Share this post
What is this article about? Protection is required for online e-commerce and open banking transactions covering fraud, dispute of purchases and non-delivery of goods/services.
Why is this important? As retail open banking services are being offered at scale in countries such as Australia, Netherlands, and the UK, the integration of payments in various transactions increases the risk to consumers, which needs to be addressed.
What’s next? Payment firms need to balance offering innovative products in retail open banking with the increased risk of fraud by implementing a rapid response mechanism that prevents fraudulent transactions from spreading to other accounts.
As retail open banking continues to grow, mechanisms should be put in place to balance innovative products for consumers while ensuring adequate fraud protection.
With retail open banking just starting to make strides in most countries beyond the regulatory mandate, the burden of customer protections is falling on merchants. In January 2023 alone, according to Open Banking Limited, seven consumers and SMEs used open banking services.
However, the integration of payments in various transactions increases the risk to consumers as by exposing their account or card data through application programming interfaces (APIs), it could accelerate cyber-attacks, impersonation, and fraudulent transactions. Without rapid response mechanisms in place, a single compromised account could spread to other accounts.
“The protection must be offered by the payment processor or the provider,” says Nilesh Vaidya, global industry head for retail banking & wealth management at Capgemini.
“Historical data on fraud, disputes, and chargebacks from card providers provide the basis for financial risk estimation. Each company can adjust the financial risk metrics for its own business and cover the outlier costs through custom insurance coverage.”
Protection is required for online e-commerce and open banking transactions for both consumers and merchants that should cover fraudulent transactions and disputes over any purchases, such as the quality or the non-delivery of goods or services.
Upcoming regulatory work
In April 2023, the Joint Regulatory Oversight Committee (JROC), co-chaired by the Payment Systems Regulator (PSR) and the Financial Conduct Authority (FCA) published its recommendations for the next phase of open banking in the UK.
One of the key priorities identified for the next two years is to ensure that effective protections are in place when using open banking products and services.
This means that everyone involved in open banking transactions should act together to minimise any risks and ensure that those who control the risk, are held liable for errors and the right processes are in place to resolve disputes efficiently. It should also enable refunds to be easily initiated.
“We have tasked the variable recurring payments (VRP) working group with looking at the consumer protections and dispute processes that will need to be put in place to ensure payers and buyers are adequately protected, both for simple and potentially less risky use cases and mapping out a blueprint to a wider rollout,” says Andrew Self, senior policy manager at the PSR.
Retail transactions present different challenges to person-to-person payments. For example, a retailer may need to choose when a payment is made or change the transaction amount after the customer has authorised their payment; such as when substitutions are made in an online supermarket order. There are also increased risks associated with goods bought online, or those with a long delivery time such as furniture.
“This means thinking about protection throughout the payment chain, including before things go wrong, for example making sure all parties have the right information to assess risks and make effective decisions to prevent harm,” adds Self at PSR.
The challenges of oversight
One of the key challenges to open banking relates to the prevalence of data misuse, financial crime, and fraud due to the lack of oversight.
Banks traditionally had significant oversight over their customers’ spending habits, which enabled them to form a view of suspicious activities or behaviours. However, open retail banking and the increased number of non-traditional payment instruments and gateways reduce banks’ ability to retain a holistic view of their customers’ transactions.
“This may potentially limit the effectiveness of the banks’ transaction monitoring processes, which is a key line of defence against financial crime,” says Andrew Barber, partner at Pinsent Masons.
In addition, the increase in outsourcing has led to concerns about the impact of technology failures of third parties providing essential services.
“Larger financial institutions typically have systems in place to protect the vast amount of data they hold and transfer to third parties, newer participants in the payments markets may not have such established systems,” says Jessica Cooke, senior associate, regulatory and investigations team at Dentons.
The future of open retail banking
According to Capgemini, banks are looking to incorporate the development of open banking channels as a part of their larger growth strategy. For example, Banco Bilbao Vizcaya Argentaria (BBVA) has an API marketplace for open banking.
JP Morgan Chase and Mastercard have also collaborated to launch Pay-by-Bank, where customers provide permission to pay bills directly from accounts without entering the account number and routing number.
“Open banking, and the move to open finance, presents a huge opportunity for faster, cheaper payments by cutting out intermediaries who control the flow of funds,” says Oliver Irons partner at Simmons & Simmons, a financial services regulatory practice. “Non-sweeping VRP and opening up credit and mortgages are the next opportunities.”
“The Future of Payments Review in the UK and proposals for PSD3 point the way towards the removal of regulatory blockers to greater innovation and growth in this space.”