If there’s one thing that’s shown itself to be true over the last two decades in consumer finance, its convenience continues to be the key motivator behind consumer action.
Customer convenience has been the key to success for many of the technologies that have become commonplace in 2020. Look at plastic overtaking the cheque, and increasingly, cash. Contactless replacing chip and pin.
It’s this premise that will determine the future success of Open Banking. If it offers consumers the opportunity to do more with their finances; more conveniently, faster and cheaper, then it will become the norm.
There's a hurdle to overcome though, and this is consumer beliefs and attitudes. Technologies that were new and a little scary to consumers on introduction become commonplace. Finally, once the consumer benefits are clear for all to see, wholesale adoption takes place.
Central to this argument is the rise of contactless versus its predecessor, chip and pin. Contactless was not an overnight success, but once customer benefits (primarily speed) were clear, it has become the default method of payment, particularly on the high-street.
I begin this article by looking at consumer attitudes, particularly within the confines of card security. This is important because it is central to the change in thinking necessary for Open Banking to succeed. As it has been covered in detail elsewhere, I’ll then take a snappy look at consumer attitudes to Open Banking viz-a-viz screen scraping, before going on to look at how contactless payments usurped chip and pin, offering a model for how Open Banking can prevail.
The UK payments industry has, for very obvious reasons, advised consumers exercise extreme caution in PIN number security.
The PIN numbers for our credit and debit cards are the security we require to guard against fraudulent transactions, and harm coming to our accounts should the physical card be lost or stolen. This caution comes with good reason. Despite the security PIN numbers offer, industry body UK Finance, a recent report states:
Unauthorised financial fraud losses across payment cards, remote banking and cheques totalled £844.8 million in 2018, an increase of 16 per cent compared to 2017. Banks and card companies prevented £1.66 billion in unauthorised fraud in 2018.
In recent years beyond security around our physical cards, the use of telephone and internet banking, allied with security – or lack of – on mobile payments has opened up new opportunities for scammers. Most of us will have seen phishing scams with emails purporting to be from our banks, directing us to fraudulent websites dressed up to look like our account providers. New scams are appearing on a daily basis. Some centre around calls made to individuals claiming to be from our banking provider, but are indeed the fraudsters. These calls state that our accounts are compromised and advise us to move money into a “secure third account”. Of course, they are not. Others intercept text messages containing security codes that can then be used to authorise fraudulent transactions.
This all plays into our attitudes around banking and card security. And make no mistake, attitudes are important.
Attitudes define how we think, and frame issues in our mind. They set the boundaries for what is acceptable and what is not, and how we react to new information. Changing them is a long-term process, even when compelling evidence is offered.
Now, with the introduction of Open Banking, this has been turned on its head.
The mindset of the UK public has not, and will not, be easy to change. And this, at least in part, is illustrated in the uptake of Open Banking over the last fifteen months.
The shift in mindset consumers are being asked to go through takes us through 180 degrees. From being secretive over card and PIN security, we are now told that third-party providers (TPPs) can access our bank data.
The benefits of doing so have been explored by myself and others on many occasions, so to avoid repetition, I won’t go back over them here. What is important, is we arrive at a place, whereby the obvious advantages that can be brought about through Open Banking outweigh the allied fears in opening up our bank data.
We know it is likely few consumers will have the time, inclination or will to verse themselves in how APIs work. These, of course, being the same APIs providing the requisite security that underlies the Open Banking system. Those of us that have worked within the financial sector for years will know OAuth2 security mandated in the use of Open Banking is secure, but this is water off a ducks back for the same consumers that see a log-in screen for their banking provider and baulk at the prospect of granting access to anyone.
I would instead argue consumers don’t need to understand how Open Banking works, beyond the fact read-only and time-limited access to bank data can be granted to certain parties for the purpose of making a credit decision, payment or other service to their betterment.
Is this asking too much? I believe not. Enough information is available within the public realm to know the information is restricted to explicitly what the consumer has agreed to (with the additional ability to revoke the access at any time).
Here, then, comes the paradox. At the same time that we have consumers wary over their data in the use of Open Banking, during this entire time period, screen scraping has proven popular. Some of the best-known Personal Finance Management apps (PFMs) are built on the technology. This, as we know, requires a customer to surrender their internet banking credentials to a third-party on the premise that the information is displayed back to them, usually within the confines of an account aggregation service.
I actually think a lot of consumers would feel queasy were they to physically see a bot or computer log-in to their internet banking as them while using screen scraping. It is easier to not think about it, and merely have the information presented back to them in a nicely configured app, dashboards and all.
The irony here is, as we know, Open Banking is infinitely more secure than screen scraping. While it will become obsolete after September when new regulations go live, it is more by luck than design that there has been no massive breach of data on the scale of Equifax that has preceded its demise.
Learnings from History
The introduction of Open Banking is hardly unprecedented in the annals of banking. From the advent of plastic, to internet banking, chip and pin, to contactless, the sector has had to innovate to stay on top of consumer demand and offer the convenience craved by customers.
The most pertinent example we have from modern times was the introduction of contactless payments in 2007 (or as I remembered on researching this piece, “wave and pay” as it was originally christened. Thankfully, technology was far ahead of naming convention).
Contactless payments make an interesting reference point because the technology used is less secure than that which preceded it (chip and pin) but won through because of the convenience it afforded customers. Open Banking is more secure than its predecessor technology, but to consumers may feel less so.
The similarities continue. In the Open Banking landscape, bank data is transferred immediately, seamlessly and securely via API. Previously banks and lenders commonly required paper-based statements to be posted in – a process that is inherently less secure than via Open Banking.
Contactless payments feel commonplace to us today, but on launch, there were many of the same worries regarding security that are common today with Open Banking. Take this example from an article in the Guardian as recently as 2016:
But many people still worry about falling victim to fraud. Research this month from Nationwide found that more than half of Brits are “wary” of the new-style cards – with some people going to fairly extreme lengths, such as wrapping their plastic in tinfoil in order to prevent a fraudster armed with a card-reading device from surreptitiously stealing their details.
Here we can again see learnings from the rise and adoption of contactless payments. If we are to argue contactless took off as a result of convenience and speed, then the same rationale applies to Open Banking. With Open Banking, however, what I have witnessed from too many financial houses is the authentication journey remains elongated and complex with multiple screens and some requiring codes sent by email. If we are to win this game, then consumers must see the convenience. If they drop out halfway through the authentication journey, it is likely they will not choose to use Open Banking again.
Key, therefore to the success of Open Banking is to make the authentication journey as fast, simple and intuitive as possible.
Through the body of this article, I have sought to illustrate Open Banking can become established in the consumer psyche in the same way contactless payments are by continuing to illustrate convenience and savings in time and money.
The comparison with contactless I feel to be pertinent, and I was struck on researching this article how some continued to be wary of contactless as recently as a few years ago. This to me illustrates we must work to parade the convenience Open Banking offers, and do this through a seamless and pain-free customer journey through which customers will feel secure.
From the discussion above, what stands out for me is - as with contactless - I find the case for Open Banking overwhelmingly positive. While my position would determine this anyway, I have also seen the convenience it has offered consumers at some of our major bank customers. As well as customers, banks and other financial providers are beginning to catch on to the benefits it can bring in savings in time, money and resource. For that reason, it will be adopted within financial services.