Article Title Goes Here 14 BANKING PERSPECTIVES QUARTER 4 2018 Lead r collected, deployed, shared, and secured. Recent high-profile data breaches at Equifax and Facebook have only intensified these concerns and have helped spur regulatory action here and abroad. In May, the European Union enacted its sweeping General Data Protection Regulation (GDPR), which stipulates that consumers in the EU’s 28 countries must explicitly consent to having their data collected and processed; and in June, California enacted its Consumer Privacy Act of 2018, which gives consumers the right to know what information companies like Facebook and Google are collecting, why they are collecting it, and with whom they are sharing it. Even as consumers are worried about the possible misuse of their financial data, they lack adequate knowledge about how this data is collected and shared. In the first quarter of 2018, TCH surveyed more than 2,000 U.S. banking consumers and found that one-third use at least one FinTech app, nearly 90% are concerned about data privacy and data sharing, and a majority (56%) want to be able to control access to their information. 4 Most of these consumers think that they understand and can control how third parties access, collect, use, and share their data, but they lack awareness of FinTechs’ actual data aggregation practices. For example, when told that FinTechs’ terms and conditions agreements often gain consumers’ consent to use their data for purposes other than operating the app, almost half (47%) of consumers surveyed said that they would be less likely to use those apps. In what is largely good news for banks, these consumers see their banks as the most trusted provider of data security and expect banks to protect their personal information. This trust, however, can be a double-edged sword; if a consumer suffers a breach of privacy, the bank often gets the blame, whether or not it bears responsibility. It is in banks’ own best interest, then, to continue to do all they can to protect their customers’ data. TECHNOLOGICAL SOLUTIONS Fortunately, a number of technological solutions are gaining ground in protecting consumer data. One such solution, tokenization, involves the use of special, limited-purpose codes, known as tokens, in lieu of actual account numbers in mobile and online payments. In short, tokenization replaces sensitive data with nonsensitive data during transaction processing. Tokenization prevents malware from capturing customer account numbers, because account information is never present on the systems or devices where malware is present. Even if a system at a retailer or third-party processor is compromised, the digital token is useless to criminals because the customer’s account number remains securely stored in firewall- protected bank data vaults. TCH has been a pioneer in tokenization. Further, TCH recently partnered with card networks such as Mastercard and Visa to provision and manage Mastercard and Visa- branded tokens on behalf of banks for use in mobile wallets. TCH’s tokenization technology is production ready and will be market ready and offered through several banks by the end of this year or early 2019. Tokenization technology, more broadly, has the potential to replace actual account numbers (credit cards, bank accounts), regardless of the payment instrument used and is an effective way to protect customer account data and help prevent fraud without affecting the customer experience. APIS AND OPEN BANKING Another, farther-reaching solution for payments security is the use of APIs, which allow banks to share information with data aggregators and other third parties in a much safer way than the “screen-scraping” that is typically used to gather financial data today. With APIs, consumers do not have to share their login credentials for their bank accounts. Hence, banks, regulators, prominent digital players, and FinTechs are coming together to advocate for the use of APIs as a safer, more efficient way for banks and FinTechs to share account data and facilitate innovation. API-based account aggregation solutions reduce not only risk but operating costs, too. The use of APIs enables “open banking,” in which financial institutions provide APIs to third-party developers, who then build applications and services on those APIs. 5 Open banking has been mandated in the EU and U.K. through government edicts. Here in the U.S., leading-edge banks are adopting it as a secure, fast way to innovate. Open banking’s potential benefits are not insignificant: better customer experience, more-efficient data sharing, reduced operating expenses for banks, and potential new revenue streams. Businesses will want the competitive edge that the RTP network provides them, and they will want more choices among payment types.