In a recent post, we discussed the importance of data transparency and privacy in Open Banking and Open Finance strategies. Here, we’ll delve a little further into one specific (and critical) aspect of transparency and privacy – customer control.
A March, 2020 report by Accenture shows that one third of financial institutions lack plans and resources to mitigate privacy risks related to customer data. Add in recently publicized incidents where customer financial data was used in ways that were not authorized or permissioned, and it’s no surprise that some customers still lack confidence in their FI’s ability to keep their sensitive information secure – even as their desire for more open access to that information increases.
The strongest and most profitable FI-customer relationships are built on a foundation of trust. And one of the most effective ways for FIs to garner that trust is to give customers control. In a recent nCipher Security survey, 34 percent of respondents said they tend to have more trust in companies that provide them with a feeling of control.
Traditional Data Sharing Methods Limit Customer Control
How do FIs accomplish this in an Open Banking/Open Finance landscape? Traditional data sharing methods, like screen scraping, often limit customer control. Accountholders hand over their login credentials, and what happens next – what data will be retrieved, who else will have access to it, where will it be stored – remains somewhat unknown.
“In truth, data sharing is already occurring—it is just happening through means that can be insecure and unscalable (sharing of credentials, screen scraping),” according to PwC. “An open approach with an API gateway can allow banks to regain control and mitigate data privacy and security concerns.”
Putting the Customer in Charge
Even though, historically, the third-party app has “owned” the data sharing experience, financial institutions have a responsibility to deliver an experience to their customers that is not only convenient and user friendly, but highly safe and secure. They should focus on empowering customers with full control throughout the end-to-end data sharing process:
- When the customer is initiating data sharing with an external tool, like a personal financial management or wellness app
- While the customer is using the solution, and data is being actively shared
- When they want to discontinue use, and no longer want their data to be accessible through the tool
It’s all about data transparency. The customer should be aware – at all times – what data is being shared, who it is being shared with, and most importantly, what the underlying purpose is of that sharing activity. They should be able to start and stop the sharing, at any time, for any reason, with confidence that their data will not be used without their express authorization. And once they decide to revoke that permission, the FI must demonstrate that their data has been “forgotten” and will no longer be shared or used in any way.
It will be fascinating to see how this all gets accomplished. In Europe, regulations clearly spell out how to put the customer in charge. But despite the good intentions, many customers are only confused more about what is really happening. We think of shining a light on something as a good thing. But in this case, with the requirement for frequent renewing of the data sharing agreement, it may only create confusion and a loss of trust. Market driven changes in North America may take a different approach. For example, how many of us are tired of the constant “cookie” messages that seem to pop up all over?
Rethinking the Approach
PwC states, “Providing consumer choice and transparency into how data and credentials are used is a prerequisite for any open model.” While this guidance is clear and logical, how it will come to fruition is not clear. Has the customer experience for “forget my info” really been figured out? Will it be clear where to navigate to if you suddenly decide to “opt-out” while sitting on a beach with your mobile phone?
We can all agree on the principles of what should be done, but customers will have to be open and ready for the changes, and new paradigms of customer experience will undoubtedly be needed.
Current methods of financial data sharing must be re-evaluated, and even restructured to give customers a level of control that will instill confidence that their data is always protected, even when they choose to share it outside the bank. API platforms offer far greater transparency and security than screen scraping or similar approaches, and give the customer far more control over their own data. This paves the way toward stronger relationships by fostering confidence and trust.
About Ninth Wave
Ninth Wave delivers secure, seamless, and standardized data connectivity to fintechs and financial institutions of all sizes, through a single point of direct integration to a universal suite of open finance APIs. With configurable controls, visibility, and insights into all data sharing and data acquisition connections between aggregators, third-party apps, and internal applications, Ninth Wave empowers financial institutions and their customers with access and oversight to their connected apps, enabling secure data exchange in a holistic and scalable open finance ecosystem. Offering solutions for retail and commercial banks, wealth managers, credit card issuers, tax providers, and more, Ninth Wave provides unparalleled connectivity and universal compatibility to complex information systems, unlocking innovation, potential, and performance for your data. Contact us to earn more about Ninth Wave’s secure data connectivity features. Empowering open finance. At scale, at last.