If you think 2018 was a transformative year for the Australian financial services sector, this year has been just as eventful. In July, a beta test of Australia’s open banking system officially began. The big four banks are now required to publicly share product data about credit and debit cards, deposit accounts and transaction accounts via APIs. The pilot will test the performance, reliability and security of the open banking system. However, the banks now have until February 2020 to share consumer data.
Open banking, part of the Consumer Data Right, is a set of rules introduced by the government that will mean consumers can choose to give their banking data to third-party providers, such as comparison websites and app developers. These third parties could, for example, analyse your spending habits to offer budgeting advice or make product recommendations such as credit card or mortgage offers.
Open banking presents an enormous opportunity for banks to create ecosystems of value for customers. The ACCC should be commended for how they’ve approached the Consumer Data Right by collaborating with the banks and their fintech partners, as well as consulting an industry body like CSIRO’s Data61.
However, open banking could prove to be a double-edged sword. The reality is that unlocking the gate of data could provide a massive opportunity for cybercriminals. Some of this information will end up in the hands of a host of ambitious, innovative companies trying to make a mark with ground-breaking applications. These third parties may not have the rich resources as a major bank but will nevertheless store sensitive financial data, making them an attractive target for cybercriminals.
A race to innovate
Banks are racing to keep up with customer demand for tech-savvy and efficient services that conveniently fit into their digital lives. These expectations have forced banks to compete as digital businesses, delivering tailored services that can be accessed 24 hours a day from any device. With the incumbents locked in a race to meet the February 2020 deadline and innovate faster than agile fintechs and competitors, and vice versa, speed-to-market pressures could undermine security.
The pressure to innovate quickly without keeping cybersecurity front of mind is consistent with data from the Ponemon Institute on behalf of Tenable finding that 60 percent of organisations globally had suffered two or more business-disrupting cyber events in the last 24 months. It’s clear that open banking is being unveiled at a risky time for data security.
The same body of research found that the complex modern computing environment, where all devices are connected -- including the Internet of Things -- has created a massive gap in an organisation’s ability to truly understand its Cyber Exposure at any given time. Less than one third of the 202 Australian businesses surveyed by Ponemon are confident they have a good enough understanding of the vulnerabilities they face across the entire organisation, and more than half stated that they don’t have enough staff to manage these vulnerabilities in a timely manner.
Looking forward to February
For Australians to embrace open banking, they must be confident that robust security mechanisms are in place and that their data and privacy are being protected throughout the entire process. To allay concerns and help ensure the security of consumer data, there must be continued collaboration between banks and their fintech partners, as well as regulators and government agencies. All stakeholders must be united in prioritising security throughout the implementation process and up until the wider February 2020 rollout.
Bede Hackney is ANZ country manager at Tenable.