Cryptocurrencies are proving that technology makes it difficult for policymakers to find the balance between encouraging valuable financial innovations and regulating dangerous economic hype. Data-sharing applications that facilitate open banking are the latest examples of technological innovations that boast of valuable new competitive opportunities for financial institutions and their customers. But by now, policymakers should realize that cyberspace is a buyer-beware zone.
Sharing data so that consumers can complete financial transactions more efficiently sounds terrific. Third-party providers who will get their hands on this valuable information will certainly think so. But financial institutions should be cautious about sharing the massive amounts of highly confidential data they maintain about customers who often misunderstand the relative risk/reward ratio of sharing it.
Open banking typically relies on innovative application programming interfaces (APIs) that allow consumers to share their bank and credit card transaction data with everyone from financial to health care providers to increase functionality and efficiency. While platforms that share data with such applications and services may save consumers time and money, the moment data is shared across companies or industries, the risk of execution failure and the potential for fraudulent third-party provider access increases, not to mention the creation of serious economic infrastructure and national security risks. The more providers that touch or are unaccountable for a user’s data, the greater the number of vulnerabilities there are.
We wholeheartedly agree with a recent BankThink article that there is an increasing need for regulatory protection of financial data. But it is not clear that any combination of federal agencies can play the role of an effective gatekeeper at this point, given the notoriously insecure nature of the internet. Only the broadest and deepest technological experience and expertise both inside and outside governments will move us toward a more secure environment based on sound regulatory principles.
Giving consumers what they have been convinced that they need to make their financial lives smarter and more efficient without a complete understanding of the implications is increasingly being seen as shortsighted and highly dangerous.
As open banking platforms are increasingly implemented in Europe and Asia, there is growing economic and competitive pressure on financial institutions in the U.S. to share their platforms and join this data orgy. But these advancements signal massive changes in the traditional financial infrastructure that require planning, anticipation and remedial solutions when things go sideways.
The economies and conveniences gained from open banking could be significant. A January 2022 draft report from the Department of Commerce’s National Institute of Standards and Technology by a group of academics and technologists (none of whom appeared to be financial services or payments systems experts) summarized the benefits that open banking should create. But it largely glossed over the security challenges that are created.
The report said that “having an open platform should stimulate the means of securing financial systems, such as by enabling better methods for detecting and preventing fraud.” Unspecific "shoulds” are generally worth very little in the real world as evidenced by a March 3 comment letter from several financial trade associations that concluded that, contrary to both the title and purported purpose of the report, it did not sufficiently address the complexities and risks that an open banking regime may introduce, and did not offer a single privacy, national security or cybersecurity recommendation.
So why should sensitive data be shared with more potentially untrusted third parties on networks that we cannot guarantee are or will remain secure? Frankly, the euphoria over new technologies and the presumed time and cost savings every new product seems to boast of seem to blur the risks that they create for financial and national security. This is not a new problem, but the scale and size of it is.
Consumer data has always been collected and analyzed to predict the buying patterns of consumers and maximize sales. When spotters sat in shopping mall parking lots and counted people, license plates, packages and brands, it seemed like harmless marketing homework. Today, spotters have been replaced by facial recognition devices and drones that can merge their data with GPS, online, cellphone and social media data, demonstrating how things have evolved to create sophisticated forms of behavioral analysis and control.
Our full-blown data surveillance society is now being driven by private companies, governments and others who understand the political and economic incentives to do so. Those who gather the power of data to themselves, including governments, understand the control that comes with it — something that can be used for purposes far beyond the sale of products. So here we are in a world that most of us never voted for or wanted to create. Nevertheless, it is upon us.
These are extraordinarily complex issues largely because new technologies and malicious users of it, including domestic and international criminals and foreign governments, continue to increase, reducing the margins for error and raising the stakes markedly. Until networks are more secure, there are significant risks in continuing to load more data and value onto them. The solutions require a new breed of global public-private collaboration that is so far removed from what we have ever seen that it will take years to develop and accept. Relying solely on governments to come up with these solutions is not realistic.
This is the dark underbelly to the data collection and surveillance society that has been built while our heads were turned. While technologies like open banking can create unprecedented financial enhancements, they may just as easily be used to create societal and economic tyranny. Congress and regulators stand between those two extremes as arbiters of our financial futures. The clock is ticking.
(This article is adapted from Mr. Vartanian’s forthcoming book, "The Unhackable Internet: How Rebuilding Cyberspace Can Create Real Security and Prevent Financial Collapse.")