Open banking needs better consent handling to allay consumers’ security worries

The news: Banks and third-party financial-services providers can revamp how they manage consumers’ consent for sharing the data needed to underpin open banking, per a new PYMNTS report that outlines an international landscape.

How we got here: The report delves into consumers’ uneasiness about data sharing, citing other companies’ recent studies of consumers in various countries:

  • A 2021 Axway survey of US consumers found that 47% of consumers worried about losing control over their financial data access, and 27% worried that the data would be used against them.
  • A 2021 Deloitte survey of Indian consumers showed that almost 70% replied that institutions should increase their emphasis on data protection.
  • A 2020 survey from ING found that an average of just 30% of participants across Europe replied that they were comfortable with sharing data—even if they consented.

The wariness has persisted, even as regulators in some geographies are looking to make open banking more convenient:

  • In the UK, ongoing steps include scrapping a 90-day reauthentication mandate and rolling out recurring payments that consumers don’t need to repeatedly consent to.
  • In the US, the Consumer Financial Protection Bureau (CFPB) is engaged in the rulemaking process for issuing a future open-banking regulation. The CFPB recently noted that it will use open banking—by making account switching easier—to incentivize banks to move away from overdraft fees, according to PYMTS.

Suggested solutions: In response, PYMNTS outlines various steps that banks and third-party providers can take to improve how they approach users’ consent for data sharing:

  • Proactively include opt-out features. As examples, the report cites existing requirements in Singapore and in the EU, where companies must explicitly let people withdraw their consent at any time they want.
  • Include expirations for consent. This approach entails using an automatic revocation unless consent is reaffirmed.
  • Move away from passwords. PYMNTS cites work by entities such as the FIDO Alliance to create passwordless authorization, with a biometrics approach noted.

The big takeaway: Open banking’s growth will be stymied unless consumers feel empowered to handle their financial data and trust that it will be handled appropriately by companies. Improving consent handling will help them leap over this hurdle.

Changes to consent processes are also necessary for these companies to build trust with their consumers. Trust is important for getting more people to use open banking. For example, a recent US survey by PYMNTS and MX showed that more than one-quarter of respondents cited trust in their financial institutions for protecting financial assets as their reason for being comfortable with sharing their data, and 16% cited trust in third-party providers that they connect to.