Fraud and Security: Does Open Banking Create a New Problem?

Fraud. It’s an annoying word and a problem that affects us all in our home and commercial lives.

A report published by Friends of UK Finance showed how cybercriminals have shifted their focus by following consumers and their personal and financial data.

Authorized Push Payment (APP) fraud, which tricks victims into making bank transfers to purported accounts of legitimate payment recipients, surpassed card fraud for the first time in the first half of 2021. The U.K. Treasury Department reported a 71% increase in app fraud with a loss of £355.3 million compared to £261.7 million due to card fraud.

Open Banking Excellence (OBE) aims to promote knowledge sharing, new thinking and partnerships in the financial services industry, while striving for an innovative model of open finance. Our attendees asked us to host an OBE bonfire to discuss the buzzword about fraud and security, and we were ready to respond. Talking about it helps us all have five hours to prevent fraud with that in mind.

Growing Threat Awareness.

Fraud will continue to grow, and it’s something the industry has to deal with directly. We worked with Michael Huffman, director of fraud at Gokadris, to destroy the layered problem of payment fraud and the specter of new bad guys entering the arena. He also wrote a great blog for OBE looking for ways to prevent payment fraud to ensure organic growth.

“We’re entering a more challenging economic environment where people who wouldn’t go back to fraud would start to see it as a mechanism to increase revenue,” Huffman said. “In terms of open banking, the U.S. is clearly a little behind, but I believe there is a tremendous amount of data and information available to provide more security for our merchants and their customers.”

Mike Haley, CEO of the British anti-fraud agency Cifas, was another panelist and exclusively revealed some shocking numbers. “By May of this year, identity fraud was up 39%, while object or account acquisitions were up 109%, mostly affecting the telecom and online commerce industries. And false applications for bank accounts increased 59%. This is a staggering shame for us. There are opportunities to contribute to reducing fraud through mechanisms like open banking, which allows you to view your bank account information and verify your identity.”

“The big issue for me is data disclosure,” said Brendan Jones, Concentus’ chief commercial officer, adding. “When these criminal groups get the account information, it becomes very valuable to them and is resold on the dark web. Open banking has been successful in the U.K. because of how much effort has been put into the standard, but there are many different specifications used in continental Europe. Since there is no compliance test to determine how well it has been implemented, I think the more we move toward open finance, the wider the regulatory umbrella should be.”

Assessing the challenges and opportunities in an open banking environment

With APIs, encrypted data transmission and simplified information sharing, security is at the core of open banking. However, as the ecosystem grows, fraudsters and scammers will inevitably create new challenges for the financial industry. Patterson examined our panel, “Is open banking perfect and secure from leaks, hacks and fraud, or is it marginal?”

“We need to look at the broader context,” Haley said. “I don’t think open banking has created a new type of fraud, but it has increased the so-called attack surface. There’s been an increase in the number of entry points where fraudsters are trying to log in to initiate payments or intercept personal information.”

Chris Michael, CEO and co-founder of the Ozone API, added: “Open banking is not a grace against fraud.” “But depending on how well it’s implemented, it does a lot of things very well.

“In the U.K., we’ve done a lot to build a robust trust system. Regulatory requirements have helped us. For example, there are some good principles in the EU regulatory technical standards about secure communication and strong customer authentication that are designed to ensure that only regulated entities have access to bank accounts. There are some really good components to consider about how regulators can participate in the data flow, how consent can be parameterized and how they can provide better results to customers.”

As Huffman also points out, implementing an open banking standard is critical to current protections. Open banking, if done right, provides a number of controls to combat fraud, but consumer due diligence is another important factor to consider.

Impact on the weakest link

“Over the last year, we’ve seen a shift from unauthorized card fraud to app fraud,” Haley explained. “I put it off in part because the security system has been successful by design. In other words, the most vulnerable link right now is customers, and they insist on payments.”

“Consumers have to be diligent because they can’t legislate for lack of interest,” Jones said. “There are several layers of protections, such as payee verification (CoP), but ultimately people have to be careful and have some degree of accountability, especially when it comes to payments.”

“The CoP will reduce misuse of funds, but not app fraud,” Michael added. “App fraudsters are very clever. They create an account that looks and sounds like a real person, and the account name matches the sort code and account number. So all the policeman is doing is giving consumers the false idea that they are paying the right person. Because they get a green mark.”

“There’s a way to use it when you pay a large amount. First, I pay someone a ‘quick payment’ to make sure the destination is correct. Then I designate them as beneficiaries when I find out they have their pennies. Since I think this is a problem that open banking can handle better, I want to encourage fintech companies to create a seamless payment initiation service provider (PISP) stream for this.”

Despite these sobering discussions, we are in a very good position as the Office of Open Banking Implementation (OBIE) recently announced that the UK has reached a record 1 billion API calls per month.

The fact that we can have this conversation plays an important role in supporting the maturity of our sector. Open banking is based on a robust security model – a system of trust. It’s based on the democratization of data and people agreeing to share data securely. As for fraud and financial crime, let’s stop competing. We have a common enemy, so let’s share data and intelligence and help educate consumers.