A Valiant Attempt

In many respects, trying to use Open Banking to address the banking verification gap was a valiant attempt.

At first glance, the idea had merit. After all, Open Banking allows a consumer’s bank data to be shared with accredited third parties. If a payer can verify a supplier’s bank account information against data obtained directly from the supplier’s bank, then with the simple click of a mouse, the entire banking verification gap problem is solved!

However, as is often the case in life, when something seems to good to be true – it usually is.

After all, Open Banking was never designed as a solution to the banking verification gap. The purpose of Open Banking is to facilitate greater competition in the banking sector, which is dominated by four big players and high levels of customer inertia.

At Open Banking’s core is the premise that the consumer, rather than a business, has ownership rights over the data that’s generated by that consumer’s behaviour. Complaining that Open Banking is ‘opt in’ fundamentally misunderstands the principle that the consumer, not their bank, owns the consumer’s banking data. Were the banks enrolling consumers into Open Banking by default, requiring them to ‘opt out’, it would be contrary to the entire consumer data rights principle.

Trying to use Open Banking for a purpose it was never designed to fulfil is a classic case of trying to fit a square peg into a round hole.

Five Hurdles to Open Banking

When it comes to attempts to use the Open Banking platform as a solution to the banking verification gap problem, there are five significant hurdles that must be considered.

1) Dependence on Supplier Participation

Open Banking is a relatively new concept in Australia, and many suppliers remain unaware of its existence or how it works.

Using Open Banking to verify a supplier’s bank account information requires the supplier to instruct their bank to send their bank account data to an unknown third party. That third party will store the supplier’s bank account data so individual payers can verify that they are sending payments to the correct bank account.

This requires suppliers to have a high degree of trust in the third party that will be receiving their bank account data.

For many suppliers, who may not understand how Open Banking works, there is likely to be a great deal of reluctance to send their data to unknown third parties.

Furthermore, banks participating in Open Banking usually require their customers, in this case the supplier, to jump through multiple hoops before they will transfer the data to third parties. Commonwealth Bank, Westpac, NAB and ANZ each has safeguards in place to verify that data sharing requests are legitimate.

Typically, the hoops a supplier needs to jump through before they can share data are as follows:

  • As a business, the supplier will initially need to set up a nominated data sharing delegate with their bank.
  • The supplier will then need to give consent for the accredited third party to access their data.
  • The supplier will then need to pass an identity check to verify their identity with their bank using a one-time password.
  • The third party will then link with the supplier’s bank and confirm what data they wish to share.
  • The data will then be shared between the supplier’s bank and the third party.

With all these hoops, it’s no wonder many suppliers are reluctant to share their bank account information with third parties.

2) API Security Concerns

Suppliers may have security concerns around sending their sensitive banking data via APIs.

Media reports often point to hackers targeting APIs as a way to compromise valuable data. Whilst the information security standards developed around Open Banking seek to mitigate any potential risks associated with APIs, their usage may be a concern for some suppliers.

Additionally, APIs can sometimes be unreliable. Disruptions to data flows due to unreliable API calls may see Open Banking as a less-than-ideal approach to verifying bank account data.

3) Time Limitations

Under Open Banking, when a third party organisation receives data from a bank, that data must be deleted within a time frame stipulated by the consumer who authorised the sending of their data. The maximum time limit before the data must be deleted is 12 months.

This is another hurdle when it comes to using Open Banking as a way to address the banking verification gap.

After all, suppliers often have multi-year relationships with their customers. If a supplier’s data needs to be deleted within 12 months, that supplier may need to periodically re-request the sending of their data to the third party verifier.

It will be hard enough convincing a supplier to send their data once. Convincing them to keep on doing it will be a major headache.

4) Changing or Updating Account Details

From time to time suppliers need to change their bank account information.

Whether due to a corporate restructure, or simply preferring to change banks, the supplier will need to visit their bank and make a fresh request to share their updated bank account information via Open Banking.

Many suppliers may forget to do this, resulting in invoices being verified against outdated information. This may result in payments being sent to incorrect bank accounts.

5) No Continuous Verifications

Verifying supplier bank account information is not a one-time task. The information must be continuously verified, preferably every time a payment is being sent to the supplier.

It’s all very well to verify a supplier’s bank account details when they are being added as a new supplier to an organisation’s ERP system. However, days, weeks or months may pass before a payment is sent to the supplier.

During this protracted period of time, malicious actors may manipulate the supplier banking data in ERP systems, Vendor Master Files or ABA files.

That’s why it’s critical to verify supplier’s bank account data in real-time, immediately prior to processing a payment.

The Eftsure Approach

Given the five hurdles associated with using Open Banking to address the banking verification gap, Eftsure’s tried and tested approach remains the gold standard.

Over many years, Eftsure has developed an approach known as Multi-Factor Verification.

Since 2016, we have been aggregating banking and corporate data into a proprietary database that comprises over 85% of active Australian corporate entities.

We don’t simply rely on one source of data. Rather, we aggregate data from multiple independent sources. These include both official sources, such as regulators, as well as from the payers and suppliers themselves.

This gives us the unique ability to cross-match data from totally separate sources.

When data from multiple sources all conform, it gives the sender a high degree of assurance that their supplier is legitimate and that they are sending funds to the intended recipient.

Eftsure currently verifies over $8.5 billion of supplier payments monthly!

Best of all, our unique approach enables us to continuously verify supplier banking data. The Eftsure platform sits on top of existing Accounts Payable processes, enabling real-time verifications, immediately prior to a payment being sent.

Organisations no longer need to worry that supplier banking data may have been manipulated between onboarding and the time when the payment is processed.

To learn more about Eftsure and how we can help your organisation stay protected despite the banking verification gap, contact us today for a free demo.

Eli Oshorov
Eli wallows neck-deep in the world of scams, digital fraud and cyber-crime, so you don't have to! By bringing you news of all the latest attack vectors, you can always stay one step ahead of malicious actors.

Subscribe to our blog

Subscribe to the eftsure blog to receive updates when we post.