Open Banking explained

245

Comments

  • marlewuk
    marlewuk Posts: 77 Forumite
    From what I've read, if it's some sort of comparison site or account aggregation service (aka Account Information Services) - when you want to sign up it will present the terms of what data will be needed, what for and how long etc... kinda like when you download an app from Google Play Store - it tells what data the app will access on your phone. When you agree it should present a secure window where you are then asked to enter your logon details for online banking and this will also act as confirmation to your bank that you have accepted to share the data with them.

    You can cancel this data share at anytime by contacting you bank or via your online banking - it should be updated with this functionality when it's live.
  • Shakin_Steve
    Shakin_Steve Posts: 2,700 Forumite
    First Anniversary Photogenic First Post Name Dropper
    zerog wrote: »
    How long until you need to share your data in order to access improved financial products (such as a better loan rate or something like that)?
    You hit the nail on the head. That’s partly what it’s for, so that customers can get better deals. Now do you see why your bank will be happy if you just carry on as you have done?
    I came into this world with nothing and I've got most of it left.
  • jamesd
    jamesd Posts: 26,103 Forumite
    Name Dropper First Post First Anniversary
    This part of the article seems to be unrue:

    "Screen-scraping is what most of the apps that are already on the market use, and involves you giving providers 'read-only' access to your online banking, essentially giving it your login details and letting it pretend to be you. However, they can only look at your account and can't make any changes or move money unless you give your explicit consent."

    A firm that has your login details can do anything you can do, including carrying out transactions. They may not be authorised by you to do those things but they will have the capability to do them. There's a huge difference between what they can do and what they are authorised to do.

    Anyone who made the mistake of believing MSE might wrongly think that their money is safe if they give login details to a place which claims it is only going to read information.
  • Anthorn
    Anthorn Posts: 4,362 Forumite
    First Post First Anniversary Combo Breaker
    jamesd wrote: »
    This part of the article seems to be unrue:

    "Screen-scraping is what most of the apps that are already on the market use, and involves you giving providers 'read-only' access to your online banking, essentially giving it your login details and letting it pretend to be you. However, they can only look at your account and can't make any changes or move money unless you give your explicit consent."

    A firm that has your login details can do anything you can do, including carrying out transactions. They may not be authorised by you to do those things but they will have the capability to do them. There's a huge difference between what they can do and what they are authorised to do.

    Anyone who made the mistake of believing MSE might wrongly think that their money is safe if they give login details to a place which claims it is only going to read information.

    Hence Open Banking.

    Previously giving access to a bank account was a matter of trust in that we trust that the third party to which we give access has software and security processes in place that prevent them from doing anything other than read only while protecting data. In Open banking they can only access the data which the bank authorises. That's why Open Banking is a better system.
  • sheepworrier
    sheepworrier Posts: 7 Forumite
    First Anniversary Combo Breaker First Post
    Are there any 3rd Party budgeting apps that are FCA registered yet? Searching for YOLT on the FCA website gave no hits, but Money Dashboard came up with two hits. On the app in the App Store, I could see no mention of FCA registration, but following the link to the developers website the FCA registration number is listed and matches the one that came up on my FCA search. So in a round the houses way, does that mean I am protected if I give Money Dashboard my banking details?
  • 18cc
    18cc Posts: 2,120 Forumite
    I'm kind of in the dark as much as the next person about exactly how all this will work but this is an example from the Independence of how you would opt in to open banking

    The way you do this will be by using an app that allows you to drag in accounts from multiple providers.!

    Giving the app access to your account is the trigger for your data to be shared by the provider with the app you're using.

    For example, say you are an HSBC customer using the!HSBC beta!app which is currently being piloted, if you download it only your HSBC accounts will initially be visible - just like in your existing mobile banking app.

    The new HSBC app allows you to pull in your other accounts from other banks, but to do this, you have to log in using your online banking details from that bank.

    By logging in to your Barclays current account through the HSBC app, you're consenting to Barclays sharing your data with HSBC.!
  • 18cc
    18cc Posts: 2,120 Forumite
    Sorry the above extract was from this is money not the independent Another example they give is using oAuth

    So, for example, you could grant a mortgage app temporary access to your current accounts to allow it to do a real-time assessment of your income and expenditure so it can work out automatically what mortgage you can afford.

    If the mortgage app was using OAuth you wouldn't need to give your current account password to them, keeping your money safe even if they got hacked.

    You could also give them access for a limited time period - while the mortgage application is going through for example - after which the token you assigned expires and your data is locked back into your bank.!
  • _DL_
    _DL_ Posts: 1 Newbie
    edited 13 January 2018 at 1:00PM
    Just thought I'd clear a few things up.

    Key points:
    • No Data will be shared without your permission
    • No third Party will be able to request to share your data directly to your bank (it's not like switching energy provider)
    • All third parties will need to be authorised by the FCA
    • You will not need to login to your bank by giving a third party your log in details (i.e. you will not need to log in to Barclays through the HSBC app)
    • Authorisation for a third party to access your details will be given by you to your bank and will include whether they get read-only access to your details or they can actually make transactions from your account, they may also include other restrictions such as a set period of time they can do this (1, hour, 24 hours, 1 week etc)
    • You can see all third parties that are authorised at any time and remove permissions at any time
    • It is up to the banks to some extent how they implement this but it will use a standard that will be similar across all of them (a bit like the way you can use your pin-pad card reader from any bank to get security codes to login to your bank)
    • The third party will only ever know limited details about your login details such as which bank you have authorised and get a security token that is only valid for them to use and would not work for anyone else
    • The most likely way this will be used is using something like OAuth which many of you will have used already without knowing - it is how you login into websites such as this one using your facebook or google login. This also allow MSE and Facebook to share certain information about you.

    Is it secure?
    Nothing is 100% secure but the most likely issue with security around it is likely to be phishing attacks based upon the confusion around it when it starts up. E.g. a message from 'Barclays' stating that you need to click a link to login to a site to opt out of Open banking or they'll allow access. Or a message from 'HSBC' stating that 'Evil Company' has requested access to your account and if you did not authorise this, click this link to remove their permission.

    Overall, if implemented correctly it should be more secure that most methods and will reduce the reliance to log into you own bank system so often so less risk of your login details being stolen. However software is never perfect and so security issues may appear, however as stated you would not be liable for all losses.

    Hope that helps clear some things up...
  • theroamingnomad
    theroamingnomad Posts: 115 Forumite
    I'm genuinely intrigued to see how beneficial this will be and I definitely intend to give a go, when the opportunity presents itself.
    Debt-free by January 1st, 2019.
    £4905.87/£5124 - as of 24/03/18
  • 18cc
    18cc Posts: 2,120 Forumite
    thanks _dl_ that was very useful
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 343.2K Banking & Borrowing
  • 250.1K Reduce Debt & Boost Income
  • 449.7K Spending & Discounts
  • 235.3K Work, Benefits & Business
  • 608K Mortgages, Homes & Bills
  • 173K Life & Family
  • 247.9K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.9K Discuss & Feedback
  • 15.1K Coronavirus Support Boards