The cyber threat at the time of Open Banking

With its constant and growing development, the Internet also attracts bad minds, and businesses including banks, are exposed to daily threats. Thus, the fight against cyber threats is permanent, especially in the era of Open Banking.

Based on the 2013 DSP-2, Open Banking consists in opening up banks’ information systems and sharing their customers’ data with third parties. Through the Application Programming Interface (API), developers can integrate the data and services of others into their applications. This gives banks the ability to connect to competitive services, especially to develop their own applications. For the regulator, the goal of Open Banking is to stimulate competition among banks. For the customer, the advantage is that it will have only one interface, which will give access to all the products and services on the market.

The Internet is, however, a vulnerable space, in which there are many gaps, and very volatile data. The threat is reinforced in spite of itself by the DSP-2 which, by imposing on traditional banks to share the banking data of their customers, favors the risk of malicious attacks, because of the multiplicity of interlocutors.


The risks associated with Open Banking and their cost 

The most common Internet-related risks are now well-known: phishing, “ransomware”, Trojan horses, etc. In time, they are more and more efficient, and develop at the same pace as the Internet itself. The opening up of information systems will inevitably lead to the opening of security breaches.

These attacks will incur costs (non-exhaustive list):
– infrastructure to protect yourself
– loss of market share due to the loss of exclusive rights to certain data
– loss of customers in case of real attack
– consequences at the stock level

The risk is heightened by the fact that the new entrants on the market are the FinTech, who master information technology, since this is part of their core business. Customers may be tempted to head to these 2.0 banks, seemingly better able to protect their banking and personal data, and respond to, or even anticipate attacks.
From a more practical point of view, online banks also have the advantage of their economic model: the absence of physical agencies means that customers can be tempted by banks that save time and dematerialization. They can therefore play on the image of a bank 100% modern and secure.


Open Banking, an investment 

While some banks see Open Banking as a cost and, at worst, as a threat, other banks see it as an opportunity for innovation, particularly through the goal of stimulating competition. The latter are therefore in a marketing perspective, to seek the improvement of the user experience.

As a result, new technologies are constantly being developed to meet the new needs of users (or to create new ones in order to get ahead of the competition), as well as to cope with and thwart cyberattacks. This was the case of Société Générale, which in 2017 launched a new generation of bank cards, which generate a new cryptogram every 45 minutes. Another technology that is developing is biometrics. The digital or facial recognition is brought to term to take precedence over passwords, which are less and less secure and increasingly complicated.

However, competition should not become exclusive, at the risk of becoming unhealthy. The sharing wanted by the DSP-2 should also be seen as an opportunity for cooperation between banks, especially to counter cyber-attacks.


To face cyber risks, unity must be strong

Concretely, cooperation between companies is necessary, even essential, to protect themselves from the risks of cyber attacks. However, this need for a united front against malicious attacks faces the reluctance of companies, for reasons of a competitive nature. To speak clearly, the risk of loss of data protection by the sharing of data imposed by the DSP-2 can sometimes serve as a pretext for some banks to curb the change.

However, a study conducted by the Ponemon Institute in 2017 showed that cooperation strengthens their overall security. Nevertheless, an individual analysis also shows that this assertion is not true in all cases. Individually, the banks that will see their level of utility decrease, or increase too slightly to their liking, will not necessarily see any interest in cooperation with their competitors, was it for a security issue.

These banks, nevertheless, would be well advised to think themselves as a part of an ecosystem. If they individually feel less vulnerable or less vulnerable than their competitors, they are not infallible. If the competition is attacked, they can suffer too, with the consequences that this entails. In addition, we must also see, why not, the opportunity to share the costs of protection. As a result, the weapons would be the same for all, and the game of competition could resume with more confidence.