Creating a secure and safe open banking landscape in Asia with trust and user-centric experiences

Open banking is increasingly transforming the way financial institutions operate and how consumers move and use money. 

By empowering banks to share account information in a secure, standardised format with other authorised organisations, open banking is inducing transparency, facilitating collaboration, and opening up new opportunities for those within the ecosystem. It serves as a platform to connect disparate financial backends into one cohesive ecosystem that benefits consumers by providing a better and seamless user experience.

Asia as the new open banking capital

Asia-Pacific is a leader when it comes to open banking, thanks to the region’s extensive digital ecosystems and consumers’ willingness to share data. Both financial institutions and tech firms have developed data-sharing infrastructure, and adoption rates are high.

The vibrant fintech scene and the rise in digital ecosystems have propelled the region as the new capital of open banking in recent years. Investment in open banking APIs among banks and financial institutions across Asia-Pacific has been consistently high, in contrast to the regulation-heavy context in Europe. 

Additionally, fintech companies have been contributing to the open banking movement. These newcomers are set to upend the business models of traditional financial institutions by using agility and speed to pioneer user-centric services.

Singapore is the most advanced market in the region, with a robust regulatory framework and proactive legislation designed to give consumers more control over their finances. 

In fact, the Monetary Authority of Singapore (MAS) has helped shape information-sharing standards throughout the broader region. Together with the Association of Banks in Singapore (ABS), it was the first regulatory body in Asia-Pacific to release an API Playbook, and it has issued regulations on authentication and security issues that other countries have turned to when developing their own legislation.

Elsewhere across the region, Hong Kong and Australia also enjoy progressive open banking markets. In China, many banks have been embracing the principles of open banking – innovation, interconnectivity and client-centricity – to build out infrastructures even without regulatory directives. 

Security challenges facing open banking

There are still teething problems facing open banking despite increasing uptake in the financial services industry.

Standardising protocols remains a global challenge. APIs are the technical foundation of the open banking ecosystem. However, there are currently hundreds of open banking API platforms in the market, which hinder the growth of the ecosystem and make it more difficult to protect transactions against sophisticated threats. 

While there were attempts to standardise these protocols, they have been limited by regions thus far, and global standardisation still remains an issue.

Another challenge is security and trust. Transactions can only take place with customer consent, and banks must be able to verify that people are who they claim to be. In this ecosystem, the responsibility for authentication and identity management rest solely with the account holding banks. 

API abuses are expected to increase as open banking further develops. Furthermore, with open banking also comes the need for digitalisation, which has dilated the threat landscape related to financial crime, providing organised crime and cybercriminals with increased opportunities to prey on digital consumers.

There is also enhanced risk of identity theft and online fraud in the digital space. If not managed correctly, these online risks can erode trust in the banking relationship, which can prevent a smoother transition to digitalisation, especially in emerging markets.

Tips and best practices

Banks and those within the open banking ecosystem can leverage technologies such as artificial intelligence and machine learning to address security challenges, including safeguarding account entry points with frictionless multifactor authentication, detecting fraudulent transactions and protecting against cyber attacks. 

They can also incorporate the following best practices with their long-term strategy for building out a robust and secure open banking architecture: 

  • Preparation, automation, and scalability are critical. Financial institutions should always assume they are under attack, and proactively use technology to be prepared. 
  • A key component of any financial services firm’s risk management strategy should be focused and optimised around preventing fraud, automating online threat detection, and being able to continuously validate the identity of the users. 
  • Technology should be scalable to support financial businesses in becoming more dynamic. Technology is there to enable them to grow, partition, isolate and adapt to any regulatory requirement and threats that consumers, banks, and fintech providers could encounter.
  • Finding the balance between usability and security starts with identifying the key internal stakeholders which have operations that impact the customers. They can be part of the tech, business, security, or legal team. One important aspect is that all teams need to be aligned with the chief experience officer (CXO). 
  • When trying to establish the user experience (UX), the consumer experience might not be attributed to a specific channel. For instance, when consumers are making online payments, or just simply trying to apply for a new telephone or mobile phone account, it would typically require multiple touchpoints from the consumer. These entry points that are part of the consumer experience can also add and introduce certain risks. 
  • Having a way to correlate multiple channel behaviours from the consumer significantly helps identify and analyse fraud by looking at all the cross-channel data available. This is a very important factor in making sure consumers can transact securely across their end-to-end journey.
  • Always remember that gaining trust is the end goal. The outcome is dependent on the stakeholders’ measurement of success within the constraint of their organisation and jurisdictions.