As much as consumers love the convenience of connected online banking experiences, nearly 8 in 10 digital banking customers are unaware that FinTech apps can sell the information they share to other parties. In the Authenticated Payments Report, PNC Bank’s Natalie Talpas explains why banks must create transparent consent management processes and close this data sharing awareness gap.
Fast and secure consent management — in which banks and other entities ask online customers for permission to collect or share various types of personal information — is a critical element of the open banking environment taking shape in the United States.
Consent allows banks and their customers to reap the benefits of a more connected, data-rich financial ecosystem. Banks, for example, can request access to the data they need to build out innovative tools and features that meet consumers’ needs, while consumers easily can share and track their financial and personal details across multiple platforms.
Still, several consent management-related challenges must be overcome before a truly connected open banking world can take shape. The financial institutes (FIs), FinTechs and data aggregators involved in the data-sharing process are not all regulated via the same standards, explained Natalie Talpas, senior vice president and digital product manager at PNC Bank. This disjunction inevitably leads to friction when organizations try to enable secure and transparent data sharing for all parties.
“Data aggregators in the historical environment are used to getting all the data, [but they are] not subject to the same types of regulations that banks are when it comes to data security, which we think is very concerning,” Talpas said. “And that’s created some challenges for us as we try to move forward in this environment, where today there’s no agreement between a bank and a data aggregator for how that kind of exchange of data is occurring.”
Numerous entities are working to develop more comprehensive standards, however. The Better Identity Coalition, of which PNC Bank is a founding member, and the Consumer Financial Protection Bureau (CFPB) are working on guidelines concerning online data transfer and privacy. Talpas said FIs also must pay close attention to the consent management process as regulations take shape to ensure the collection of consumers’ information is secure and transparent.
Shining a Light on Consent Management
Open banking initiatives around the world are prompting FIs to reconsider how data is collected and shared, especially as regulations and technologies develop. Banks must take careful steps to inform consumers about these changes and their privacy implications to keep customers engaged and retain their trust.
Talpas explained that the consent management process remains largely opaque for consumers, pointing to a recent study showing that the majority of Americans are unaware of which entities are collecting their data and what information is being collected. The report found that 80% of respondents were unaware that FinTech apps often use third-party providers to compile their data, and 77% were unaware that such apps can sell this information to other parties for marketing or research purposes.
“In today’s environment, the customer is not able to limit how much data is being shared,” Talpas explained. “They don’t have transparency into how often [their data is] being collected or where it’s being stored or how it’s being used for potential secondary uses.”
Narrowing the consumer awareness gap is a crucial step in moving open banking forward in terms of digital security and retaining online users’ trust, especially as many individuals have begun to place more value on data privacy. The changes in how data is stored or sent online also can prompt shifts in consumer identification, with legacy authentication methods such as passwords quickly becoming obsolete.
Talpas noted that consumers still are placing the burden of security on their FIs, however, which in turn pressures financial entities to offer transparent and safe consent management processes.
“When it comes down to it, if something happens to [a customer’s] account, they’re coming to their bank,” she said. “They’re coming to us. And that’s why we’ve taken such a significant stance and approach [in] really making sure that this process is secure and that the customer is truly informed on what’s happening.
“As they think about who and what and why they’re sharing their secure financial information, I think customers will continue to expect and hold their trust with their financial institution.”
FIs also must stay focused on implementing authentication methods that can identify users without sharing sensitive information such as account numbers, she said. This is where robust digital identification measures can enter the picture.
Digital Identity and Data Privacy
FIs must guarantee that consumers know what data they are sharing and why during the consent management process, but they also need to be sure that consumers are who they say they are. Identifying digital customers has become increasingly challenging as more and more personal information moves across online channels. Technologies such as tokenization or biometric identifiers can provide benefits in this regard, with PNC Bank looking to create substitute account numbers or tokens to share with third-party financial players to protect user information while bolstering digital security.
“Fundamentally, we want our customers to be able to use these [third-party] applications,” Talpas said. “But we just think as an industry, we can do better to meet some of these use cases without having to share our customers’ most sensitive data.”
Balancing data privacy and data security represents the next great challenge for banks, particularly as open banking initiatives shape up globally. Realizing this goal ultimately will require banks to reexamine the roles of all involved parties.