Open Banking APIs Bring High Risk and High Reward for SMBs

Open banking will change the business model of many organizations by empowering them to seek life-sustaining partnerships, leveling the competitive playing field of consumer acquisition and retention. Small to midsize businesses (SMBs) can partner with myriad financial entities to serve as an on-ramp to sought-after financial products. “Too big to fail” joins “too small to survive” to create a new business ecosystem, allowing consumers unprecedented self-management of their finances and SMBs access to financial lifelines to grow their business.

The U.S. economy needs open banking to fuel the 44% of GDP SMBs contribute. SMBs are generally tech-savvy and ravenous consumers of technology, spending over US$180 billion annually. SMBs are early adopters of fintech, and they have embraced open banking to manage their finances. Every aspect of an SMB’s finances benefits from linking storefront, front-office, and back-office operations.

Extending open banking capabilities to SMB customers is not only logical but a requirement to retain customers and survive. Cash is king, and the faster SMBs can get paid, provide frictionless customer experiences, and earn commissions for affiliate marketing partnerships, the faster they grow.

What Is Open Banking?

Open banking was born in the European Union with the 2018 Payment Services Directive (PSD2), accelerated in the U.K. and Canada. Now, it is on the precipice of adoption in the U.S. If open banking is the future, understanding it is essential. Open banking provides third-party financial service providers access to consumer banking, transaction processing, and financial intelligence data.

It creates an ecosystem where banks, credit unions, neobanks, and nontraditional financial entities share unprecedented data through application programming interfaces (APIs). APIs are the connective tissue of the digital economy that enables the networking of accounts and data across financial entities. Open banking is reshaping the financial industry.

Once a customer grants consent, financial entities can allow access and control of the personal and financial data of customers to third-party service providers. Fintech startups with purpose-built business models mostly represent these third parties leveraging open banking. All this data sharing occurs through APIs and access to massive data lakes.

The power of aggregating data from many sources provides enhanced customer profiles, buying intents, and purchasing sentiments. Toss in generative artificial intelligence and machine learning and you have the keys to the kingdom of consumer data. Open banking is busting down the walls of centralization and ushering in the era of financial networking anywhere, anytime. With open banking, one can easily change financial institutions and enroll or de-enroll in financial services with a simple click.

With Great Openness Comes Great Risk

All this sounds pretty cool, right? It does—until it isn’t. The promise of open banking can only be realized as long as it is secure. APIs serve as the lifeblood of open banking, but they are one of the most sought-after and compromised components of an attack surface by hackers.

Aite-Novarica Group sees increasing data breaches as hackers focus on open banking APIs. In the U.S., there are 4,135 FDIC-insured banks, most being small and generally having less cybersecurity control rigor. Hackers gravitate to low-hanging fruit to initiate a compromise. With the potential for massive financial industry interconnectivity, the risk is real.

The threat of banking system compromise will move from the application to the API. Hackers have become adept at attacking banking customers with apps on their mobile devices. Still, the haul of illegal bounty is lower than going after an API that, once compromised, is the gateway to great troves of customer financial data. Hackers will leverage open banking communication between a mesh of financial entities where the entity and the customer manage security. Guess which is the weakest link?

Open banking creates a risk trifecta where fraud, loss of privacy, and data exfiltration come with the territory. Hackers can trace down the many APIs a single transaction can generate across many partners, looking for an easy access point to compromise. Open banking leaves us with a huge attack surface to protect.

Fortunately, we have a little time to prepare; open banking in the U.S. is still in its infancy, with most efforts being groundwork where financial entries negotiate bilateral agreements to share data. These agreements provide the why, but the detail is in the how. On top of that, the Consumer Financial Protection Bureau (CFPB) rule, part of Section 1033 of the Dodd-Frank Wall Street Reform and Consumer Protection Act covering consumer access to financial records, is still flailing around in Congress.

Check out my report API Security: Market Landscape about protecting open banking APIs, or if you prefer, contact me here.

Add new comment

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
9 + 8 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

How can we help?

If you have a question specific to your industry, speak with an expert.  Call us today to learn about the benefits of becoming a client.

Talk to an Expert

Receive email updates relevant to you.  Subscribe to entire practices or to selected topics within

Get Email Updates