OPINION:
As we close out a year marked by data breaches at financial institutions, search engines and Cambridge Analytica’s misuse of Facebook user information, conversations about open banking and data sharing have understandably, yet fallaciously, adopted a fearful tone.
However, policymakers and consumers must be mindful to separate concerns of authorized vs. unauthorized financial data access. There are justified concerns of fraudulent use of data, but there must be balance. The importance of upholding the customers’ absolute right to authorize data access, while simultaneously safeguarding against unauthorized misuse are equally critical.
Authorization of data access must be a linchpin of the discussion — particularly as global markets embrace data-connected tech tools and solutions that make modern finance so dynamic.
Through our adoption of data-intensive technologies and their security protocols, we’ve ushered in a wave of conveniences and services that have revolutionized personal finance. Consumers under 40 expect services to be frictionless, nearly instant, and mobile-native, from mortgage applications to small business loans. All of these new technologies are dependent on persistent data access between banks, FinTechs, and with the customers.
The introductions of credit cards, e-commerce, online banking, and other innovations which have become ubiquitous and beloved among American consumers were likewise accompanied by overly-broad data security worries. Now, as then, we must proactively take privacy and security seriously while also moving toward cooperative data sharing and open banking access. User-generated data is the property of you the user, and authorizing access to that data is your right.
When consumer credit cards were proliferating in the 1960s, dire headlines warned of the risks of attaching your personal finances into a set of transferable digits. Fraud was a real threat: 1.5 million physical cards were stolen in 1969 and dumpster diving for card numbers, or phishing over the phone were common and costly.
Similar failures and fraud schemes, with their inflated fears, accompanied online shopping. The New York Times characterized these worries in 2010:
“We wonder, how secure are these payment systems? Will I be out the money if someone steals my account numbers and goes on a wild shopping spree or bleeds my savings dry?”
” Using a credit card online may seem as risky as Russian roulette.”
Credit card companies and early digital payment systems responded to customer concerns by instituting safeguards for data, assuming liability and absorbing the costs, and helping customers cope when fraud did occur. Security codes, magnetic strips, PINs and chips were added to credit and debit cards. Online payment providers like PayPal developed ever-more-intensive encryption and credentialing.
New laws allowed federal agencies to partner with lenders to curb bad actors and abusive practices within the industry. Slowly, credit card fraud morphed from an all-consuming anxiety to a mild inconvenience and small cost of doing business (about seven cents for every $100 in transactions).
Now we see the same pattern (innovation and convenience followed by fear of fraud and misuse) accompanying the rise of data authorization to access FinTech products and services. Like their predecessors in financial flexibility, FinTechs are tackling data security and unauthorized access from within, partnering with banks to control fraud and working with regulators to build responsible open data frameworks.
While protecting data against unauthorized access is critical, so too is defending deliberate, user-authorized data access. The valuable stream of transactional data being generated by any individual or entity is part of the health and wealth of that individual, and the right to access that data can’t be left to idiosyncratic company policies.
An open banking environment in the United States holds great promise for better customer outcomes, financial health, improved efficiency and economic growth. Consumers get seamless integration of tools that simplify everything from online shopping to wealth planning, delivered by and with banks that can deepen the customer relationship and offer new and improved products with their more specialized FinTech partners.
E-commerce platform Shopify recently debuted fraud protection for its merchants; opt-in service BillGuard compares users’ geolocation data to posted transactions to flag stolen cards. Alloy offers an application programming interface, or API, to simplify account onboarding without sacrificing security. Top banks report investing in blockchain technology and biometric readers to fight the next generation of bad actors.
These mutually beneficial partnerships are currently the most efficient and effective means of assuming liability for unauthorized data access, and building fraud prevention and restitution across the industry. As a solution for the present and immediate future, banks and FinTech companies should work together to engineer agreements that allow individuals to control how their data is shared with services they choose.
A full realization of Open Banking would ultimately negate the need for bilateral agreements, as ownership of consumer data, consent, API standardized data and payment control are among the fundamental elements of the ecosystem. In the ongoing implementation of Open Banking in the EU, this is supported by the robust multi-factor authentication requirement of Strong Customer Authentication (SCA).
To be competitive globally, the United States must play catch-up with European and Asian countries that have already developed collaborative regulatory frameworks and Open Banking schemes. American firms won’t realize these benefits — and will lose innovators and customers to those who do — if anxiety about unauthorized data misuse slows innovation dependent on authorized data access. Innovation-hungry consumers and international competitors drive us toward open banking and increased data access, and we shouldn’t allow conflated worries to cloud our optimism.
• Sam Taussig is head of global policy for Kabbage Inc.
Please read our comment policy before commenting.