Skip to content

    Make the Most of Open Banking with Tokenization

    Open Banking

    In an increasingly connected world, banking and related financial services seem to still be running far behind. While electronic wallets like Venmo, PayPal, and Zelle can move funds between consumers at lightspeed, wire transfers and inter-bank transactions can seem to take forever

    For consumers to get a full view of their financial position can require a flurry of logins and exports, as their accounts remain stubbornly siloed. 

    This is where open banking comes in: approved third-parties can be granted access to all of a consumer’s banking accounts, so they can aggregate the data and provide valuable visibility and analysis. Combined with the power and security of tokenization, open banking may very well be the next evolution of banking.

    What is open banking? 

    Open banking is a model that allows approved third-party financial services providers to access consumers’ financial information and aggregate it for more efficient use. Traditionally, banking relationships have always been walled off from one another - one provider for a mortgage, another for a checking account, yet another for savings, and so forth. For years, users have struggled to export their information to spreadsheets or money management software to try and get a handle on their broader financial picture.

    With open banking, consumers can grant permission to approved providers to access all their financial services in order to create a useful and usable central hub for all their money-related activities. These service providers connect with the various financial institutions via application programming interfaces (APIs), and deliver not just a centralized view of the consumer’s financial situation, but can offer important and valuable new services.

    The APIs used by open banking providers are split into three categories:

    • Data APIs: Used largely for read-only access, allowing the service provider to present the consumer with a comprehensive view of their financial situation.
    • Transaction APIs: Used to actually transact business, from paying bills to managing subscription accounts.
    • Product APIs: Used to identify products and services in the financial space, either to present consumers with descriptions of what they already have, or comparisons with other products available to them.

    Return to Top

    What services does open banking enable? 

    There is a vast range of services that open banking providers can offer, including:

    • Account Visualization and Planning. By aggregating all the data from all a consumer’s accounts, providers can not only visualize them conveniently, they can use analysis—including using AI—to propose changes and improvements.
    • Payment Services: When the consumer and a retailer use a common open banking provider, purchases can be initiated directly through the bank, potentially avoiding the need for a traditional payment gateway or payment services provider (PSP).
    • Personalized Marketing: The open banking provider can, based on its analyses of the consumer’s financial situation, recommend useful products and services.

    For businesses, there are other, equally valuable options available including:

    • Automated Invoice Management: Systems can automatically match inbound payments to outstanding invoices, without the need for Accounts Receivable work to be completed manually
    • Automated Budgeting: Companies can help employees who manage budgets to get visibility over all their spend—whether post-paid, or paid with traditional or virtual credit cards to ensure they stay on budget. 
    • Instant Loans and Credit Scoring: Businesses can make instant decisions on the credit-worthiness of their customers, opening up the possibilities for Buy Now Pay Later (BNPL) options.
    • Improved Payment Success: By interacting directly with consumers’ bank accounts, rather than via intermediary systems like credit card networks, businesses can improve their ability to successfully collect on moneys owed.

    Return to Top

    Combining Tokenization with Open Banking 

    Tokenization is the process of exchanging sensitive information for randomly-generated strings, which are used to apply the stored data to future processes. For many merchants, tokenization means collecting and storing payment information through a third-party payment vault so that they have access to request payment from consumer accounts without ever actually storing the personally identifiable information (PII) on their own servers. 

    By avoiding ever actually storing the customer’s information locally, they increase their security, while simultaneously reducing the cost and resource drain of maintaining PCI-DSS compatible systems.

    Tokenization can, of course, be used to securely store any kind of information, not just PII and credit cardholder details. It also can be used to ensure, for instance, that only properly authorized individuals can actually access stored information. In the context of open banking, it could be used to ensure, for example, that while the consumer can view the aggregated details of their accounts, customer support representatives cannot—they can only confirm that the data is present.

    For companies seeking to offer open banking services, or even to use a third party’s services, tokenization can represent a vital tool in maintaining security, while reducing the risks of having highly sensitive information at their disposal.

    There are a few core risks with open banking, most particularly:

    • Data Breaches: Holding PII for multiple consumer services means that a breach at an open banking provider can lead to more devastating impacts on customers.
    • Privacy: Open banking provider employees could potentially have access to a broad range of consumers’ financial details, creating a real privacy challenge.
    • Regulatory Compliance: Strict regulations already cover financial institutions and related providers, so adding the collections, storage, and maintenance of multiple third party services is likely to create increase the cost of compliance.

    By using tokenization, delivered through a programmable token vault like Basis Theory, can address these risks head-on:

    • Data is never stored locally within the provider’s system, and the tokens that are present cannot be converted back to their original form. This removes the risk of data breaches
    • Data that is retrieved from the token vault can be guarded from overly broad dissemination: support operators, for instance, may be limited to seeing only partial fragments of account information—enough to answer customer questions, but not enough to risk exposure.
    • Data stored externally to the core financial systems can be monitored for compliance with substantially lower resource and financial demands.

    Consumers have fallen in love with open banking, and there is no question that the convenience of a centralized financial management system is an attractive proposition. 

    To date, open banking has avoided splashy data breaches, despite the expanded attack surface that is implicit with the provision of APIs. But, looking at the history of digital banking, it seems inevitable that someone will be the first. 

    Distributing the risk of data collection, storage, and usage by leveraging tokenization and token vaults is the natural evolution of the sector: reducing data vulnerabilities, privacy issues, and compliance pressures may well be the core focus of the leading open banking providers as they battle for market leadership.

    Return to Top

    Stay Connected

    Receive the latest updates straight to your inbox