Ahead of RiskMinds International, Lana Abdullayeva, Open Banking & PSD2 Director at Lloyds Banking Group, explores the relationship between PSD2, GDPR and the implications for data security and cyber risk.
Lloyds Banking Group was one of the only banks in the UK to meet the original January 2018 PSD2 deadline. Since then we’ve seen the steady growth in the use of Open Banking technologies, but what does this mean security of customer data?
We can think of Open Banking and PSD2 as the Expedia for banking. It will fundamentally change our everyday interactions with our banks in the future, as well as the way we make payments and the way banks look at and use customer data. It will help to open up the market to new players who provide consumers with new ways to manage their money and make payments.
Innovation in the market that gives consumers greater choice, control and transparency should be embraced, and Open Banking will be a significant opportunity for the industry to work together to shape the future of financial services.
But at the same time it asks some important questions about how we protect our customers’ data and keep it secure, particularly in light of the introduction of GDPR.
For consumers, the issue of trust is becoming ever more important. Being able to trust service providers with data throughout the customer journey is becoming a vital part of the customer experience. With the development of Open Banking, the nature of those journeys is changing fundamentally and we are providing a safe and secure way for customers who want to share data to do so more easily and with a larger number of third parties than ever before.
Our 14 million digital customers trust us to support and protect them every day and we will be there to help them take advantage of Open Banking as these new services develop. At Lloyds Banking Group, our robust, highly sophisticated security processes and layers already offer our customers the high level of protection they would expect while making it easy and efficient to access their account.
However, we can’t stand still and we are always looking at ways we can develop our security measures. For instance, we are currently focusing on how we’ll make online banking and card payments even more secure by introducing multi-factor authentication. This is where customers provide two of the following;
- something they know (a password),
- something they have (a computer / mobile phone) and
- something they are (Biometrics such as a finger print).
This isn’t just an issue for individual providers and we have to tackle this as an industry. Europe and the rest of the world has been watching as the UK has been the first to establish this new world-class secure capability, and we’re extremely proud, not only to have been part of the pioneering group, but also as the biggest UK bank to make Open Banking services possible for our customers. It’s a massive achievement and a huge amount of effort went in to being the only bank ready from day one.
Of course, it’s got to be slow and steady to succeed. It’s a phased start with gradual uptake and there’s a lot of work to be done to improve customer experience, reduce friction and increase customer confidence.
The industry started with simple currency payments in sterling only, and two account types. The more complex payments are still to come.
The regulators are still to provide clarity on APIs, screen scraping and other methods. But as an industry, we need to ensure we deliver compliance obligations safely and securely for customers without overcomplicating things by adding too many other things into the mix.
As a whole, the industry has done a lot of work in the Payments Strategy Forum, establishing Customer End User Needs, which ought to drive any road map deliberations in the future. For instance, we have recently seen the confirmation that the ‘Confirmation of Payee’ service will be rolled out in 2019, which will allow consumers to check the name of who they are paying.
Fraud often makes the headlines, so initiatives like this are an important part of improving customer trust in services like Open Banking. It’s important that we continue to give customers control over their data. It is the customer’s choice whether they wish to share their data or make a payment and they can stop sharing data at any time through their Internet Banking. However when they do, we’ll ensure they are using a secure connection to share data and payment information with regulated companies.
As we improve confidence, we’ll be able to help our customers make the most of the new services that are being developed.
Our plans to digitise the bank are progressing well. We’ve been busy behind the scenes in our customer labs, trying to get under the skin of the types of services that will make the biggest difference to our customers. We are currently focusing on testing Open Banking APIs with other banks and third parties, exploring a range of services beyond our current everyday banking offering along with new ways to enhance our top rated mobile app.
