Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
November 6, 2017
My Fingertips, My Data
I am not a user of old-style financial services. While I remember learning how to balance a checkbook, I never had to do it, since I never had checks. Recently, my financial adviser suggested several mobile applications that could help me manage my finances in a way that made sense to me. I researched them, evaluated a few, and decided which one I thought would be the best. I'm always excited to try new apps, hopeful that this one will be the one that will simplify my life.
As I clicked through the process of opening an account with my new financial management app, I entered the name of my financial institution (FI), where I have several accounts: checking, savings, money market, and line of credit. The app identified my credit union (which has over $5 billion in assets and ranks among the top 25) and entered my online banking credentials—and then I was brought up short. The app was asking for my routing and account number. As I said, I don't own any checks and I don't know how to find this information on my credit union's mobile app. (I do know where to find it using an internet browser.) I stopped creating my account at this point and have yet to finish it up.
I later discovered that if I banked with one of the larger banks, for which custom APIs have been negotiated, I would not have been asked for a routing and account number. I would have simply entered my online login details, and I'd be managing my finances with my fingertips already. I started digging into why my credit union doesn't have full interoperability.
In the United States, banking is a closed system. APIs are built as custom integrations, with each financial institution having to consent for third parties to access customer data. However, many FIs haven't been approached, or integration is bottlenecked at the core processor level. It is bottlenecked because if they deny access to customer data (which some do), the FI has no choice in the matter.
New Consumer Financial Protection Bureau (CFPB) guidance on data sharing and aggregation addresses the accessibility and ownership issue. The upshot of the CFPB's guidance is that consumers own their financial data and FIs should allow sharing of the data with third-party companies. But should doesn't equal will or can.
The CFPB guidance, though not a rule, is in the same vein as the European Union's PSD2 (or Directive on Payments Services II) regulation, whereby FIs must provide access to account information with the consumer's permission. This platform, which represents an open banking approach, standardizes APIs that banks can proactively make available to third parties for plug-and-play development.
While open banking is a regulatory requirement in Europe, market competition is driving North American banks to be very interested in implementing open banking here. An Accenture survey recently found that 60 percent of North American banks already have an open banking strategy, compared to 74 percent of European banks.
It is no surprise that bankers are becoming more comfortable with the shift-in-ownership concept. FIs have been increasingly sharing their customers' data with third parties. Consumer data are what fuel organizations like credit agencies, payment fraud databases, identity and authentication solutions, and anomaly detection services, to name a few. As these ownership theories change, we will also need to see new approaches to security. What are your thoughts about open banking?
By Jessica Washington, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
- Merchant Surcharging: Winners and Losers
- Fintech for Financial Wellness
- Advice to Fintechs: Focus on Privacy and Security from Day 1
- Convenience Always Wins, In One Form or Another
- Mobile Banking and Payments' Weakest Link: Me
- Webinars Discuss Mobile Banking and Payments Survey Results
- Webinar to Explore Faster Settlement and Funds Availability
- Explosive News Regarding ATMs
- Best Practices for Data Privacy Policies
- If the Password Is Dying, Is the PIN Far Behind?
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud