Vice President, Trend Micro Canada
Open banking has given us new innovations, business opportunities, and customer convenience — but fintech leaders must ensure they’re prioritizing cybersecurity.
Open banking is rapidly expanding into Canada and greatly impacting the financial services landscape. It gives customers the option to share their information with third-party suppliers for financial software use such as budgeting, bill management, and payment automation. This automated data sharing with third-party applications known as open banking is the latest face of fintech as we know it.
A new European Union (EU) banking initiative called the Revised Payment Services Directive (PSD2) recently took effect, regulating payment services and payment service providers. It aims to promote the innovation of online and mobile payments, and gives users greater control over their banking data. While PSD2 is an EU directive, the effects have been global. Open banking presents exciting options for consumers, enabling a new set of products that solve one of the biggest issues facing consumers: keeping track of financial products across multiple institutions.
“The main drivers of open banking are breaking the monopoly of banks, stimulating innovation in the financial industry, improving user experience, and finding new ways for generating revenue,” says Marcia Sequeira, Vice President at Trend Micro Canada, a company that provides hybrid cloud security, network defence, and user protection services.
With new innovations come new risks
While the move toward open banking introduces many benefits, they’re accompanied by new challenges related to data security. This presents both a business risk and an opportunity for incumbents to expand their current offerings.
As we know, open banking gives third-party fintech companies handling established banks’ additional services the same access to customers’ banking information. This greatly expands the cyberattack surface for banks and their customers, creating new opportunities for cybercriminals to target them. As a result, better protection, awareness, and solutions are required.
Elevating security to a boardroom-level discussion will only help improve the user experience, alleviate core security risks, and support the success of growing domestic solutions.
While banks and financial companies have a long history of tight security, it’s not always a high priority for fast-growing fintech companies. “Enhanced security isn’t a key driver of open banking, but it’s a necessity to introduce open banking in a secure way,” says Sequeira. “The industry needs to properly prepare for this greatly-expanded attack surface to meet the expectations of customers.”
Having the security conversation early and often
Sequeira points out that because the boom of open banking puts valuable financial data in more places, fintech companies and customers must have conversations about security more often and more openly. With escalations in ransomware attacks and sensitive data theft such as personally identifiable information, intellectual property, operations data, and financial data, fintech leaders must work with their development and security teams to ensure that cyberattack and data breach prevention strategies are ingrained in their business strategy.
Open banking has already begun to transform financial services, driving innovation and making transactions far simpler for consumers. “As the industry continues to accelerate in Canada, business leaders and developers alike at both fintech companies and financial institutions must make security a top priority,” says Sequeira. “Elevating security to a boardroom-level discussion will only help improve the user experience, alleviate core security risks, and support the success of growing domestic solutions.”
Trusted leaders in enterprise data security and cybersecurity
According to Sequeira, organizations should focus on strengthening four key areas: system level, network, application, and transmission level security. “Many fintech companies take a cloud-first approach to building applications. But building in the cloud isn’t a ‘set it and forget it’ process. It takes ongoing management and strategic configuration to make the best security decisions for your business,” says Sequeira. Beyond that, ongoing employee education programs in cybersecurity help maintain a strong level of awareness and preparedness for all employees.
As a global leader in enterprise data security, cybersecurity, and cybersecurity research, Trend Micro’s mission is to help make the world safe for exchanging digital information. The company protects applications from vulnerabilities and secures cloud environments while providing customers with data privacy