Digital finance company Plaid is gaining support from financial technology, data security and compliance firms for a new industry standard aimed at safeguarding consumers’ confidential information.
Plaid's proposal, called the Open Finance Data Security Standard (OFDSS), addresses security issues encountered by emerging fintech companies. The standard was developed by Plaid’s security and risk teams and it has 63 individual security requirements across 12 control domains that address common data security risks. Earlier this year, Plaid began to collaborate with and seek support for the OFDSS from its peers and competitors.
The effort makes sense for San Francisco-based Plaid, given the digital finance company backs a host of fintech companies developing new digital finance tools, many of them challenging incumbent payments companies. Plaid provides services for some 11,000 businesses that use its network, including payment tool company Venmo, neobank Chime and financial advisory firm Betterment.
Plaid has received nearly 200 inquiries about the plan from a broad range of companies including banks, community banks, credit unions, lenders, digital finance services and security compliance companies, according to Plaid Spokesperson Kevin Young.
“The industry is rallying around OFDSS because it will help raise the bar for data security in the fintech ecosystem at a time when the pace of innovation is accelerating,” Plaid’s head of risk, Shano Fonseka, said in a statement. “It provides a strong framework that helps fintechs improve security while enabling innovation (and) gives banks reassurance about the companies connecting to their APIs, and, most importantly, helps protect consumers.”
The OFDSS would replace existing standards that are often out of date because they don’t include cloud-computing capabilities that allow companies to store data remotely on servers they don’t own. Other standards that take the cloud into account aren't up to snuff, according to Plaid.
“Existing cloud security frameworks are generic, and not tuned like the OFDSS to be actionable and effective for these types of companies,” the company said in a statement.
Plaid is undertaking the project less than a year after its agreement to be purchased by card giant Visa in a $5.3 billion acquisition fell apart in the face of Justice Department antitrust concerns.
Open banking impetus
The timing of the push for OFDSS also comes as interest in open banking is on the rise. Open banking, which is more advanced in Europe than in the U.S., prods banks and other financial institutions to provide more open application programming interfaces so that third-party software developers can create new tools for consumers. It also generally encourages more sharing of data and increased transparency.
A study released last month by Juniper Research estimated the value of global payments arranged via open banking will hit $116 billion in 2026 compared with just under $4 billion in 2021. Roughly 75 percent of those payments in 2026 will be in Europe, though demand from the U.S. is starting to pick up thanks to increased government support, Juniper said in a report to clients.
“As such, we anticipate acquisitions and partnerships to intensify, so vendors can meet these evolving requirements quickly, rather than developing their own solutions over time,” the Juniper report said.
Stephen Greer, a senior analyst at the research and advisory firm Celent, called OFDSS “a major step forward for open finance in the U.S., establishing the framework for protecting data amongst an increasingly larger ecosystem.”
"I haven't heard any objections to date, but largely this is a new area that will require some adoption and some advocacy," Greer said.
Backers of the OFDSS standard proposed by Plaid include the Canadian company Flinks, which facilitates the open exchange of financial information; San Francisco-based Truework, which provides income and employment verification; and San Francisco-based software companies Secureframe and Vanta, among others.
Young provided comments of support from some of the collaborating companies.
“OFDSS represents a fit-for-purpose solution to tackle one of the most burning questions around open banking right now: what guardrails should be put into place in order to ensure that financial data shared with fintech applications is sufficiently protected and used only for its intended purpose?” Flinks Chief of Staff Dominique Samson said in a statement. “OFDSS represents a pragmatic solution to this challenge, put together by sophisticated companies who operate in this space every day."
Added Truework CEO Ryan Sandler: “This will bring greater transparency to how payroll data is handled, fostering the trust necessary to expand payroll data access and integrate it more broadly into open finance.”
"Today, companies that store sensitive data must navigate through a labyrinth of best practices, choose which ones to implement and hope they are correct,” Robbie Ostrow, Vanta's founding engineer, said in a statement. “OFDSS distills these confusing norms into clear guidelines that are easy to understand and simple to check.”
Secureframe Founder and CEO Shrav Mehta explained that OFDSS gives growth-stage fintech customers what they want. "OFDSS focuses less on many traditional, secondary compliance requirements and more on what matters most for our customers — data security,” Mehta said in a statement.