Consumer consent workflows help to build trustworthy fintech.

Best practices and what to measure

Can now connect new fintech apps and solutions to users’ bank accounts thanks to Europe’s availability of bank functionality and customer data via APIs. Banks must make payment APIs and customer account information APIs available under the European Second Payment Services Directive (PSD2) and UK Open Banking laws. The fundamental motivation for these regulations is that this open banking ecosystem allows providers to innovate and produce customized apps and products beyond standard bank services.

The European open banking ecosystem includes regulatory controls and security. Banks in the United Kingdom create APIs using agreed-upon standard templates. Banks use regulatory technical standard guidelines in Europe. Fintech companies that use bank APIs, for example, must be accredited by registering with the appropriate national financial body. If companies want to sell their goods all around Europe, they’ll need to apply for “passporting rights.” Fintech companies are encouraged or even mandated in some countries to employ regulatory sandboxes, which allow for the supervised testing of innovative goods and services. Banks must approve fintech application prototypes, check the accreditation, and ensure the app is secure and meets regulatory requirements.

Consent to applications and products linked to a bank account can be revoked or renewed at any time under the consumer consent right.

Using authentication to increase customer consent

Many banking and finance legislation prioritizes increasing client permission through authentication and authorization of personal data use. For example, the PSD2 defines requirements for Strong Customer Authentication that online banking companies must adhere to (SCA). Consumers will be protected from fraud during the verification process, and payments will be more secure. In the United Kingdom, the Financial Conduct Authority (FCA) has imposed a similar regulatory requirement, requiring SCA compliance in the following three scenarios:

1. When a transaction for electronic payment is started.
2. When a user logs into an online payment account.
3. Any action that could result in a payment fraud risk is carried out remotely.

By adding API access with mandatory consent endpoints in its PSD2 framework, the NextGenPSD2 XS2A, the Berlin Group, which comprises over 40 European banks, associations, and payment service providers, has included an SCA approach. The API endpoints, used as a template by over 1,000 institutions when creating APIs, establish user consent for account transactions. It also necessitates approval a second time during the transaction.

SCA legislation in Europe demand two of three factors, known as knowledge, possession, and inherence:

1. The customer is aware of something such as a password or PIN.
2. Something that the customer already owns, such as a cell phone.
3. Something that identifies the customer, such as a thumbprint or facial recognition.

Making payments necessitates this authentication. Additional features such as dynamic linking requirements establish templated criteria for what information should be shared with customers when authenticating and consenting to a price and ensuring that they can only use a payment link once. During the payment consent procedure, for example, the payment amount and the entity that will make the payment should be explicit.

Best practices to enable data sharing: Authentication and consent

Additional consent is required when attaching a product to a customer’s bank account, such as a budget app. Customers don’t want to have to confirm linking their bank account to their budget app every time they use it, from the customer experience standpoint. However, a customer’s bank account data is still accessible through an app that the user no longer uses, posing a risk to the customer, the bank, and the fintech company.

Fintech apps that may access a customer’s bank account data regularly to perform their services include:

• Apps for budgeting and financial management.
• Trading and wealth management are two of the most popular services.
• Fintech apps provide saving functions.
• Enterprise Resource Planning (ERP) software and bookkeeping for businesses.
• Carbon calculators and dashboards for Environmental Social Governance (ESG).

There are three best practices to follow to ensure clients fully agree to link their bank accounts to an application.

1. Set restriction levels that activate consent workflows and create tiered access: Group information that a consumer would need to access in the app and set restriction levels that trigger consent procedures. Some bank product data, such as publicly available interest rates, may be labeled low-risk and presented in your app without your permission. Data on a person’s transaction history and spending patterns, on the other hand, could be regarded as higher risk and would necessitate more stringent consent procedures.
2. Clearly state your intentions: Consumers must be able to comprehend what information an app would obtain from their bank accounts. Describe how you plan to use the information. Specify who will have access to the data, how long they will have it, why they will have it, and what will involve data. For example, you may need to specify that your app would calculate spending habits and provide real-time budget recommendations based on a user’s personal information. Alternatively, you might inform clients that your app will keep track of all payments and transfers they’ve done, as well as who they paid and how much they paid.
3. Enable time limits: In Europe and the United Kingdom, businesses must confirm their customers’ wish to continue linking their accounts every 90 days. Customers should be able to revoke access at any moment using techniques such as a button.

What to measure in customer consent workflows

Measuring consent procedures is a great way to keep track of a product’s or app’s user experience. It might also give you ideas on how to engage with app users and create trust. Fintech firms can also leverage consumer permission data to lobby for higher-quality bank APIs that provide clients with seamless digital connections.

Ratio of success

What it is: The percentage of app users who link their bank accounts to their accounts. This measure represents the number of successful customer authorizations.

Why is it significant: Your consent onboarding method may not adequately describe how client data will be used or protected if your success rate is poor. It’s also possible that the bank API integration isn’t working correctly. To begin, determine whether the success rate is consistent across all bank integrations or varies by bank. It will reveal whether the problem is with the app or bank integration.

Response and performance rates of banks or API aggregators

What it entails: The time it takes for an API call to respond is measured by API response rates. The time between receiving an API request and sending a response is measured in microseconds. On the other hand, the performance rate evaluates how frequently APIs return error signals.

Why is it significant: Customers’ experiences are harmed by slow API answers, which leave them confused about whether a transaction was successful or gave up during the consent process because an API fails to merge their accounts. The error rate and type of error code can provide information about API design and coding problems.

Exit points where everyone agrees

What it entails: Exit points, also known as drop-off points, are unique links where users can exit the consent process. A path connection exists for each screen or process level of a consent flow. The consent abandonment rate is calculated by dividing the total number of completed consent flows by the total number of consent processes initiated and multiplying by 100. It can then be estimated at each level of the consent process to see which phrases are the most perplexing or concerning for users.

Why is it significant: Keeping track of exit points and where the highest percentage can reveal areas that could enhance the customer experience. App users depart after seeing instructions about handling their data could indicate a misunderstanding. Another problem is that your data use description is too broad to acquire clients’ trust.

Rates of use and activity

What it entails: Customers’ usage and activity rates are calculated based on how frequently they log in to an app or website, how long they stay, whether they open and quit an app without doing anything, and what activities they engage in.

Why is it significant: Customers who link their bank accounts are more likely to use an app and do more transactions within it than those who do not. Measuring activity and usage rates can provide insights into how to improve the customer experience and chances to improve the present user experience or generate new feature ideas.

About Enteros

Enteros offers a patented database performance management SaaS platform. It proactively identifies root causes of complex business-impacting database scalability and performance issues across a growing number of clouds, RDBMS, NoSQL, and machine learning database platforms.