Open Banking explained

135

Comments

  • geoffers4
    geoffers4 Posts: 263 Forumite
    First Anniversary Name Dropper First Post Mortgage-free Glee!
    Yep I'm curious about this change too and hopeful it will open up more competition in the banking sector. Bit frustrating that initially it's only the big banks that have to comply - as the smaller challenger banks are the ones offering the best interest rates these days.
    Save 12k in 2013-2014-2015-2016-2017-2018-2019-2020-2021-2022 - then early-retired.
  • jamesd
    jamesd Posts: 26,103 Forumite
    Name Dropper First Post First Anniversary
    18cc wrote: »
    you could grant a mortgage app temporary access to your current accounts to allow it to do a real-time assessment of your income and expenditure so it can work out automatically what mortgage you can afford.
    Yes, I expect that to be the sort of misleading and unhelpful thing it'll be used for. Current account transaction information can't reliably reveal my income or expenses. Most of my income never identifiably goes through a current account and much spending is too erratic to show up usefully.
  • Zanderman
    Zanderman Posts: 4,683 Forumite
    First Anniversary Name Dropper Photogenic First Post
    18cc wrote: »
    So, for example, you could grant a mortgage app temporary access to your current accounts to allow it to do a real-time assessment of your income and expenditure so it can work out automatically what mortgage you can afford.
    jamesd wrote: »
    Yes, I expect that to be the sort of misleading and unhelpful thing it'll be used for. Current account transaction information can't reliably reveal my income or expenses. Most of my income never identifiably goes through a current account and much spending is too erratic to show up usefully.

    Agree entirely with jamesd - simply looking at income and expenditure across current accounts would be completely unhelpful for mortgage applications for anyone with multiple accounts, variable income, and variable outgoings. Or even those with simpler systems, especially now that interest-paying current accounts are often used for savings and so may have significant amounts kept in them towards some forthcoming expenditure. My own situation, lots of current accounts, rather erratic income, careful budgeting and saving for expenditure - but almost all in current accounts - would completely confuse an App!
  • jubro
    jubro Posts: 51 Forumite
    Currently neither the DHSS/DWP/BA (or whatever is the currently correct name for the organisation that handles state unemployment, sickness and other benefits) nor the Inland Revenue have any registration and would appear not to be eligible to apply for registration.
    However I am concerned that this may become part of the required access that benefit claimants have to give in the future. I would strongly oppose any direct access to "open banking" (or something similar) by such government agencies. As a claimant I accept that I am required to produce any and all financial information requested and make an accurate and clear disclosure of my financial circustmances. I can see advantages from both sides to being able to access this directly from source. With the amount of 3rd party agencies "contracted" to this type of work and the disasters of previous experience with new IT systems and working practices I would have serious concerns about giving access to my banking data being a requirement of the benefits claim.
  • WiseDad
    WiseDad Posts: 11 Forumite
    First Post First Anniversary Combo Breaker
    That is my understanding. Open Banking makes use of 'API' and does not require you to give login details to anyone.

    Screen-scraping does require you to give login details and my understanding is that UK banks do NOT approve this and doing so means that you may not be protected,eg in cases of error or hacking.
    I don't think Open Banking has changed this (although will eventually replace screen-scraping).

    Can MSE clarify if they agree or if they think users are now protected for screen-scraping?
  • MoneySavingTart
    MoneySavingTart Posts: 91 Forumite
    First Post First Anniversary Combo Breaker
    For my circumstances, I don't think I'd want to use any third party services like this and so would not give my permission.
    Reading the thread it appears that anyone using a service like this would not have to give account login information but what would they give? a/c no sort code and my name are readily available on cheques etc so how is it possible to stop "dodgy dealer of the day" applying to become registered and then access my account by saying I gave them permission.

    To me this needs a dual permission system where the account holder authorises his bank to allow service provider XYZ access AND XYZ also hold permission from him with some sort of secure one time key code issued by his bank and passed to XYZ.
    As we know scammers will work incessantly to get round security provisions especially when money is involved.
    Closed banking for me until I decide to request open banking.
  • WiseDad
    WiseDad Posts: 11 Forumite
    First Post First Anniversary Combo Breaker
    I sought clarification from Open banking Ltd and they replied as follow:

    Open Banking doesn’t use screen scraping but secure APIs with all requests authorised by the customer and the customer authority validated with the account holding bank prior to any data being shared or payments being made.

    I believe some banks may have recently changed their terms and conditions with regards to screen scraping. This is not as a result of Open Banking so you would need to review the updates to establish if there has been any change in position, particularly around liability due to the sharing of internet banking log in details.

    It thus seems that Open Banking does not reduce the risk of screen-scraping. Unless banks protect the consumer from fraud, errors and hacking of the third party (as well as the bank), the consumer is left exposed to these risks.
  • AirlieBird
    AirlieBird Posts: 1,046 Forumite
    edited 26 January 2018 at 1:10PM
    MoneySavingTart wrote: »
    For my circumstances, I don't think I'd want to use any third party services like this and so would not give my permission.
    Reading the thread it appears that anyone using a service like this would not have to give account login information but what would they give? a/c no sort code and my name are readily available on cheques etc so how is it possible to stop "dodgy dealer of the day" applying to become registered and then access my account by saying I gave them permission.

    To me this needs a dual permission system where the account holder authorises his bank to allow service provider XYZ access AND XYZ also hold permission from him with some sort of secure one time key code issued by his bank and passed to XYZ.
    As we know scammers will work incessantly to get round security provisions especially when money is involved.
    Closed banking for me until I decide to request open banking.

    That is effectively what happens. There is a 3 step process.

    1. You give consent to the Third Party Provider by agreeing to what they can do on your account and whether it is one time access, time limited or recurring. It will then either ask you for your account details or ask which payment services provider your account is with. I think it can only ask for account details if you are consenting to it being able to make payments.
    2. You are redirected to the payment services provider where your identity is authenticated by you logging in to your account or by some other agreed means.
    3. In your bank/payment service provider's platform you give authorisation to which accounts you are giving this third party access to and reconfirming the access terms in step 1. You are then logged off and redirected back to the Third Party's site.
    Did you really mean to put loose?
    Lose: no longer possess, not to retain, unable to find
    Loose: not firmly or tightly fixed in place
  • MoneySavingTart
    MoneySavingTart Posts: 91 Forumite
    First Post First Anniversary Combo Breaker
    AirlieBird wrote: »
    That is effectively what happens. There is a 3 step process.

    1. You give consent to the Third Party Provider by agreeing to what they can do on your account and whether it is one time access, time limited or recurring. It will then either ask you for your account details or ask which payment services provider your account is with.
    2. You are redirected to the payment services provider where your identity is authenticated by you logging in to your account or by some other agreed means.
    3. In your bank/payment service provider's platform you give authorisation to which accounts you are giving this third party access to and reconfirming the access terms in step 1. You are then logged off and redirected back to the Third Party's site.

    Ah Thanks AirlieBird for that extra info that I'd not seen before.
    It has put my mind more at rest regarding Open Banking!
  • Nick_C
    Nick_C Posts: 7,458 Forumite
    Name Dropper First Anniversary First Post Home Insurance Hacker!
    WiseDad wrote: »
    It thus seems that Open Banking does not reduce the risk of screen-scraping.

    Of course it doesn't. They are two totally different things.

    Screen scraping apps such as First Direct Internet Banking don't use APIs.

    Open Banking does not use screen scraping technology.
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 343.2K Banking & Borrowing
  • 250.1K Reduce Debt & Boost Income
  • 449.7K Spending & Discounts
  • 235.3K Work, Benefits & Business
  • 608K Mortgages, Homes & Bills
  • 173.1K Life & Family
  • 247.9K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.9K Discuss & Feedback
  • 15.1K Coronavirus Support Boards