Open Banking cyber security - staying secure in an open world

06 July 2018


This is the first in a series of short blogs that sets out some of the security challenges that banks should be aware of when they consider Open Banking. I joined PwC in January after 10 years at a large UK retail bank working in the front line security team. The aim of my blogs is to help banks get onto the front foot when thinking about Open Banking and security, and perhaps even build a framework to do so.

Before reflecting on this, its worth setting out a few pointers:

  1. This series of blogs will make the assumption that you’re familiar with Open Banking and its European cousin PSD2. If you’re not familiar with Open Banking, be sure to read our new report ‘The future of banking is open - how to seize the Open Banking opportunity’.
  2. There’s no ‘secret sauce’ to thinking about security and Open Banking, by building on what you’re doing already, you can comfortably think through what Open Banking might mean for you and your customers.
  3. We’re going to need a bigger boat…framework: to my point above, we’re going to use Identify, Detect, Protect, Respond & Recover from the NIST framework to think about Open Banking and security. In my next blog I will focus on Identify and Detect.

I’m going to leave you now with the parting words - it pays to be open to Open Banking (see what I did there?). Our research has sized the market at £7.2 billion potential revenue by 2022. For you as a bank and your customers, there are opportunities to be embraced from a security point of view. More on this in the next blog.

In the meantime here’s a short video on Open Banking and cyber security.