How Safe And Secure Is Open Banking?

Whilst the concept of open banking may be intimidating, it is as safe to use as standard online banking procedures.

Open banking is the new global standard for interrogating financial data held by institutions. Whilst the name refers explicitly to banks, a range of financial institutions use the functionality, including PayPal and credit card brokers. In fact, 1,500 institutions offer the functionality as standard.

As the function involves sensitive financial data, stringent security and regulation protocols are in place.

Read on to learn more about how open banking security, as well as extra steps you can take to keep your data safe.

BDI is also running a free webinar on August 25th, demonstrating how open banking works in practice with Sysynkt. Sysynkt is an affordable and true cloud FMS solution, available on an SaaS basis with unlimited user licences. Introduce open banking functionality to your SunSystems through Sysynkt, and optimise your business’ finances via one simple solution. Tickets available now via Eventbrite.

Table of Contents

Join the BDI mailing list

Keep up to date with the latest events, webinars, and product launches from BDI.

Sign Up

How does open banking work?

Open banking uses Application Programming Interfaces (APIs) to transfer data quickly and securely. The banks themselves built these API endpoints, meaning all the information and processes are above board. Extensive testing by both the banks and various authorised third parties also ensures their safety.

A benefit to open banking using APIs is that your information is kept very safe. All the connections happen in the background, so bank login details are not shared with anyone; your open banking provider does not hold this information.

Users control the information shared with third parties. This includes the specific data types that are shared, who it is shared with, and how long they can access it. None of this data transfer can happen without explicit consent from the user.

As a further level of security, the FCA regulates which third party providers can access open banking API endpoints. This limits the number of fraudulent activities.

The role of the FCA

The Financial Conduct Authority, or FCA, is the regulatory body charged with overseeing open banking.

The FCA must authorise all third-party tools and software before they use open banking APIs. This includes a stringent independent review stage, ensuring all processes, systems, and security checks comply with FCA standards.

If you are unsure if the FCA has approved your potential provider, check via the official FCA directory. Alternatively, approved providers also appear on the open banking register.

Security risks of open banking

Open banking improves access to financial data but, in the same way as all software tools, it is not 100% risk-free. The threat landscape has developed recently as a result of PSD2, with API attacks predicted to be high risk in 2022.

This is not to say that teams and users should not use open banking technology, but rather that they should be aware of all potential scenarios before making a decision. For example, whilst 48% of Soldo customers cited security concerns as a drawback of open banking, 40% responded that they believed the overarching benefits made open banking an overall positive force.

Alongside the risk of unregulated providers and apps, other risks associated with open banking include:

  • Transfer of trust

    Customers are expected to transfer their trust from established providers to a third party. The spread of data across open banking API may leave it more vulnerable to fraud as a result, as banks face potential struggles to spot issues as they occur.

  • FinTech vulnerability

    Criminals may mimic FinTech companies in the future as a new style of phishing attack. This could lead to the possession of customer data by bypassing the FCA measures.

  • Transaction data holds high value

    Attackers, posing as third-party providers, who obtain transaction data can study schedules, behaviour, financial status, and spending routines. This potentially leads to more sophisticated fraud, which is harder to trace.

  • Inadequate security protocols

    SSL authentication, XML, and endpoint security are all potential weak points within the data journey. Providers must adequately secure data at every step from storage to use.

Whilst these risks can be intimidating, it is worth bearing in mind that they are unlikely to occur. Proper research into a provider, including ensuring they are registered with the FCA, reduces the likelihood of fraud and allows users to take full advantage of the benefits of open banking.

Tips for keeping safe when open banking

In order to be safe when using open banking technology, there are several steps customers can take.

For example, completing thorough research into potential providers allows customers to not only learn more about the provider they plan to work with, but also allows them to better understand the deals and options available.

Always check the FCA has authorised a third-party provider. This provides peace of mind that they are operating to a high financial security standard.

Once you get to the point of using a third-party provider or are watching a demo, pay attention to whether you are redirected to your bank’s website. This ensures that the third-party provider is not accessing your personal login. At this stage, you should also confirm that the redirected page is legitimate, and not a fraudulent page created to steal your details.


To summarise, the implementation of new technologies is often accompanied by risks as well as opportunities. As long as customers research the provider to ensure they meet the industry standards, the benefits of open banking should outweigh the risks.

These benefits include putting customers in control of money management.

Open banking is not currently included within SunSystems as standard, but it can be introduced through Sysynkt. Sysynkt is an innovative new cloud-based software that brings SunSystems into the 2020s – without expensive upgrade costs. Fully FCA approved, Sysynkt offers benefits such as open banking and online reconciliation from one simple tool.

BDI is proud to be Sysynkt’s first UK channel partner, as we truly believe that the tool will supercharge SunSystems.

free sysynkt ebook in use

Download your free eBook: Sysynkt - A Brief Introduction

Find out more about Sysynkt’s features and learn how you can revolutionise your BI strategy today.

Ready to start?

Our team of data intelligence experts are ready and waiting to work with your organisation