Facebook Fiasco Shows Potential Security Pitfalls of Open Banking


Ted McKendall

About a month ago, arguably the biggest technology story of the year broke. UK news outlets, The Guardian and Channel 4, alleged that data mining and propaganda machine Cambridge Analytica was illegally able to access the details of more than 50 million Facebook users via an application that connected with Facebook’s old API. 


You might argue that Facebook isn’t renowned for its privacy posture, but the ongoing debate has already caused a great deal of discussion beyond the influence of social media in our daily lives. In particular, this so-called ‘data spillage’ could see a change in the way that data is managed and overseen, specifically in certain sectors. 


Consider financial services. In 2018, the ascent of FinTech start-ups and challenger banks, coupled with the desire of ‘legacy’ banks wishing to stay relevant, has seen a shift to a more open, accessible financial infrastructure. 

Consumers want to be able to bank anywhere, anytime using the most convenient service and this is quickly being reflected by governance, policy and business models.  


For instance, in the Europe, the PSD2 and Open Banking initiatives are prompting financial service providers to enable third-parties to legitimately access customer data, in the hope they offer better services. This has led some to speculate that your next bank could be an Amazon, Facebook or Google. 


And to a degree, this has already started amongst the big tech players. Budget tracking chatbots have already arrived on Facebook, hooking into your bank account, while at the same time Facebook and Google have been moving into payments through services like Pay by Messenger and Google Wallet. Much of this interaction is being enabled by APIs that standardize and secure the release of customer data, thus making it easier to share when customers allow you to do so. 


So what, you might say, is the connection with Facebook and Cambridge Analytica?  


There are already some fears that a combination of open banking systems, new players and platforms that allow this data harvesting could have a negative impact on banking providers. This isn’t just about security concerns (as discussed in detail here) but also customer satisfaction and the risk of customer exploitation too. 


Bradley Leimer, head of FinTech strategy at VC Explorer Advisory and Capital (and former head of innovation at Santander US), summed it up well in a recent blog on LinkedIn: 


“Financial services remains a (relatively) trusted industry and there are many parallels to this recent news – whether we like it or not. 


“Massive payment and commerce applications like Alipay and WeChat are the forerunners of broader social platforms being developed in other markets. This is our emerging business model as banking, FinTech, and commerce merge into marketplaces. They are Amazon, Facebook, Venmo, Instagram, healthcare and insurance apps, and so many more daily activities being rolled into one.  


“As banks get involved in broader partnerships, the custodians of our financial data will see the benefits of building targeted content and calls to action across a spectrum of spending. This data can be even farther reaching and more easily manipulated than what is shared, liked, and believed in social media.  


“…Consumers need and should demand further protections to not have this or any future data used to manipulate and further breach our trust in critical institutions.” 


This, he says, shows that while industry needs openness and collaboration, there needs to be a continued fight to ensure transparency, protection and security. 


Trusted Knight technology is used by banks all over the world to protect the full transaction stack when conducting sensitive transactions online. We prevent malware from accessing and exfiltrating data, and from interfering with transactions at all. This approach can also be used across the broader financial services sector, and across mobile and web. 


For Open Banking to succeed – and be adopted not only in the US but around the world – data security and consumer confidence is paramount. With the tools in place to offer both, it’s likely the concept will completely change the way we think about our finances.