Editorial

Open Banking – The Answer to Reducing Fraud and Streamlining Access to Government Services.

Susan Morrow, Head of R&D at Avoco Secure has written a guest blog on how ‘Open Banking’ can help reduce fraud across the government’s digital services.

Posted 17 August 2020 by

Government services have been on a roller coaster ride for years now as technologies come and go. This situation is not unique to the UK. Government bodies across the world are actively trying to tackle the issues of customer engagement using identity tools. In the UK, even with the efforts of Verify, we still have a mosaic of capability when it comes to that engagement. 

Giving the public the ability to interact and transact with government at local or national level is no mean feat. The operative word in that last sentence for the discussion today is ‘transact’. We tend to hear a lot about ‘identity’ but less so about how the customer transacts with government. 

For years the cry has been for the banks to be the cornerstone of identity services in the UK. A new (ish) initiative called ‘Open Banking’ may hold the key to facilitating government transactions and delivering this requirement. 

What is Open Banking?

Open Banking was conceived as part of the second Payment Services Directive (PSD2). Much focus on PSD2 has been on requirements around customer authentication during a transaction (Secure Customer Authentication – SCA). However, within the PSD2 legislation sits the goal of creating a new ecosystem of banking, one that opens up banking data to make it easier for new players to enter the field, opening up competition, creating new opportunities for financial innovation, and so on. 

The way that the banks were expected to facilitate this opening up of their data vaults, was to create an interface that third parties could call upon to request certain things, like bank details. This interface is known as an API or Application Programming Interface. APIs offer a way for software to expose their services to other local or remote systems. In other words, APIs connect the dots.

The Open Data V1 API standards were made public in 2017. The EU’s PSD2 and the UK’s Competition & Markets Authority (CMA), are the driving force behind open banking. Other countries are starting to follow. In a survey “Open Banking Report 2019”, 87% of respondent countries were putting Open Banking initiatives in place.

About 18-months ago, at the Think Digital Partners conference, an audience member asked me if I thought Open Banking would be part of a government identity ecosystem. Back then, the only readily available services through Open Banking were ATM locations or what products a bank offered. I responded to the question with a “yes, you could do it, but it wouldn’t be worthwhile.” 18-months on, Open Banking is ready to roll.

How Can Open Banking Work at Government Level?

The ethos behind Open Banking is to make it easier for retailers and their customers to securely share financial data. I have two things to say about that: 

  1. There is no reason why government cannot also make use of financial data sharing through Open Banking APIs; after all, if any organization needs an easier way to perform financial transactions with customers it is government.
  2. Open Banking has other capabilities besides the sharing of financial data…

More than just financial data:

Banks have processes that must be adhered to when a bank account is created. This takes the form of a type of due diligence called “Customer Due Diligence” or CDD (also known as “Know Your Customer” or KYC). The process reflects regulations that cover Anti-Money Laundering (AMT) and Financing of Terrorism (CFT). In a nutshell, banks need to perform a lot of checks to ensure the customer really is Jane Doe of 10 Acacia Avenue, Northumberland, and is not an international terrorist cell member. It costs a lot of money (and time) to perform these checks.  

Open Banking offers government more than just a platform to perform a financial transaction. It offers assured data and the opportunity to take advantage of banking due diligence.

Example Use Case: An Avoco Open Banking service used for government services paying out money. The service ensures a customer has been verified and authenticated by their bank, is in control of an identity, and the account that is being credited is verified as their bank account. This process cuts the chance of fraudulent activity. Importantly, this can be added to existing accounts and not just new users.

Three Benefits Open Banking APIs Offer to a Government Service:

Benefit one: Your customer can log in to your service using an Open Banking API. The act of signing into a verified bank account confers organic assurance to the government doing business with that person.

Benefit two: Personal ready-assured data is available using an Open Banking API. These data are assured as they have been through the CDD processes under the remit of AML/CFT regulations.

Benefit Three: This is perhaps one of the most beneficial. A government service can use Open Banking at any relevant part of a customer user journey. For example, a service may need to validate a benefit transaction by requesting banking information at the point of a customer application. This benefit can be done independently of any account registration process. By doing so, you decouple identity from a transaction.

How Can Government Take Advantage of Open Banking?

Identity orchestration engines, such as that delivered by Avoco Secure, are designed to connect the dots across an API-enabled ecosystem. The “dots” include:

  • Open Banking APIs directly or using an aggregators give access to thousands of different banks and their users. Including business , personal and credit card accounts.
  • Federated Identity accounts, any system that uses standards, including social providers, wallet IDs, and even Verify
  • Verification checking services (if extra checks need to be carried out, e.g., for very high value transactions)  
  • Extra data can be brought in if needed, checked, and then aggregated or not held (as required) 
  • Consent management to make sure that at every point where data is shared a consent is recorded

APIs have revolutionised identity-based transactions. They allow all the functionality needed for identity systems to be pulled together into a coherent platform to perform tasks. For example, take someone applying for universal credit:

  1. When a customer sets up an account, they could be offered a way to get that account assured more easily using Open Banking CDD assured federation. The customer logs into the bank account and by this action, assurance is shared with the government service.
  2. The customer can then be asked to add more data to their account when that is needed, the orchestration engine calling out to connected services that can provide these data.
  3. When the customer applies for a benefit, they can use Open Banking to provide financial details.
  4. The orchestration engine has rules that can be applied at any stage of customer interaction with the government service to provide the necessary data/consent/checks.

Open Banking is a regulatory requirement. Currently, the Open Banking Implementation Entity (OBIE) is seeing strong growth in the use of Open Banking. There are thousands of banks across the globe that have exposed their data using the Open Banking API initiative.

Open Banking Opening the Floodgates to Government Services

As a standalone idea, Open Banking is revolutionary. But all revolutions need careful implementation to ensure success. Connecting up government services directly to an Open Banking API will confer some functionality that is useful. However, the devil is in the detail. You need to have something behind the scenes orchestrating the rules of engagement. My mother used to always say to me “nowt is ever easy”. This is true, it would be wrong to say that technology is as simple as pressing a button and hey presto it’s done. But the full capability of Open Banking including the power of CDD and financial data can be taken advantage of by using identity orchestration engines.

As long as the solutions meet the Open Banking regulations there is no requirement to get the bank’s permission to use the Open Banking verification and data APIs. 

Key to delivering services using the Open Banking APIs is utilising a decoupled and layered approach with business rules. This enables dynamic customised services for individual relying parties. Avoco Secure, along with our partners, are already live with solutions that government can utilise to reduce fraud and streamline verifying users. 

About Susan Morrow:

Susan has worked for over 20 years in the cybersecurity and digital identity space. She currently holds the position of Head of R&D at identity data specialists, Avoco Secure, based in the UK.

Susan’s focus is on strategic development and solution architecture. Core areas of her domain knowledge include the use of technology layer linking, usability, accessibility, and data privacy. Her mantra is to make sure that human beings control technology not the other way around.