Q&A: NatWest on Blending Open Banking with Cyber Defence

Cyber threats are intensifying and Open Banking is reshaping the payments industry.

In light of this, financial institutions are under growing pressure to balance innovation with security. 

Established banks, in particular, face the challenge of competing with fintech disruptors while maintaining trust, resilience and regulatory rigour.

In this interview with FinTech Magazine, James Hodgson, CEO of Payit and Tyl by NatWest, explains how NatWest has positioned itself as a fintech leader by investing in Open Banking while drawing on the scale, expertise and security foundations of a major UK bank.

Rather than building from scratch, NatWest combines decades of experience in safeguarding customer data with the agility associated with fintech challengers. 

This approach, James argues, creates a strategic advantage in delivering secure, scalable and customer-centric payment solutions in an increasingly complex threat environment.

How has the recent wave of cyberattacks changed the way banks approach customer security? 

With cyberattacks becoming increasingly common – more than 40% of UK firms experiencing a breach last year – it’s crucial for financial institutions to continuously learn and develop approaches to customer security.

Payit and NatWest have well established security measures and frameworks in place but remain vigilant and recognise that cybersecurity is not a one-time exercise but an ongoing process of adaptation and improvement. 

No financial services institution wants to experience a security incident of any kind. They can be damaging and can lead to a drop in consumer trust and financial losses due to remediation and recovery costs. 

In a sector where trust is fundamental, protecting customers is just as important as mitigating operational and financial impacts. 

As a result, Payit is always reviewing authentication processes, threat detection and customer education – especially when Open Banking remains an unknown for some. 

What role can open banking play in reducing fraud and improving financial security?

This is one of the USPs of open banking, helping to reduce risks. 

Traditional payment methods often require customers to manually enter sensitive information, increasing the opportunity of data compromise. Open Banking offers a more secure alternative by enabling customers to authorise payments directly through their trusted banking environment.

The industry is working together to prevent fraud with the UK’s Payments Services Regulations, requiring operators to employ robust customer authentication practices for electronic payments, reducing the risk of fraudulent activity. 

This collaborative approach helps create more resilient payment ecosystems and supports greater confidence for both consumers and businesses.

NatWest’s Payit platform has been designed with security at its core, it is specifically aimed at protecting user privacy and reducing risk. 

Payit’s AIS solution, powered by open banking, enables businesses to securely access and verify customer financial information in real time.

Access to timely, verified data can support earlier detection of suspicious activity, enabling businesses to make more informed decisions. 

The result is a safer, more efficient experience for both businesses and consumers.

Are consumers sufficiently aware that not all payment and banking providers offer the same level of protection?

We need to see greater awareness among consumers, not all payment providers and fintechs offer the same level of protection. 

As the fintech market continues to expand, consumers are presented with an increasing number of options and the level of security, regulatory oversight and industry experience must be considered.

This is an important message that we are actively working to push. Consumers often focus on convenience, speed or price – which are all important factors – but security should remain a key consideration when choosing a provider. 

Being backed by NatWest means customers benefit from the expertise, security and governance that comes with one of the UK’s largest banks.

It is crucial for consumers to understand who is behind the service they are using and how their data is protected. 

Greater transparency and education across the industry will help customers make more informed decisions. 

What security standards should businesses look for when choosing a payments provider?

Businesses should look beyond functionality and pricing. 

Security should be at the core of the decision-making process – any weakness in the payment ecosystem can negatively impact both the business and its customers.

Robust security not only helps mitigate risk but also protects brand reputation and consumer confidence. 

In terms of specific security standards, businesses should prioritise those providers who comply with UK and European regulatory frameworks for payment processing and open banking – for instance, Payment Services Regulations and Strong Customer Authentication protocols. 

It’s not only about checking the tools and protocols, but equally important is the provider’s track record and reputation. 

Businesses should consider how long the provider has operated, their approach to governance and whether they have demonstrated cybersecurity investment. 

Ultimately, businesses should seek providers that balance innovation with security.

The most effective payment solutions are those that deliver a seamless and reliable customer experience while maintaining strong protections for the businesses, avoiding fraud. 

How can the financial services industry respond more quickly and consistently to emerging cyber threats?

The financial services industry operates in an environment that is constantly evolving – and cybersecurity is no exception. 

You can’t stay stagnant in this industry – new threats emerge regularly and so businesses cannot afford to rely solely on existing measures. Continuous improvement and adaptability are essential. 

Industry collaboration – sharing intelligence and best practice in open banking – is an important factor in this, and in financial services more generally, as it allows threats to be identified earlier and responded to more effectively and efficiently. 

A collective approach strengthens resilience of the wider ecosystem, recognising the cyber threats often extend beyond individual organisations. 

It takes banks, tech providers, regulators and cyber security experts together to help tackle this – we are all working to protect our customers and the business.

It may sound simplistic, but staying one step ahead remains the best strategy. Understanding how threats are evolving and strengthening defences before vulnerabilities can be exploited.

What are the biggest misconceptions about open banking and security today?

We’ve seen recently a lack of understanding from the consumer that customer information is freely shared with multiple third parties or becomes less secure once it leaves a traditional banking environment. 

In reality, open banking is built on a highly regulated framework that places customer consent, security and transparency at its centre. 

Addressing these misconceptions is important to building confidence and encouraging wider adoption of open banking services. 

A particular area of misunderstanding relates to Account Information Services (AIS) and affordability assessments. 

Some consumers worry that financial information provided for affordability checks is being passed elsewhere. But this is not true – information is not shared and is used for a specific purpose that ultimately benefits the customer, it supports efficient decisions on payment plans, credit risk and customer support.

This can lead to more tailored solutions and improved customer experience. 

In many cases, Open Banking can actually be more secure than traditional methods because it reduces the need for manual document sharing. 

All in all, greater public understanding of how open banking works will be important as adoption continues to grow.

Looking ahead, what should banks, businesses and consumers do now to stay ahead of increasingly sophisticated cyber criminals?

Everyone has a role to play in maintaining security as cyber threats become more sophisticated. 

From a consumer perspective, it’s about being as vigilant as possible and choosing trustworthy providers, such as established banks. 

It’s also about being wary of scams – with consumers having reported around 269,000 authorised push payment claims in the space of a year. 

If something appears suspicious, it’s always worth taking the time to verify its legitimacy.

For banks and businesses, it’s naturally a much larger scale issue – and as stated before, it’s all about staying ahead of the curve and putting processes in place to protect themselves and their customers. 

Organisations must continue investing in cybersecurity technologies, regularly reviewing their security frameworks and ensuring they are prepared to respond quickly if incidents occur.

Customer communication is equally important. Businesses must provide clear guidance about emerging threats, educate customers about common scams and ensure people understand how to protect themselves online.

Organisations that remain proactive and adaptable will be best placed to protect both their customers and their reputation in an increasingly complex landscape.