The battle of the moment in the financial services industry is over access to and control of consumer financial data, whether login details like account numbers and passwords or data about how customers use banking and payment services, such as interest rates and historical purchase records.
Both sides in this fight – established banks and upstart financial technology (fintech) companies – say they need control over consumer data to compete in the financial services marketplace. While banks are working hard to stay relevant in a rapidly changing digital world, fintech companies complain that banks are hampering their development of new apps and even doing consumers a disservice by blocking fintech attempts to access, analyze or collect data.
Banks battle over data with Fintechs
The heated debate will surely continue, but does it need to? The issue may already be settled for consumers. While they definitely want convenient and simple services online and on mobile devices, those digital services need to be (and feel) secure to win customer support. Studies show time and time again that consumers still trust banks more than any other organization to safeguard their data, calling into question whether fintech companies need to (or should) be given unfettered access to consumer data.
Banks should view consumers’ steadfast trust as an opportunity rather than a mandate in the quickly changing market for financial services. They must recognize that, while fintech companies are better equipped to meet consumer demand for convenient services because of their ability to develop, test and refine apps more quickly, banks are still best equipped to securely manage the data that powers fintech. They should consider themselves a secure conduit for data rather than a victim of fintech aggression.
Consumers concerned about personal financial data
A recent Gemalto report highlighted consumer data and privacy concerns:
- Consumers’ security concerns are high; two-thirds (67%) worry they will be victims of a data breach in the near future.
- 70% of consumers would stop doing business with a company if it experienced a data breach.
- 62% of consumers feel businesses are responsible for data security
- consumers often have poor security hygiene themselves and fail to take advantage of available security measures such as two-factor authentication (41%) for social media accounts.
Conversely, fintech companies should recognize that the spread of data across more applications weakens the core security of the entire financial system by increasing the “attack surface” for criminals, who may steal passwords from one website or app and win access to five others. Fintech companies may not be equipped to shoulder the liability that comes with a breach, and can lean on banks’ security expertise to guide the build out of their own defenses as they scale up.
Consumers keen on Fintech
A better way to create the future consumers want is to allow banks to capitalize on the strength of their security measures by shifting business models to become “app enablers.” Banks can identify third-party apps as trustworthy for their customers by selectively sharing data with fintech companies that create valuable digital experiences but also take pragmatic steps to demonstrate the security of their apps.
Meeting fintech halfway, providing secure data access along with cybersecurity guidance, will help keep banks involved in the development and rollout of robust new applications that can help consumers simplify their financial lives without sacrificing the advanced security they’ve come to trust.
Citigroup, Capital One, Bank of America and others have already started feeling out their new role as technology enablers. These banks are building secure hubs for application programming interfaces (APIs) that fintech developers can use for application testing, at first in digital “sandboxes” with imaginary customer data.
These banks are proactively giving fintechs the data access they need to develop great new services, but initially holding back genuine data also gives them an opportunity to evaluate fintech security measures and consumer demand for the solution before sharing real customer data and associated responsibility.
Once banks are satisfied by fintech security measures, they can then offer customers simplified access to these newly trusted apps, whether through existing bank portals or as standalone applications that connect to bank databases on the back-end.
Banks that act as app enablers may also exert some influence over the broader ways new fintech is developed and how apps compete for market share. If banks set a high bar for fintech security before they’re willing to share real data, they can instigate a more security-conscious culture among fintech companies. Rather than hustling to be first-to-market at the expense of consumer security, fintech would ideally aim for best-in-class security that wins them partnerships and access to data from banks.
Banks and Fintechs need to collaborate
For their part, fintech businesses that proactively adjust strategies to prove they’re worthy of banks’ trust may win themselves more than data access: proving the veracity of security measures and their value to consumers can make them attractive acquisition targets for banks, giving them a choice between making an exit or using buyout offers as proofs-of-concept and continuing to compete for more lucrative partnerships.
The tough pill for banks to swallow is that they will inevitably have to concede to fintech in some cases where services compete, whether in personal investments, loans or payments. Banks don’t (and likely never will) hold a monopoly on the financial apps their customers use, and stonewalling fintech simply won’t help banks provide the services consumers crave nor will it keep their customers around in the long run.
It’s time banks and fintech both took their medicine. Sharing data selectively through secure APIs now can help banks stay competitive in the future by offering customers a wider range of trusted digital services, developed either internally or by third-party fintech companies. Those that selectively share data will also continue to strengthen consumer trust by proving to customers that data will always be kept behind enterprise-grade cyber defenses, helping cement banks’ own future as trusted technology enablers in a more digital financial world.
Guest Author: By Håkan Nordfjell, SVP of Digital Banking, Gemalto