top of page

Is Open Banking safe?

Only companies authorised or registered by their National Competent Authority (<a href="/glossarycollection/national-competent-authority" style="color:#48277C;" target="_blank" title="National Competent Authority"><u>NCA</u></a>) are able to access online accounts via Open Banking. The processes underlying authorisation and registration impose considerable security and auditing obligations on the provider to mitigate the risk around Open Banking accesses.<br/><br/>

Third-Party Providers (<a href="/glossarycollection/third-party-provider" style="color:#48277C;" target="_blank" title="Third-Party Provider"><u>TPP</u></a>) must always obtain explicit consent from customers before accessing bank accounts. This consent must be auditable and the TPP must be able to show proof of this consent to the regulator on request. In addition, the account provider must keep a log of their customer's access history.<br/><br/>

As importantly, the Regulatory Technical Standards (<a href="/glossarycollection/regulatory-technical-standards" style="color:#48277C;" target="_blank" title="Regulatory Technical Standards"><u>RTS</u></a>) from the European Banking Authority (<a href="/glossarycollection/european-banking-authority" style="color:#48277C;" target="_blank" title="European Banking Authority"><u>EBA</u></a>) impose a requirement for all European account providers to ensure Strong Customer Authentication (<a href="/glossarycollection/strong-customer-authentication" style="color:#48277C;" target="_blank" title="Strong Customer Authentication"><u>SCA</u></a>) on any account access.

Previous
bottom of page