Cybersecurity Expert Reaction On UK’s Financial Regulator Scraps 90-day Authentication Rule

BACKGROUND:

It was reported today that the UK’s financial markets regulator changed the 90-day rule, which required users to re-authenticate their permission for sharing financial data every three months. 

This meant that users had to re-authenticate every 90 days on every app and provider they shared their financial data with. 

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Andy Renshaw
Andy Renshaw , VP of Payments Strategy & Solutions
InfoSec Expert
December 1, 2021 11:24 am

<p>Changing the 90-day rule so that a user can authenticate once for all their banks will help remove friction and drive adoption, which is great for ongoing innovation in the industry and overall usage of open banking. </p>
<p>The change can also be implemented without a material change to the risk profile of Open Banking based activity, which is a further bonus as this will enable it to happen at speed. Ideally, those leveraging Open Banking (and Banks) will still offer their users the ability to easily switch permissions on/off through their apps and not solely rely on the 90-day authentication process. Offering this level of flexibility is key to giving users confidence in sharing their data, safe in the knowledge that they are in control of where it goes, how it is used and can easily change that position if they wish to do so.</p>

Last edited 1 year ago by Andy Renshaw
1
0
Would love your thoughts, please comment.x
()
x