
With great open banking innovation comes great responsibility for consumer data
The fintech developers who made mobile banking as routine as texting or online shopping aren't done. The next frontier for innovation is open banking – fintech builders are enabling consumers to be at the center of where and how their data is used to provide the services they want and need.
Most people don't even realize they're using open banking services today. If they connected their investment and banking accounts in a personal financial management solution or app, they're using open banking. Perhaps they've seen ads about how they can improve their credit score by uploading pay stubs or utility records to that same app – this is also powered by open banking.
While everyday consumers may not realize they're using open banking services, they do need to realize that they're sharing their information in exchange for being able to access more innovative services. The key to driving this innovation is supporting consumer control through responsible use of their data.
Innovation is only impactful when it's also protective
Open banking offers developers at fintech companies large and small the opportunity to build data-centric solutions that help solve real-world problems. Consumers can now use their data for their own benefit, and there's enormous potential in this space. That's why we've made important investments at Mastercard, including the acquisition of Finicity, a leading U.S. open banking aggregator providing banking connectivity and open banking services. Fincity enables consumer solutions like Rocket Mortgage's loan application process and uses APIs to verify account details across thousands of connections. Mastercard recently announced the acquisition of Denmark-based Aiia which has a similar suite of developer services to connect to banks across Europe through a single API.
Strong connectivity is important; however we also know that handling people's data is an enormous responsibility. We have an obligation to keep our customers' data secure and we set out four simple principles for the use of data. Consumers own the data they produce every day — and have the right to understand and control how it is shared and used. Ultimately, consumer data should be used to make their lives easier.
We've only just begun to scratch the surface of open banking innovation, but it's beginning to gain traction around the globe. As consumer expectations, technology and the competitive landscape evolve, it will be critical to increase data sources and data quality as well as deepen data intelligence and analytics to better serve consumers and changing needs.
If you are building a fintech that is innovating with consumer data, it's critical to clearly outline a set of privacy standards and data management practices up front. Protect that data using an appropriate set of privacy-enhancing technologies to back your claims. Treat the data of your users as if it was your own.
Putting privacy and data responsibility first
As developers, we have an obligation to design solutions that respect an individual's right to privacy and maintain data responsibility up front. This also creates a competitive advantage: Responsible use of data built into the foundations of our products will help us attract investors, grow market share and scale responsibly from the outset. One tactic fintech innovators should consider is leveraging Privacy Enhancing Technologies, lovingly referred to as "PETs." We began our work with PETs in 2018 with Trūata, a company specializing in PETs for privacy risk assessment, de-identification and true anonymization of data.
At their core, PETs are technologies that leverage federated learning, cryptography, synthetic data and core data protection to minimize risk during data usage. Data masking is one example of a PET where, for example, sensitive information is removed or obfuscated from general access. Another common technique is differential privacy, where a controlled injection of noise is inserted into a data set in order to prevent unique identification about an individual.
One of the more groundbreaking PETs is homomorphic encryption. This technique was described in a white paper written by Craig Gentry as a Ph.D. thesis in 2009 but has only become commercially viable in the last couple of years. Mastercard invested in the series A round of Enveil, a company focused on homomorphic encryption, after working with it as part of the Start Path startup engagement program. We found its technology to be game changing and commercially ready.
In a nutshell, homomorphic encryption enables one party to perform search and analytics on encrypted data without decrypting it first. It's a technique that is particularly useful when you want to query a sensitive remote dataset without moving data. This is a common attack vector where breaches occur – through the movement of data from point A to point B via man-in-the-middle attacks or similar. Rather than move that sensitive data, homomorphic encryption allows you to formulate an encrypted query (for example, is "information X" in your database or not) and return an encrypted answer (for example: yes or no) without revealing the content of the query and the response.
While there are many good resources available through an internet search on the topic of PETs, the adoption guide produced by the UK's Centre for Data Ethics and Innovation is an ongoing, living reference worth reading.
There will continue to be innovations impacting PETs and data sharing, and the next frontier is validating identity – proving who you are, whether you are interacting in person, online or in-app. Digital identity is a foundational component of Mastercard's multi-layered approach to security with implications for open banking and beyond. With digital identity, we believe there should be no trade-off between convenience and security, with users in control of their identity data. Through our acquisition of identity verification leader Ekata – which helps our customers make more informed decisions through unique scores, data attributes and risk indicators – we are advancing our identity capabilities to create safe, seamless ways for consumers to prove that they are who they say they are.
In the new digital economy, it's imperative that companies in the business of data set out and follow clear privacy standards and data management practices — and live up to their commitment by continually investing in technology that keeps consumers' data secure.
As part of our investment in what's next, we're always expanding the Mastercard Developers portfolio of programs and tools to help fintech developers easily, quickly and, above all, responsibly turn bold ideas into realities. That's why we recently added a new Start Path program specifically focused on open banking and open finance. Interested fintech builders can apply here for the program, which includes everything from API and exclusive sandboxes to data responsibility expertise and connections to Mastercard's global customer network to co-innovate.