by Alastair Johnson, the founder & CEO of Nuggets
The open banking concept is slowly eating the financial world. Cannibalising the monopoly financial institutions once had on the management of customer funds, regulation around the world is pushing banks to establish APIs so that anyone can create applications that tap into functions previously reserved for these institutions – spending, receiving, analysing account activity – all whilst leveraging the security of the incumbents holding the funds.
By all accounts, this is a win for fintech. At last, significant progress is being made towards a financial system that harkens to the open-source movement. Banks have traditionally been conservative in their adoption of new technologies, but that’s more acceptable now that this side of things can be left to those that specialise in software.
Before rejoicing about the impact open banking will have, however, it’s vital not to gloss over some of the inherent problems that exist in cyberspace today. The very foundations of the systems we interact with multiple times on a daily basis are deeply flawed and incapable of adequately protecting our personal data.
The reality of the situation is that, in order to enjoy the services offered by merchants, websites or any number of businesses, consumers must sacrifice sovereignty over their information (card details, home address, phone number) to a centralised data silo, waiting to be looted by a malicious actor. The measures implemented by both GDPR and PSD2 attempt to address this, but are nowhere near equipped to deal with it effectively.
This is because protecting data and sharing data are competing forces. Your data is at its safest stored on an always-offline device, but of course, this makes it useless when day-to-day life requires that it’s shared. Stuck between the proverbial rock and a hard place, individuals must choose between relinquishing control or living without access to staples of modern life.
Fortunately, neither of these two extremes will persist for much longer. Advances in blockchain technology and cryptographic techniques are poised to eradicate the weak structures we’ve been feeding for decades, by giving rise to a decentralised ecosystem where individuals, and individuals alone, are in complete control of their data.
The combination of distributed ledger technology and zero-knowledge storage allows for the creation for an encrypted vault that resides in the digital realm, accessible only to the owner with the requisite credentials (biometric authentication adds an extra level of physical security). In this vault, sensitive information such as identity documentation, card details and other PII can be stored. When the time comes for a payment to be made or identity to be verified, the individual confirms the action, which is relayed and attested to by peers on said network. As such, the information can be ‘shared’ without being leaked or compromised.
If widely adopted, a blockchain-based platform of this nature would benefit both businesses and consumers – given the tightening of laws surrounding the custody customer data, it’s in a company’s best interest to keep it secure. In this case, there’s no such obligation as they don’t hold the information, and therefore don’t need to allocate capital and manpower to securing databases which, as repeated incidents have shown, are simply riddled with critical systemic errors.
For consumers, the advantages are obvious – payment/verification processes are greatly streamlined (no more potentially insecure web forms to fill out at checkout), and their counterparty risk is vastly reduced as data custodians are removed from the equation altogether.
Open banking is ushering in a new iteration of finance, and has opened the door to hundreds of use cases that aim to create innovative tools for banking customers. It’s important, in constructing the next generation of financial technologies, that we move to leave behind problems that can be easily resolved with distributed ledger technology, so as to make users truly self-sovereign.