View upward of a skyscraper from street level

Open Banking in Germany

It’s no understatement to say that Open Banking is transforming the way that financial institutions operate — and the way consumers move and use money. By empowering banks to share account information in a secure, standardized format with other authorized organizations, Open Banking is increasing transparency, facilitating collaboration and opening up new product opportunities.

While most of the world is striving to meet the so called “European standard for Open Banking” and aspire to implement directives similar to the Revised Payment Services Directive (PSD2), it is important to realize that Open Banking is still at a very early stage and is unfolding unevenly across the region.

The UK is still one of the largest providers of worldwide financial services, and its nine largest banks had application programming interfaces (API) in place already in 2018. Banks on the European continent, by contrast, didn’t launch them until September 2019. Adoption rates throughout the Nordic region are high — especially in Norway, where the Nordic API Gateway, now called Aiia, enjoys a penetration rate of 95% among retail and business accounts. In Germany, reports suggest that most APIs either don’t work, time out or make integration near impossible, which makes for an interesting challenge to say the least.

Open Banking implementation is highly influenced by the culture or mindset locally. While Germany is a country known for its orderly culture, and for being innovative, especially in the automotive industry where most of the patent applications are made, the banking sector’s adoption of the Open Banking framework is showing another viewpoint. Incumbent banks in the country are notoriously conservative and seem to be rooted in the mentality that few of their customers want to see their bank take big risks. The theory behind why Germans are facing the API challenges mentioned above could be rooted in the idea that they were being implemented to answer to a regulation as opposed to being linked to revenue generation.

The True Justifiable Reward

Open Banking has further enabled the fintech industry around the world and frankly supports competition by giving consumers the opportunity to pick convenience instead of feeling stuck with one bank. And yes, Open Banking can be seen as a disrupter to incumbent banks, but it could be argued that this disruption would have come either way. In fact, McKinsey argues in their white paper titled German banking returns to the playing field, that two out of three German banking executives think radical changes are required in the industry. Big organizations such as Deutsche Bank are working on driving change according to a recent interview with the Paypers. There seems to be a consensus that standing still isn’t an option.

Regulatory trends such as the European Revised Payment Services Directive (PSD2) have already been pushing banks to focus on automation, advanced analytics and security protocol to see productivity gains within payments. One requirement that benefits all parties involved is the Strong Customer Authentication (SCA) workflow as articulated in article 4 (30) by the European Banking Authority (EBA).

Implementing SCA requirements means that only using out of band (OOB) one-time passwords (OTP) sent by SMS or email will no longer be enough, something that many banks are still using today.

Secure codes or OTP sent through OOB are still widely used today and while many argue its validity to quality as part of the SCA workflow, according to Ecommerce Europe, it qualifies as the “possession” factor and would be a valid part of SCA if combined with a “knowledge” and or an “inherence” factor. However, without conforming to dynamic linking, it still poses a risk and could be compromised by way of a man-in-the-middle attack. OOB authentication is a highly insecure method that can easily be breached. OTP secure codes provided through offline authentication or simply moving to a push notification solution is a much better alternative that remains compliant with SCA in regard to challenge/response, and it offers a seamless journey to consumers. The big difference here is that those alternatives are secure and offer a full context with details on the transaction being authorized. It ensures that data and financial assets aren’t put at risk, which can come at a high cost to financial institutions who don’t take this seriously. This is where security and consumer experience go hand in hand.

Some Organizations Move Ahead of the Regulations

Regulations have evolved in tandem with Open Banking developments to reduce risk and protect against fraud around the world. The financial industry however stands at an inflection point and Germany certainly isn’t an exception here. As offerings expand and consumers demand more customization, choice and control, the companies that win will be those that go beyond regulations to align with customer needs.

Sparkassen-Finanzgruppe is one of the organizations leading the way in the country. They launched wallis, a central API portal that enables the collaborative development of innovative services and new business models for Sparkassen’s alliance partners and fintechs. The portal has now been granted a BaFin license, which significantly increases the company's sphere of activity. Thanks to this license, wallis receives permission to provide account information, payment initiation services and regulated services as part of their offer for partner companies and fintechs. A wallis representative recently shared that one possible application would be the integration and analysis of sales data for tax returns.

Banks and other financial institutions in Germany, have a lot to learn from Sparkassen-Finanzgruppe. Those that view Open Banking solely as a technology play or a threat will be vulnerable to disruption and this bank truly shows how Open Banking is to be taken as an opportunity.

HID Global has the required SCA solution to support a smooth Open Banking framework implementation and maintain compliance, read more about our consumer authentication solutions.

Want to learn more about Open Banking around the world? Take a look at this eBook that explains how going beyond regulations is what’s required to stay ahead.

Vaclav Maska is the HID Global Sales Lead for DACH and CEE in the IAM Consumer Authentication area. Vaclav is a multifaceted professional with extensive experience in driving business growth and continuity. He has extensive experience with financial institutions, advising on integration of SaaS technology to secure customer identity and ensure data protection based on local regulations.

RECENT POSTS

HID Origo™ 개발자 포털 소개

HID Origo™ 개발자 포털의 가용성에 대한 소식을 전해 드릴 수 있게 되어 기쁘게 생각합니다. 이 포털에서는 기술 파트너들에게 직원들의 물리적 및 디지털 경험과 기술이 혼재하는 앱과 API 통합을 구축하는 데 필요한 도구와 지원을 제공합니다.

10월은 국가 사이버 보안의 달입니다

매년 10월은 정부와 사이버 보안 업계가 협력을 도모하기 위해 지정한 국가 사이버 보안 인식의 달(NCSAM)입니다. 이 교육 기간 동안 유익한 정보를 통해 기업과 개인이 온라인에서 스스로를 보호할 수 있는 방법에 대한 인식을 고취시킬 수 있습니다.