Open banking regulations and proposals have progressed worldwide in recent months. Lawmakers in China, Singapore and Thailand, for example, have all either upgraded or recently introduced new laws surrounding the sharing of consumer information. Agencies in the U.S., such as the Consumer Financial Protection Bureau (CFPB), have meanwhile expressed interest in drafting similar laws for safeguarding consumer data online, indicating renewed interest in potential regulations at the federal level.
Rules in these countries may be at different stages, but all are working toward the same goal of providing established guidelines for how data can be stored, transferred and used. These developments follow a marked increase in the number of consumers and merchants tapping online tools to transact, making digital interconnectivity between financial institutions (FIs) and other payment providers crucial. Countries, where open banking is already established, could be ahead in this race, as they already have tools in place to send data rapidly through purely digital channels. One recent survey found that 4.5 million consumers in the U.K. already have digital-only bank accounts, for example, and an additional 12 percent of respondents indicated their desire to open such accounts over the next several years.
Putting such rails in place means that consumers and merchants actually need to use them, however, requiring trust not only from consumers but from businesses. Consumers need to know their data is protected, and merchants need to be sure of customers’ identities during these new, wholly online interactions before they finalize transactions. The following Deep Dive analyzes why keeping up with digital identification trends and creating verification processes that match those needs is critical for merchants if they wish to participate in open banking. It also takes a closer look at how open banking regulations and security standards have progressed and explores technologies that could be used to ensure digital identities’ transparency as well as their protection.
The Data Protection Paradox
Accurate online identity verification has always been important for banks, merchants and regulators, but the recent advance of open banking may have moved the goalposts. The definition of what counts or what can be verified as a digital identity is changing as the growing ranks of digital customers translate to an increasing amount of data being shared digitally. One 2018 report found that 90 percent of the world’s data was created in just two years prior to the study’s publication, indicating the sheer scale of personal information held by companies. This provides more data points that could be used to help confirm digital identities, but the financial players and merchants that want to utilize this information must first jump over several hurdles.
Banks — as well as merchants that are caught in the middle of this digital identity game — must first contend with the fact that many of their identity verification processes were built for the physical world and not the digital realm. Many banks still rely on identification processes that are partially manual, which can be frustrating for customers and merchants. One out of every seven U.K. adult consumers were asked to confirm their identities and to complete some kind of digital activity during the lockdown beginning in March, for example, and 49 percent of those consumers had to complete the process by emailing scans of identity documents such as passports.
This partially manual balancing act has grown more challenging as the COVID-19 pandemic has continued. The obvious answer to this quandary is for financial institutions (FIs) and merchants to employ identification solutions that are fully digital — yet they must overcome a significant barrier here as well. Tapping into the vast trove of online data requires the use of emerging technologies that can create easy connections between banks, third-party FinTechs and merchants — in other words, open banking — but regulators in many markets are still debating just how and what data can be transferred over these platforms.
Merchants are therefore once again caught in the middle as they must comply with these shifting rules while also attempting to make sure they can verify their customers’ identities at speed. Solving this data protection paradox will therefore require the help of emerging technologies.
Implementing Automation
Global merchants may still be hanging in regulatory limbo for the next several years as lawmakers continue to debate what kinds of security measures should be attached to digital data and what truly comprises digital identity. Businesses and banks may be able to tap emerging technologies to offer more robust digital identification tools, however.
Artificial intelligence (AI) and machine learning (ML) have long been employed for identification purposes, and both provide intriguing opportunities for merchants and their financial partners to speed up their processes. Integrating automation to some degree would enable firms to route through more data quickly — allowing them to confirm consumers’ identities without relying on a backlog of paperwork to make sure the data actually checks out. Approximately 1.1 billion individuals worldwide currently cannot identify themselves through traditional channels, but automation could allow companies to verify these consumers by accessing a greater variety of data points, such as their geolocation, browsing and payment histories.
Lawmakers in many markets have yet to determine what open banking and regulatory standards they will put into place, and those who have set standards are still reviewing them to keep them tailored to consumers’ and merchants’ shifting needs. These rules are clearly responding to trends that indicate the expanding use of digital banking and digital payments, however, and properly identifying customers in these channels is essential to their participation.