Biggest Open Banking Concern in US

August 25, 2021

By: Kate Drew

Security is the top concern about open banking among US bank executives, according to CCG Catalyst’s 2021 US Banking Study. A whopping 61% of respondents selected security across a range of concerns, making it the top option by a wide margin; budget came in second at just 16%. This data is perhaps not all that surprising — the concept of open banking centers on the ability to share data, and generally customer data, with third parties. For a bank, that can feel very scary. And these concerns are not unfounded: Application programming interfaces (APIs), the mechanisms through which open banking is typically delivered, can be vulnerable to hackers if not properly designed and maintained. However, with the right approach, putting in place an API strategy to support open banking could actually increase security. 

Customers today are using third-party fintech apps in droves, and they are generally going through data aggregators to connect these apps to their bank data — one in four consumers with a US bank account has connected to an app via data-sharing specialist Plaid, for example. These data aggregators, which consumers may not even realize they are using, often pull down the data fintech apps need through a process called screen-scrapping. Essentially, they create a screen that mirrors a bank login, and then collect a user’s credentials and log in on their behalf. Because this process requires a user to hand over their login credentials, it comes with major security concerns. Providing tokenized access to the bank via API is much more secure. In fact, a number of large institutions including Chase and Wells Fargo have inked direct agreements with Plaid to provide secure access to customer data, with consent, in part to eliminate screen-scrapping from their systems. In addition to security, these agreements allow for greater control; for example, Wells Fargo customers can turn data-sharing with Plaid-supported apps on and off from inside their banking app.

Although API access is more secure than screen-scraping, it has to be done right. That means leveraging best practices to avoid vulnerabilities. Most API management platforms today align to industry standards, including supporting different security schemes like API keys and basic authentication. But it’s important to understand the different options and ask the right questions. It’s also critical to choose the right partners; not only on the API management side, but also when it comes to who you’re providing data access to. Fintechs tend to understand the importance of security — it’s central to their adoption — and larger players like Plaid have extremely robust controls, but ongoing audits on all third-party partners to ensure they remain compliant with bank standards is generally good practice, as well. 


Subscribe to CCG Insights

You Might Like These, Too

Mobile Payments Will Rule POS in Ten Years’ Time, Experts Say

Mobile Payments Will Rule POS in Ten Years’ Time, Experts Say

Banking-as-a-Service: Navigating a New Frontier – Part I & II

Arizona group aims to jump-start European-style open banking in U.S.

A Recalibrating Fintech Space

A Recalibrating Fintech Space

Leaders in Bank Consulting

About CCG Catalyst
Latest Insights
CCG

PHOENIX • NEW YORK • LONDON • SINGAPORE

Phone: +1-480-744-2240  • Contact Us

© 2023 CCG CATALYST CONSULTING. Privacy Policy & Terms of Service.
Request a Call Back
Linkedin Twitter
Subscribe
to our Insights
Subscribe
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT
BANK
FINTECH
FUSION
  • About
  • Services
  • Insights
  • Fintech
  • Research
  • Team
  • Contact
  • Press
  • Careers
  • Events
  • RFI / RFP
  • Terms
  • Privacy
Linkedin Twitter Search
Subscribe for Insights

CCG INSIGHTS FOR BANKS, FINTECHS, AND CREDIT UNIONS

The Fed, Real-Time Payments, Alexa and Apple P2P, Part of Payment Revolution
  • Weekly digest of what's new
  • New research snapshots
  • Exclusive access to banking and fintech research
  • Industry news
  • Invitations to webinars and webcasts