What is open banking?
Open banking is a relatively new scheme to drive more innovation in the financial sector. Banks are allowed to share customer account information with third parties, with the customer’s permission. Third parties can be given access to:
· Accounts and balances
· Transaction history
· Standing orders
· Payment initiation
The last point is the crucial one. Open banking potentially allows third parties to make payments from a customer’s account if they are given access. You might think that very few people will hand over the keys to their bank account, but many customers simply accept terms and conditions and cookies whenever they pop up, without properly examining what they are handing over.
This means that third parties will often find themselves with a similar level of access to a customer’s financial information as banks. That will allow them to create new, more personalised financial services and marketing, but it also gives the third party much more responsibility to take care of that data.
How does penetration testing make open banking safe?
Penetration testing finds weaknesses in your organisation’s cybersecurity by simulating a sophisticated cyber attack. Pen testing is important for any business, but it becomes much more important when you have access to banking information. Having that access makes you more of a target for bad actors looking to break in and steal those details.
When you are looking for a penetration testing provider, you must make sure that they are CREST-accredited. This accreditation means they are a legitimate provider of pen tests that you can trust. OmniCyber Security offers CREST-accredited testing from world-class pen testers to help get your organisation watertight before you implement open banking.
Another way in for a potential hacker is through the Application Programming Interface (API) that connects the third party to the customer’s bank. In an open banking situation, the bank will provide the API for third parties to view. This interface must be rigorously tested to make sure no bad actors can hook into the API and start asking customers for permission to access their information through phishing. At OmniCyber Security we also offer expert API testing services to make sure your system is secure.
Businesses wishing to use open banking must be approved by the Open Banking organisation, and to get that approval, they should be penetration tested and comply with ISO27001. OmniCyber Security can provide you with all the support you need to make your service secure enough to enjoy the opportunities offered by open banking.
Contact OmniCyber today to talk to our expert team about the needs of your company.