Op-Ed: Driving embedded finance while managing data security risks

Whether considering loyalty programs or payment preferences, big data can provide unique customer insights and assist in crafting hyper-personalised experiences that directly drive engagement. As many of us have come to realise, our banks often know more about us than we do ourselves. Banks sit on a wealth of customer data, and open banking legislation – that dictates that banks become more open and collaborative – is democratising this rich source of financial data (hopefully) for good.

While data availability is creating fresh opportunities in the fintech sector, data security is a growing challenge in this digital age. Consumers have ever-rising expectations for rapid innovation, digital-first technology, and seamless experiences, but security is now a major concern, particularly in light of the high-profile data breaches in Australia last year. Consumers are looking for engagements they can trust, so how can financial institutions, fintechs and other non-financial brands harness the power of data while managing risk?

Embedded disruption

In the past, most individuals would have to rely primarily on traditional financial institutions to access financial services, and those large financial institutions were largely trusted. However, today, from paying for goods within an e-commerce app, or getting a loan at checkout (e.g. through “buy now, pay later” options), embedded finance puts tools that once required a trip to the bank within a single tap or click.

Embedded finance takes products or processes that are typically delivered by banks and integrates them into non-bank services or experiences. And open banking acts as a springboard for embedded finance by allowing third parties to access financial data through the use of application programming interfaces (APIs), unlocking fintech innovation in the process.

Invisible to consumers, embedded finance seamlessly blends into everyday experiences and is rapidly reimagining the way Australians consume financial services. While the convenience and speed that embedded financial services offer have marked a shift in customers’ preferences, a consumer survey by FIS found that concerns over data security present key hurdles for the broader use of embedded finance in Australia.

APIs are key

Technology advancements, coupled with open banking regulations, are making it easier than ever for businesses from all areas of the industry to embed financial capabilities in their products and deliver a more frictionless customer journey. As open banking promotes the sharing of banking data between banks and authorised third parties via APIs, it also provides banks and financial services organisations with the opportunity to open up banking-as-a-service (BaaS) business streams.

VIEW ALL

In practice, BaaS harnesses the flexible power of cloud and open APIs to reconfigure the banking value chain and allow non-financial companies to market financial products exactly where, and when, they are needed. For example, if a fintech company is building an app using Amazon Web Services and there is a workflow where the end user is offered the option to open a bank account, the app developer could turn to an API marketplace to plug in an “open bank account” module.

But it isn’t just banks and financial services organisations that benefit from this technology. Ultimately, it is also empowering non-financial brands to expand into adjacent services and deliver lucrative value-added services, thus boosting revenues.

Ensuring security

While there are clear benefits to considering API delivery, this can also present a security challenge. The trend towards open banking and embedded finance promotes growing interconnectivity, which, unfortunately, creates more points of vulnerability.

Data breaches, fraud, and security attacks are expanding at a rapid pace. Tens of thousands of data breaches are reported in Australia each year. In an effort to build and grow customer trust, banks, fintechs, and non-financial businesses must work together to ensure they are protecting customers from any threats.

As more businesses embrace embedded finance, the following areas come into focus:

1. Security standards. Technology innovation with APIs must be carefully aligned with security processes and procedures for firms to continue their role as trusted advisers to their customers. All firms should have strong security protocols in place and, in addition, leverage emerging technologies such as artificial intelligence and machine learning to detect and prevent a negative cyber event.
2. Biometric security. To keep customer data secure, it is best to offer convenient solutions that ensure a high level of security. One way this is increasingly achieved is through facial recognition, comparing a government-issued photo and a live photo to verify a person’s identity before accessing sensitive information. Businesses can also introduce fingerprint scanning for this same access. These forms of identification can add a powerful layer of security on top of multifactor authentication.
3. Customer education. Education regarding security is fundamental. Many data breaches occur not because of insufficient security controls but due to “social hacking”, whereby uneducated or unwary consumers inadvertently provide the necessary data for breaches to occur. Financial institutions and fintechs need to work together on product and risk education for clients to not only ensure that they have the right resources to make informed decisions but that they are also equipped to identify payment and banking scams and safeguard their personal data.
4. Data protection regulation. Fortunately for consumers, there are significant (and increasing) regulations and protections in place, especially when it comes to financial data. It is critical that regulation continues to keep pace with tech innovation, especially around the use of data and privacy. For smaller businesses or start-ups, extra care must be taken to properly educate employees on the latest regulations and customer data protection laws to avoid mistakes such as writing down sensitive customer information.

As our world becomes increasingly integrated, with data playing a key role, it is vital for businesses to focus on security and education in order to reduce risk and, most importantly, build and retain their customers’ trust. While navigating the intersection of digital and security in embedded finance, a strong collection of data can create seamless, personalised experiences for customers across all industries.

Nick Aronson is the vice-president of capital markets, APAC country management, at FIS.