Open Banking users hit 5 million, but issues remain

There's still a lot of work to do...

Open Banking users hit 5 million, but issues remain

There are now over five million active Open Banking service users in the UK, with payments the "driving force behind this rapid growth" according to the Open Banking Implementation Entity (OBIE). While the figure represents just a small fraction of the UK's banking market, growth is improving with the number having risen by a million in just four months said OBIE -- the company set up by UK regulators to deliver Open Banking.

(Open Banking is regulation that orders banks to free up customer financial data like spending habits and regular payments if customers approve. Authorised third-party providers, or TPPs, call this via API.)

The progress was welcomed by industry with Paul Fermor, UK Solutions Director at Software AG noting to The Stack that  banks have begun to adopt Open Banking "as a mechanism to build and develop their partner ecosystem rather than take a defensive approach", adding in emailed comment "in terms of what’s next, a maturing of the ecosystem both in terms of technical interfaces and the applications that use them is essential."

Connect with The Stack on LinkedIn

The OBIE -- funded by Allied Irish Bank, Bank of Ireland, Barclays, Danske, HSBC, Lloyds Banking Group, Nationwide, Natwest Group and Santander or the so-called "CMA 9" -- recently appointed its first CEO in the wake of a damning report into its governance that blasted a "failure properly to manage conflicts of interest at the organisation" although it did not find evidence that these were exploited for private gain.

That report, by Alison White, came after complaints were made to investigators that characterised OBIE as being an "organisation devoid of basic governance", with a "total lack of accountability". (The OBIE, which trades as a company as Open Banking LTD, has responsibilities that include designing specifications for the APIs that banks and building societies use to provide Open Banking, supporting regulated third party providers and banks and building societies to use Open Banking standards, and creating security and messaging standards.)

It appears to be getting back on track. Towards the end of 2021 two independent non-executive directors, Barbara Ridpath and Jeremy Newman, were also appointed to the OBIE Board to improve governance, while watchdog the CMA on January 20, 2022 clarified OBIE's role and budget. OBIE meanwhile said this week it saw nearly 625,000 more Open Banking-powered payments in January 2022 than in December 2021.

New CEO Henk Van Hulle, said: “What a great time to be joining the OBIE!"

Van Hulle, a former Managing Director of Digital Services at Post Office Ltd added: "This is great news for the open banking community. I am delighted to see such accelerated growth in end-user adoption rates. This demonstrates that the tremendous efforts of everyone across the whole ecosystem continue to bear fruit. It also shows what a superb job the team at the OBIE are doing in building and running the supporting infrastructure.”

Ron De Bos, Director of Product Management, Payments at Digital River told The Stack that he expected Open payments to continue growing rapidly, noting that "one of the most far-reaching consequences of open banking will be the move from using payment cards for online purchasing in favour of direct, secure connections between merchants and the customer’s bank account. Using open APIs, the seller can make a request for payment directly to the bank, which is not only cheaper than using a payment card, but also more secure and less open to fraud. That’s great for the merchant, but it’s not where the benefits end. Just as importantly, it enables ecommerce providers to give their customers more choice and greater agency over their own online security."

Both banks and TTPs will need to stay focussed on security. A recent report from the US that tested banking applications found, astonishingly, that 54 of the 55 mobile apps that hacker Alissa Knight reverse engineered contained hardcoded API keys and tokens including usernames and passwords; one of the banks had outsourced development of their mobile app and APIs, with a developer re-using the same vulnerable code in products for 300 other financial services customers. Filip Verloy, from API security company, Noname Security which commissioned that report, noted to us: "the speed at which fintechs and traditional banks are bringing these services to market to compete, means performing pre-production API security validation is paramount. Security strikes at the heart of people's confidence in banking so this is critical to its continued success and adoption."

Ultimately while the progress revealed this week is promising, there is a host of work to do still. As David Ritter, Financial Services Strategist at digital consultancy CI&T put it to The Stack: "To share data safely and dependably between parties, the financial services industry also needs robust data-sharing standards and protocols - as well as buy-in from customers. This has been particularly challenging due to differing regulations across jurisdictions, which have yielded a patchwork of standards across the world. PSD2 may have laid the groundwork for the open banking revolution in Europe, but in the United States, such standards don’t yet even exist."

He added: "Even in Europe, PSD2 only opens up certain products and transactions; mortgages - for most people, their biggest and most important financial product - are currently out of the regulations’ scope... Lack of education on and around open banking is one of the biggest challenges banks face right now. To see success and growth in use, banks need to sell the advantages of data sharing, conveying clearly how these outweigh the risks. A clear demonstration of how the banks are protecting customer data is crucial, particularly for those unbanked and under-banked. Fintech’s have already shown that it’s possible to offer basic banking services to those without established credit or banking relationships. Now, the traditional industry must follow suit.”

See also: JPMorgan turns to two British fintechs