How the Marriage of Open Banking and Payments Will Change Everything
By Steve Cocheo, Senior Executive Editor at The Financial Brand
Simple Subscribe
Subscribe Now!
Executive Summary
- While the revamp of federal open banking regulations brews at the Consumer Financial Protection Bureau, new combinations of data and payments connectivity continue to multiply among banks and fintechs.
- The challenges of making pay-by-bank work without risk of fraud and losses straddle open banking evolution and payment rails being used in new ways.
- Tokenization is more popular for securing bank account data. But will standalone efforts give way to standardization or at least interoperability?
The debate over access to data between banks and third-parties under open banking is complex. It grows even more complicated — and exciting — when open banking intersects with payments.
In that arena, third parties are not only looking for access to essential customer data, such as account history and current balances, but also access to payment credentials, in order to securely connect data flows with payment rails.
A good example is Trustly, which provides pay-by-bank services in multiple countries, including the U.S.
Ross McFerrin, vice president of enterprise growth, explained during an industry conference that Trustly relies completely on open banking data to provide its service. “Everything we do rides on ACH (automated clearinghouse) rails, so we need to be highly predictive in what can happen with a potential payment that we’re authorizing,” said McFerrin. The consumer’s account data can give Trustly clues about whether the sender is good for the money when the ACH transaction processes and if there’s any account history suggesting fraud.
Initially, Trustly served the online sports betting industry, but it has since expanded into ecommerce and financial services.
Because ACH transactions are batch processed, Trustly doesn’t have a real-time hold on funds like card issuers have, McFerrin said. However, merchants like the service because the benefits of pay-by-bank include no interchange fees, in contrast to credit and debit cards.
“That allows the merchant to invest more in their customer, whether that means increased rewards or loyalty points or driving more personalized offers down to the user level,” said McFerrin. “There’s a lot that open banking unlocks when it comes to payments, both from an actual payment processing standpoint, as well as utilizing that data and those insights to guide a more robust experience.”
Open Banking and Payments: A Multi-Faceted Challenge
Pay-by-bank transactions, like utility bill payments, have been around for years. But more recently, it has been expanding into other areas. During the annual conference of The Clearing House, Melissa Feldsher, head of consumer payments at JPMorgan Chase, pointed out that pay-by-bank, in newer applications, is not a huge factor yet. However, while third parties like Trustly can access the data, and orchestrate payments for merchants, some essential pieces are missing compared to other payment mechanisms, such as credit cards.
“The ACH rails and operating rules were not designed to support these types of use cases,” said Feldsher.
A key issue is a disputes management process, basic in the card business, Feldsher said. If someone orders a red sweater online, for example, but a blue one shows up, the customer wants the opportunity for redress, and potentially a refund through the same mechanism they used to make their payment — in this case, pay-by-bank.
“That just doesn’t exist in the world of ACH,” she said. Banks receive the angry customers calls when purchases don’t go right, but the banks can’t do anything about it, Feldsher added.
“Consumers expect card-like protections on things like pay-by-bank and real-time payments and we don’t have liability models that have kept up at scale,” said Christy Sunquist, head of open finance at Plaid. However, she added that “it’s not a totally lawless land.”
Some financial institutions have agreements addressing disputes and related issues with other parties to the transactions. Sunquist said multiple industry bodies are working on this issue. Whether it will be addressed in the Consumer Financial Protection Bureau’s revamp of the open banking regulation under the Dodd-Frank Act’s Section 1033 remains to be seen. The Faster Payments Council has a new working group addressing the disputes issue for faster payments rails in the U.S.
In the meantime, McFerrin said, Trustly has implemented an interim arrangement. He said the company has a direct dispute path set up with its merchants to address consumers’ issues. In this way, “we are the intermediary between the consumer, the bank and the end merchant, so there’s a better overall experience,” said McFerrin. In the longer term, he said he hopes pay-by-bank can shift to real-time-payments rails, processed under such protocols as request for payments.
Read more about open banking:
When Third Parties Hold Customers’ Bank Payment Credentials
A critical data-sharing issue is the growing number of merchants and other places where consumers’ payment credentials are being stored. This includes bank account data, used in pay-by-bank applications. Feldsher pointed out that consumers’ account information might be sitting at a hundred or more websites, even from long-ago purchases, vulnerable to data breaches. This exposes both banks and customers.
“We don’t want the industry to end up with payment credentials out floating around in the ecosystem, with the consumer not knowing who they’re sitting with,” said Paul LaRusso, CEO at data aggregator Akoya.
There’s a need to be able to revoke access to payments credentials, and that hinges on knowing where data resides. Sunquist pointed out that her company’s my.plaid.com portal enables consumers to remove data from the companies’ records. But this only applies to firms that are data customers of Plaid.
“You don’t have a ton of banks who have the budgets to create their own proprietary security portals,” said Plaid’s Sunquist, “so you have to be able to rely on third parties to do that for consumers.”
Read more: Three Must-Dos: Faster Payments, Stablecoins and Agentic Commerce
Looking to Tokenization as the Answer to Open Banking Payment Security
LaRusso thinks that tokenization of bank account data is a good long-term solution to the dispersal of payment information. Using tokenization, merchants would never possess the actual account information, only a tokenized proxy.
“We’re starting to see examples where you can support all these great use cases and innovations, but with protections for consumers,” said LaRusso. Among the banks providing this protection are U.S. Bank, PNC and JPMorgan Chase, he said.
Feldsher explained that Chase requires consumers who want to provide account payments information to merchants and others to do it through the Chase banking app. The app shows the bank’s customer what information is going to be shared and then a token is created with the customer’s consent. The token is what the merchant gets. The merchant never receives the customer’s account password.
Going through the bank’s app creates a central source where the consumer’s account information is stored in tokenized form. That centralization enables customers to review where those tokens are outside of the bank’s systems, and to revoke access for those merchants where they no longer want to use them.
“We think it’s really important for the customer to be able to authenticate through the bank,” said Feldsher. She added that the bank provides a similar process for credit card and debit card users.
Customers should be able to use their credentials however they wish, but they need to have transparency and clarity, Feldsher said, “so they know what they’ve signed up for.”
Unfortunately, LaRusso said that only a relative handful of institutions are offering such protection. “Traceability and purging of data in the system is a big win for consumers, but we’re far from having widespread options yet,” said LaRusso.
McFerrin said that Trustly is providing its own tokenization scheme, which includes splitting its tokens into two pieces, which must be reunited for a pay-by-bank transaction through Trustly to go through.
Where Data Sharing and Payments Are Headed
The conference panel agreed that, in spite of current uncertainty regarding the CFPB’s next move, that institutions are looking further down the road at what open banking could do for consumers.
Sunquist said the banking and fintech industries are leaving the era of simple connectivity involving primary accounts and moving towards the ability to provide insights from open banking data.
Feldsher said that Chase currently offers low-balance alerts, for the bank’s customers on their Chase accounts.
“There’s no reason we can’t do that regardless of where your account is ,” said Feldsher. “We could provide even more services.”
Also this, from Feldsher: “We tend to talk about banks solely as data providers, but there’s huge opportunity for us to offer products not just to our existing customers, but to expand to other customer bases.”
Read this next: Open Finance Is Exploding Globally. Why is the U.S. Lagging?
