• About Us
  • Contact
  • Careers
  • Send Us a Tip
Menu
  • About Us
  • Contact
  • Careers
  • Send Us a Tip
CyberNews logo
Newsletter
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
Menu
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
CyberNews logo

Home » Security » Open banking for beginners: how safe is your data?

Open banking for beginners: how safe is your data?

by Jurgita Lapienytė
1 December 2020
in Security
0
hipster staring at a smartphone

Open banking for beginners: how safe is your data? (c) Shutterstock

24
SHARES

“Why do I need to share my date of birth and mother’s maiden name when I buy socks on Wednesday,” hypothetically asks Alastair Johnson, the founder and CEO of Nuggets, the UK-based e-commerce payments and ID platform. CyberNews spoke to him about the risks that open banking poses to consumers and ways to avoid them.

In July, the US fintech giant Dave admitted that it suffered a breach of its customers’ personal data via a third-party provider. Millions of records were put for sale online, the Information Security Magazine reported.

“As the result of a breach at Waydev, one of Dave’s former third-party service providers, a malicious party recently gained unauthorized access to certain user data at Dave, including user passwords that were stored in hashed form using bcrypt, an industry-recognized hashing algorithm,” it explained.

Under the open banking concept, banks are required to share users’ data with third-party providers so that they could perform a number of tasks, such as transactions, personal budget planning, etc.

Naturally, with great opportunities for fintech and customers alike, open banking amplifies the risk of data breaches, as customers’ personal financial information now sits not only within banks’ databases but is also available for third parties.

“You’ve seen some of the best people phished through very intelligent approaches,” Alastair Johnson, CEO at Nuggets, told CyberNews.

Because a lot of breaches happen due to human error, he suggests getting rid of things such as usernames, passwords, and SMS-based two-factor authentication (2FA) because these are security hazards that people can trip over.

He reckons that open banking might be brilliant in terms of what it provides, but it is a big concern for banks, customers, and businesses.

More and more we see that consumers are wanting to take back control and access to services, and convenience. It’s a wonderful drive forward that enables the fintech industry. The opportunity is fantastic, but anything new like this is going to be dangerous, and criminal groups will see new opportunities in it,

Alastair Johnson said.

“Even the best of us get phished”

“More and more we see that consumers are wanting to take back control and access to services, and convenience. It’s a wonderful drive forward that enables the fintech industry. The opportunity is fantastic, but anything new like this is going to be dangerous, and criminal groups will see new opportunities in it,” Mr. Johnson said.

In November, Ticketmaster UK was fined £1.25m for failing to keep its customers’ personal data secure, BBC reported. Ticketmaster had installed a third-party chatbot built by Inbenta Technologies on its website. The chatbot had a vulnerability, and cyber attackers were able to exploit it in order to steal payment details. As a result, 60,000 Barclays bank customers were victims of fraud. Meanwhile, online bank Monzo had to replace 6,000 payment cards due to fraud.

In this case, millions of people in the UK and Europe were exposed to potential fraud. Now, if you are embracing the open banking concept, you let your bank share details with third party providers all the time: when you pay your bills when you shop online, when you download an app for daily budget planning, or an app for saving your spare change, or use an online mortgage broker, etc.

Technically, there are systems in place to protect your financial data. Most European banks already use strong customer authentication that is required under the EU Revised Directive on Payment Services (PSD2) on payment service providers. The requirement ensures that electronic payments are performed with multi-factor authentication to increase the security of electronic payments.

Yet breaches do happen. “It’s good as a whole,” Mr. Johnson reckons. Banks have liabilities to protect consumer data, and fintech, hopefully, is doing their best to protect it, too. Users have become more vigilant because many have been affected by cybercrime themselves, or know someone who did, or have read warnings on social media. 

“If we take away the simple premise of username and password that can’t be phished, then that removes the possibility. You’ve seen some of the best people phished through very intelligent approaches,” Mr. Johnson said.

The problem also lies within using email and SMS for user identification. “We are actually using security verification through a phone communication system that was never designed for that,” Mr. Johnson said. 

Happy couple using mobile phone and making contactless payment in a restaurant
The use of biometrics is accelerating and outpacing legislation

Digital identity

It’s important to say that a third-party provider needs your agreement so that your bank could share your financial data. Still, you are handing over your data to a business entity.

“Our drive is to say that you should have a verified digital identity,” Mr. Johnson said. It should be established with a government-issued photo ID, associated with existing payment sources, data stored via blockchain so that nobody could see it, and used with biometric solutions instead of passwords.

Verification of your digital identity should be based on the transactions you make. After you’ve made, for example, a thousand transactions, which were verified as good transactions by the merchant, the issuing bank, and the receiving bank, you are going to be considered trustworthy.

“Maybe you don’t need to know the date of birth or what my mother’s maiden name is when I’m buying socks on a Wednesday. You don’t even have to know who’s behind the transaction. You know that the real person is verified and making good payments. It’s a solid way forward,” Mr. Johnson said.

Hand of businessman with smartwatch over payment machine held by waitress
Contactless cards may protect you from COVID-19, but will they scare away the fraudsters?

Personal information supplied by an individual should be owned and controlled only by the individual themselves. If necessary, it should only be provided on a read-only basis, which can be revoked, or only made available to specific ID holders, or through verified claims.

“Even if that financial service was breached a week after you interacted with it, there’s no information available about you in that breach,” Mr. Johnson said.

Now, you are still handing over your data to the business. That’s why, he argues, there’s a need for self-sovereign data storage. 

“Yesterday, all the businesses held data. Tomorrow the individual will own and control that,” he said.

While there may be fairly obvious safeguards, Mr. Johnson explained, such as not clicking on links in an email you receive from your bank if you’re unsure that the email is genuinely from your bank, the bigger issue is that usernames, passwords and 2FA have proven to be unsafe time and time again.

“I think the issue here is that we fundamentally don’t think that existing methods of username and passwords, 2FA, etc., are secure, which is why we are advocating the use of verified digital identities. Attacks arising from SIM swapping and email hacking can easily circumvent 2FA in its most basic form. The way institutions can offer their customers true protection – and, in turn, users can feel safe about their data – is by adopting biometrically-verified digital IDs, tied to a payment method,” he told CyberNews.

Share24TweetShareShare

Related Posts

Nohow International leaks sensitive worker data

12,000+ workers’ IDs, banking details, and other personal data leaked by UK staffing agency

19 January 2021
Telegram app on mobile

Watch out: there’s a new Telegram scam about

15 January 2021
Email icon on laptop screen

How phishing attacks are evolving and why you should care

14 January 2021
Ransom message on laptop screen

Why ransomware attacks will explode in 2021

12 January 2021
Next Post
Keyboard with cybersecurity button

Here’s what to look out for in cybersecurity in 2021

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Popular News

  • 70TB of Parler users’ messages, videos, and posts leaked by security researchers

    70TB of Parler users’ messages, videos, and posts leaked by security researchers

    82912 shares
    Share 82901 Tweet 0
  • ProtonMail review: have we found the most secure email provider in 2021?

    61 shares
    Share 61 Tweet 0
  • Bitwarden Review

    0 shares
    Share 0 Tweet 0
  • The ultimate guide to safe and anonymous online payment methods in 2021

    13 shares
    Share 13 Tweet 0
  • Custom mechanical keyboards – 17 coolest ones we’ve ever seen

    442 shares
    Share 441 Tweet 0
Facebook says some users facing issues with Messenger, Instagram

Factbox: How Facebook, Twitter, and others are girding for inauguration threats

20 January 2021
Uploading on mobile screen and Data Protection on desktop screen

Privacy and data protection trends in 2021

20 January 2021
valve logo

EU hits game distributor Valve, five others with 7.8 million euro fine

20 January 2021
google logo

Trump pardons former Google self-driving car engineer Levandowski

20 January 2021
Malwarebytes hacked by state actors behind SolarWinds attack

Malwarebytes hacked by state actors behind SolarWinds attack

20 January 2021
Edvardas Šileris

Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached

20 January 2021
Newsletter

Subscribe for security tips and CyberNews updates.

Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Categories
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
  • VPNs
  • Password Managers
  • Secure Email Providers
  • Antivirus Software Reviews
Tools
  • Personal data leak checker
  • Strong password generator
About Us

We aim to provide you with the latest tech news, product reviews, and analysis that should guide you through the ever-expanding land of technology.

Careers

We are hiring.

  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • In the News
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!