The Value of Secure Open Banking Initiatives

Financial services firms that want to thrive in the industry must establish Open Banking initiatives that encourage the secure exchange of data.

The concept of Open Banking is becoming increasingly prominent in the financial services industry. The term refers to the practice of building and deploying Open Banking APIs and then making them available to the public for use. Open Banking initiatives are redefining the financial services landscape in a number of ways––from enhancing the services institutions offer to increasing their revenue from new channels. More importantly, however, an Open Banking initiative can lead to a secure form of data exchange that accelerates collaboration with outside organizations and third-party developers and in so doing, redraws the boundaries of what a bank is and what products and services it provides. 

 

The Benefits of Open Banking Initiatives and APIs

An Open Banking initiative is valuable because it enables financial institutions to create assets, or Open APIs, that outside organizations and their third-party developers can leverage. Deploying Open APIs does not mean that financial services firms are providing third-party developers with unrestricted access to their data; on the contrary, every API can be secured and governed in a customized, specific manner. In addition, financial services firms can place specific restrictions and approve or deny access to these APIs. 

Moreover, depending on the level of openness and the data available, third-party developers can use APIs to build innovative applications and services for customers. These applications and services are constructed around the financial institutions themselves, allowing them to both enhance and extend their services beyond the four walls of the traditional financial institution.  As a result, by embracing Open Banking initiatives, traditional financial firms can better combat the threat from FinTech startups and new entrants by increasing cooperation and leveraging innovative technologies and services. 

There are a number of financial service firms that have embraced Open Banking initiatives, including Silicon Valley Bank, Visa, and Wells Fargo. Wells Fargo, in particular, has been on the forefront of Open Banking initiatives. In 2016, the bank announced one of its first Open Banking APIs, part of an effort to provide third-party developers and other institutions with secure access to consumer data. Since then, Wells Fargo has entered into a series of data exchange agreements, including partnerships with Xero, an accounting platform platform, and Intuit, the company behind Mint, TurboTax Online, and QuickBooks Online. 

For Wells Fargo, an Open Banking initiative is necessary because the APIs it creates can act as a “tokenized handshake” between the bank and other firms. As a result, Wells Fargo can benefit because firms beyond Xero and Intuit can use these APIs in innovative ways in order to create tailored solutions and services for customers. And, in the process, Wells Fargo can accelerate collaboration with outside organizations and third-party developers, while ensuring the secure exchange and protection of customer data.  

The Power of APIs: How Open Banking Initiatives Mitigate Screen Scraping

Through embracing an Open Banking initiative, Wells Fargo not only accelerates collaboration with outside organizations and third-party developers, but also takes the first step in eliminating one of the most common, insecure and brute-force methods of data exchange: screen scraping. A number of banks and financial services firms are fighting screen scraping, primarily because it is an insecure method of data exchange that puts customers at risk, overloads bank servers, and hinders third-party developers from providing continuous reliable data to customers. 

To illustrate, picture a scenario where a Wells Fargo customer wants to set up an account on an fictional mobile application – BankManager – that uses screen scraping. The application connects to the customer’s account and allows them to manage their Wells Fargo account and other bank accounts they may have. To make this “connection,” the customer needs to input their bank credentials on BankManager in order to sync financial data and use the application’s services. 

After the customer inputs their credentials, BankManager takes that information and logs into the Wells Fargo website on the customer’s behalf. After accessing the account, BankManager “screen scrapes” the customer’s data from the website and copies or aggregates that data into the BankManager platform. The customer can then use the BankManager mobile application to manage their finances, pay their bills, and more. Through simply sharing their login credentials, the customer was able to use BankManager and to manage and track their finances in an innovative manner.

This method of data exchange may seem straightforward to the customer, however it is insecure because it requires them to provide third-party aggregators with their login credentials. In addition, it is a brute force method of exchanging data because third-party aggregators pressure servers by pushing significant traffic with every “scrape,” which, in turn, overloads the servers. This is not only disadvantageous to financial services firms’ servers, but also for the third-party aggregators who find it more difficult to provide their customers with more reliable, real-time data when such overloads occur. As Gartner correctly concludes: “screen scraping is legacy technology.” In fact, many banks are discouraging the use of this insecure method of aggregating and exchanging data. For example, in 2015, Bank of America temporarily blocked data aggregators from accessing financial data. 

APIs can help mitigate screen scraping. As Gartner reveals, “APIs are a much cleaner way of sharing data.” This is because Open Banking initiatives provide financial institutions with the opportunity to collaborate with third-party developers securely through APIs. Unlike screen scraping, this data exchange relies on an API-enabled relationship that is based on a secure data exchange that neither overloads nor strains servers––creating a mutually-beneficial and safe experience for customers, banks, and third-party aggregators. 

This means that the next time a third-party aggregator wants to access data from a bank or any other financial services firm, they can utilize the Open API to do so. Let us refer back to the Wells Fargo and Intuit partnership. As Wells Fargo outlines, with Open Banking APIs, when a Wells Fargo customer wants to log into an Intuit platform such as Mint, for example, they will not enter their credentials into the Mint platform. Instead, they will be redirected to a secure Wells Fargo server where they can enter their credentials, as usual. 

The customer can then authorize which data they want to share with Mint. This allows customers to have more control over their data, as they can grant and revoke access at their discretion. Further, the Open Banking API then redirects the customer to the Mint platform. On the back end, the Wells Fargo and Mint servers are connected through “a unique token that identifies” both the customer and their account through a real-time exchange of data. 

The connection that Open Banking initiatives encourage is based on a real-time, reliable, and accurate data exchange. This is powerful because it enables financial services firms to extend their offerings securely, allows third-party aggregators to provide more reliable and real-time services, and provides customers with the opportunity to use innovative services and the ability to control their data in the process. 

Insecure methods such as screen scraping are not going anywhere, especially as customers demand new ways to aggregate, manage, and track their financial data. Instead of rejecting screen scraping and other methods of data exchange in an effort to protect servers and combat threats from new entrants, financial services firms should consider embracing Open Banking initiatives. With the power of APIs, Open Banking initiatives can play a key role in mitigating insecure forms of data exchange and increasing the offerings and appeal of financial services firms. Those that underestimate the importance of the Open Banking initiative may miss an opportunity to redefine and prioritize their role in the value chain. On the other hand, those that understand the importance of this initiative will win in both the short- and long-term. 

Open Banking initiatives are transforming the financial services industry. Read how financial services firms can establish these initiatives with MuleSoft’s tailored integration solutions and learn more about how APIs will disrupt the financial services value chain.