While open banking represents a step forward for financial institutions, data and customer identity must remain the highest priority. In fact, the European Banking Authority (EBA) recently released new guidelines on open banking systems that named data security a top priority as banks begin to share their customers’ financial information with other authorized providers. Here are a few questions to consider regarding this moving forward:
- Does the platform/framework allow users to provide consent prior to transacting with any system?
- Is the security framework strong enough?
- Is a strong authentication framework in place?
- Has the data governance model been defined and vetted?
- How is trust established while maintaining resiliency, privacy and integrity?
- Is the datastore categorized as a centralized honeypot of data?
- Can users’ actions and usage patterns be tracked?
- Is there triple blind privacy?
- Is user data visible to network operators?