By Nathanael Coffing, CSO and cofounder, Cloudentity
Today, Zero Trust and Open Banking are being rapidly adopted across the globe due to mandated data privacy standards, such as General Data Protection Regulation (GDPR) and the Financial Data Exchange (FDX). Digital transformation has also played a key role in the rise of Open Banking and Zero Trust since both enhance the end user experience. However, there are still a few critical questions that should be asked when implementing these two technologies:
- How do enterprises get a Zero Trust model and Open Banking applications work to in tandem?
- How do developer teams deploy Zero Trust for Open Banking quickly and seamlessly to increase security, enhance customer experience and build dynamic data-sharing between consumers and partners?
To answer these questions, you must first understand how each of these concepts work, so let’s start with defining Open Banking and Zero Trust individually. Open Banking has propelled banking into the modern era; putting the power of financial services back into the hands of the consumers. With Open Banking, developers can use common API models for saving, borrowing, lending and investing money in a secure, privacy-centric secure manner. Meanwhile, Zero Trust is the ability to authenticate and authorize any user, API, workload or service, whether it’s inside and outside of the business perimeter.
So, how can these technologies work together to provide banks the highest level of security and prepare financial services for the next phase of digital transformation? It is important to first understand the elements involved in each Open Banking transaction.
Breakdown of an Open Banking Transaction with Zero Trust RequirementsStep One: The user connects and uses their device.
Step Two: The APIs from the user’s mobile device connect to the bank’s APIs.
Step Three: Connection between a bank’s internal services or another financial institution’s internal services.
Open Banking Kubernetes (K8) Services
Step Four: Consent for the data and the response back to the user’s device.
Step 1: Zero Trust for Connecting Customers to Banking Apps on Mobile Devices
Open Banking requires strong customer authentication and strong client authentication. Fast IDentity Online (FIDO) is the new, customer-approved method of authentication created from Open Data industry standards from the FIDO Alliance and the World Wide Web Consortium (W3C). Customers gravitate towards the on-device user authentication available through biometrics on smart phones, in combination with strong cryptographic authentication. FIDO is a compelling biometrics proposition for financial firms that perform without dependency on the user remembering a password, which reduces friction and increases customer satisfaction.
FIDO utilizes a Public Key Infrastructure (PKI) subsystem unlocked by biometrics. It leverages the proliferation of smart devices and provides a common device certification method for stronger authentication options, without overly constraining users. If a customer can use their fingerprint, face or a PIN code to unlock their device, financial services firms can leverage this for stronger user authentication for banking apps. This is possible by combining strong user authentication based on contextual data with strong cryptographic protocols made available through on-device platform APIs. This supports multiple coding languages (JavaScript, TypeScript, Java, .Net, etc.) for web applications and combines them with Open Banking standards such as Client Initiated Backchannel Authentication (CIBA) and Rich Authorization Requests (RAR). Together, these standards enable customers to securely access their accounts online while complying with Open Banking requirements for strong customer security, authentication and consent management.
Open Banking is also improving how consumers manage their data before it is shared with third parties. Customer trust is essential for continued Open Banking momentum and to ensure this technology endures in the long run. To build and maintain customer trust and market confidence, a modern Zero Trust approach to authentication is needed. These superior security measures will enhance the Open Banking industry’s overall security and increase usability to benefit all. With FIDO, financial services firms have a clear path to compliance with Open Banking’s tough customer authentication requirements.
For more information on Zero Trust, FIDO and CIBA for Cloudentity customers, please visit:
Join us in two weeks for Part II where we detail the interaction of service identity and dynamic data-sharing between financial institutions and their partners.