Open Banking in the Middle East
Open banking is gaining momentum in the Middle East, and while many organizations were slow to recognize the opportunity, several of the region’s largest banks recently launched their own digital banks to test the market.
Bahrain has played a vital role with this initiative and adopted the open banking framework locally. It is also advocating other countries in the Middle East to start using the framework in order to enable banks to benefit from fintech digitization.
In Saudi Arabia, Saudi Central Bank (SAMA) has announced that they are going to go live with their own open banking policy with directives that will be enforced starting mid-2022.
The UAE is also clearly on its way. Financial software provider, Finastra, found that nearly nine out of ten institutions in the UAE plan to enable open banking in the next 12 months. The Central Bank of UAE and state regulators have voiced their support, and the federation’s government has announced its interest in supporting digital banking investments. The Dubai Financial Authority (DFSA) started granting open banking licenses in 2020.
What Is Open Banking Really About?
Open banking is about opening greater banking opportunities for consumers. From a technology perspective, it is about the establishment of a common application programming interface (API) to facilitate the fast and secure exchange of information between applications in a region or country.
The Middle Eastern region is gaining traction for new open banking API vendors as well as fintechs. It is ready to digitize consumers with the Open Finance space by sharing their account and payment information data.
Most banks know that sharing this sensitive information requires valid informed consent from the end user. The Revised Payment Services Directive (PSD2) in Europe, which has been inspiring many of the Middle Eastern open banking approaches currently in the works, explains this through the Strong Customer Authentication (SCA) workflow.
Implementing SCA requirements means that only using out of band (OOB) one-time passwords (OTP) sent by SMS or email will no longer be enough. Many banks in the region are still using this authentication method to validate funds transfers. OOB does not give consumers full transparency on consent. With an open banking approach that would require SCA, consumers in the UAE and surrounding countries in the region will get detailed information on the transactions they are performing.
Secure codes or OTP sent through OOB are still widely used today and while many argue its validity to quality as part of the SCA workflow, according to the Ecommerce Europe, it qualifies as the “possession” factor and would be a valid part of SCA if combined with a “knowledge” and or an “inherence” factor. However, without conforming to dynamic linking it still poses a risk and could be compromised by way of a man-in-the-middle attack. OOB authentication is a highly insecure method that can easily be breached. OTP secure codes provided through offline authentication are a much better alternative that remains compliant with SCA challenge/response and offer a similar journey to consumers. The big difference here is that it is secure and offers a full context with details on the transaction being authorized, it ensures that data and financial assets aren’t put at risk, which can come at a high cost to financial institutions that don’t take this seriously.
Some Organizations Move Ahead of the Regulations
Regulations have evolved in tandem with open banking developments to reduce risk and protect against fraud around the world. The financial industry however stands at an inflection point. As offerings expand and consumers demand more customization, choice and control, the companies that win will be those that go beyond regulations to align with customer needs. Those that view open banking solely as a technology play will be vulnerable to disruption.
Al Ain Finance is a great example of a digital only bank that launched its services fully compliant with open banking regulations and SCA. This financial institution is a true innovator both in terms of technology by being first to implement its software providers’ cloud-native core banking platform, but also in how they prioritize their customers by giving them an exceptional mobile banking experience.
HID has the required SCA solution to support a smooth open banking framework implementation and maintain compliance; read more about our consumer authentication solutions.
Want to learn more about open banking around the world? Take a look at this eBook that explains how going beyond regulations is required to stay ahead >>
Dinesh Madan is a Senior Pre-Sales Engineer for HID Global in the IAM Consumer Authentication area. Dinesh has profound technical background and global experience in the fields of Identity and Access Management (IAM), strong authentication and network security.