‘Open banking’, a practice that provides third-party financial service providers open access to consumer banking, transaction, and other financial data from banks and NBFC’s through the use of Application Programming Interfaces (APIs), has been rapidly catching up and is said to be the future of financial technology. While this has several benefits, the innovation is also a high-risk practice as it involves sharing and trading a vast amount of data. And while financial technology, over the past few years, seen tremendous growth in India, the Covid pandemic has facilitated a huge surge. Online transactions worth Rs 4.3 lakh crore were reportedly carried out on UPI in January 2021, Vs. Rs 2.1 lakh crore in January 2020, highlighting the urgent need for building a robust open banking system with set data security protocols.

Policy interventions:

As per a recent report, The Reserve Bank of India has announced a new set of guidelines for the digital banking and payments ecosystem, which requires regulated entities (REs)—scheduled commercial banks, small finance banks, payments banks, and credit-card-issuing NBFCs—to conduct periodic assessment of apps and associated third-party services. REs will also be required to assess cyber-risk parameters like technology stack, operational risk, and data storage. REs will also have to employ trained, in-house resources for managing cyber-risk, and adhering to guidelines on engaging third-party operators, in case of out-sourcing. From conducting source-code checks, vulnerability testing, and penetration testing every six months for payment systems, RE’s will also be required to conduct rigorous third-party periodic testing, and also be subject to penal provisions in case of no compliance.

Key Data Security processes that need to be adopted urgently by banks and other NBFC’s:

1. API Security and access management: Considering the omnipresence of APIs or Application Programming Interface, and vital role in ensuring app-based secure transactions, access control, and overall API security is a non-negotiable factor for open banking. Effective API security looks at Data security and content filtrations, through procedures like API gateway, encryptions, and signatures, and using quotas. For ensuring a successful and effective API and Access Management security, it is vital to focus on the type of API, its key functions and interactions on the web, and timely assessments to track and fix any vulnerabilities.

2. Stringent KYC and encryption infrastructure: One of the main features of open banking is its transparency. Offering customers greater control of their data allows them a deeper understanding of how it is being used. However, this is also a major security concern as transparency can give rise to data piracy and theft. Encryption technology is important here in making sure that the sensitive information is end-to-end encrypted i.e. protected from hackers when it’s in transmission or storage. Also, regular KYC on behalf of the banks, helps them to keep track of updated data and ensure it is well encrypted and managed.

3. AI-enabled authentication protocols: Securing data and encrypting vital KYC information is just the first step to ensuring data security. Effective authentication is a vital step. AI, coupled with other emerging technologies like ML, has been used in data security for a few years now and the same holds true when it comes to API and banking data security. AI-enabled processes can help effective and timely KYC, and faster and effective authentication, making the process faster and effective.

4. AI and ML empowered cybersecurity processes: The baking sector has been one of the widely targeted sectors for cyber-crimes and open banking can come with its own set of vulnerabilities. Through leveraging AI and ML-powered cybersecurity procedures, combined intelligence and information sharing across companies can help make open banking a safe and efficient platform for financial transactions. Better access to more data means better intuitions, which implies that banks can more effectively combat hostile parties, rather than sitting passively and waiting to be the target of cyber-attacks.

Every new technology comes with new risks and uncertainties. However, open banking platforms have the potential to re-write the relationship between the bank and its customers. It has the potential to make money management more secure, more convenient, and customer-centric with the help of technology such as data security. Open banking is about using technology to empower better and more secure relationships between customers and service providers.

The author is CEO & Co-founder of Goavega Software India Pvt Ltd

DISCLAIMER: Views expressed are the authors' own, and Outlook Money does not necessarily subscribe to them. Outlook Money shall not be responsible for any damage caused to any person/organisation directly or indirectly.