Fraud and Security: Does Open Banking Create a New Problem?

The word "fraud" is a nuisance and a problem that affects both our personal and commercial lives. According to a report by Friends of UK Finance, cybercriminals have shifted their focus towards consumers and their personal and financial data. In fact, Authorized Push Payment (APP) fraud has overtaken card fraud for the first time in the first half of 2021. The U.K. Treasury Department reported a 71% increase in APP fraud resulting in a loss of £355.3 million, compared to £261.7 million lost due to card fraud.

To combat this problem, Open Banking Excellence (OBE) is working towards promoting knowledge sharing, new thinking, and partnerships in the financial services industry. With the aim of developing an innovative model of open finance, OBE organized an event to discuss the buzzword about fraud and security. The attendees were eager to participate, and the discussion helped raise awareness about fraud prevention. With the knowledge gained from the discussion, we can all take the necessary steps to prevent fraud and keep our finances safe.

The word "fraud" is a nuisance and a problem that affects both our personal and commercial lives. According to a report by Friends of UK Finance, cybercriminals have shifted their focus towards consumers and their personal and financial data. In fact, Authorized Push Payment (APP) fraud has overtaken card fraud for the first time in the first half of 2021. The U.K. Treasury Department reported a 71% increase in APP fraud resulting in a loss of £355.3 million, compared to £261.7 million lost due to card fraud.

To combat this problem, Open Banking Excellence (OBE) is working towards promoting knowledge sharing, new thinking, and partnerships in the financial services industry. With the aim of developing an innovative model of open finance, OBE organized an event to discuss the buzzword about fraud and security. The attendees were eager to participate, and the discussion helped raise awareness about fraud prevention. With the knowledge gained from the discussion, we can all take the necessary steps to prevent fraud and keep our finances safe.

Growing Threat Awareness

The problem of payment fraud is becoming increasingly complex and challenging, and the financial industry must tackle it head-on. To address this issue, Open Banking Excellence (OBE) collaborated with Michael Huffman, Director of Fraud at Gokadris, who provided insights into preventing payment fraud for organic growth. In a blog post for OBE, Huffman suggested that, in the face of a challenging economic environment, people may resort to fraud to increase revenue.

At a panel discussion, Mike Haley, CEO of the British anti-fraud agency Cifas, shared some alarming statistics. Identity fraud had increased by 39% by May of that year, while object or account acquisitions had increased by 109%, primarily affecting the telecom and online commerce industries. False applications for bank accounts also increased by 59%. Open banking can contribute to reducing fraud by enabling customers to view their bank account information and verify their identity.

Data disclosure is a significant concern in combating payment fraud. Brendan Jones, Chief Commercial Officer at Concentus, emphasized the importance of a robust regulatory framework, especially as open finance gains popularity. The lack of compliance testing to determine how well open banking has been implemented in continental Europe is a cause for concern, and the wider regulatory umbrella needs to be in place as the industry moves towards open finance.

Assessing the challenges and opportunities in an open banking environment

Open banking is designed with security at its core, using APIs, encrypted data transmission, and simplified information sharing to reduce fraud risks. However, as the ecosystem grows, fraudsters and scammers will inevitably create new challenges for the financial industry. In a panel discussion, Haley noted that open banking has not created a new type of fraud but has increased the attack surface, providing fraudsters with more entry points to initiate payments or intercept personal information.

Chris Michael, CEO and co-founder of the Ozone API, agreed that open banking is not a cure-all for fraud. However, he emphasized that the regulatory requirements in the UK have helped build a robust trust system, and the EU's regulatory technical standards have some good principles about secure communication and strong customer authentication. These are designed to ensure that only regulated entities have access to bank accounts, and regulators can participate in the data flow, parameterize consent, and provide better results to customers.

Huffman added that implementing an open banking standard is critical to current protections against fraud. Open banking, if implemented properly, offers several controls to combat fraud. However, consumer due diligence is another important factor to consider in preventing fraud.

Impact on the weakest link

Haley noted that there has been a shift from unauthorized card fraud to app fraud in the past year, but she hesitated to blame the security system, which has been successful. The weakest link in the system is now the customers themselves, who demand easy payment options.

Jones pointed out that while there are various safeguards in place, like payee verification, it ultimately falls on the consumers to be vigilant and take responsibility for their own payments. Michael added that while the CoP can help prevent misuse of funds, it is not effective against app fraud, which can be perpetrated by sophisticated fraudsters who create fake accounts that look real.

To combat this, Michael suggested using a two-step payment process, where a small payment is made first to verify the destination, before designating the recipient as a beneficiary. He also encouraged fintech companies to develop a seamless payment initiation service provider (PISP) stream to improve open banking's ability to handle these issues.

Despite the challenges, the UK's Office of Open Banking Implementation recently announced a record 1 billion API calls per month, a sign of the sector's growth and maturity. Open banking's security model is based on trust, and the key to combating fraud and financial crime is collaboration, sharing of data and intelligence, and educating consumers.