Open Banking explained

Options
124

Comments

  • WiseDad
    WiseDad Posts: 11 Forumite
    First Post First Anniversary Combo Breaker
    Options
    I was told by a third party (financial management software) that the recent changes meant that screen scraping would now be 'approved' by banks (so that its use would not negate any fraud protection they provided). This does not appear to be correct. Open Banking Ltd suggests that some banks have changed their policy on this (but did not indicate which banks or what the change was).

    It would be interesting to know which banks approve 'screen scraping' but where does one find out (without lengthy enquiries?).
  • Anthorn
    Anthorn Posts: 4,362 Forumite
    First Post First Anniversary Combo Breaker
    Options
    WiseDad wrote: »
    I was told by a third party (financial management software) that the recent changes meant that screen scraping would now be 'approved' by banks (so that its use would not negate any fraud protection they provided). This does not appear to be correct. Open Banking Ltd suggests that some banks have changed their policy on this (but did not indicate which banks or what the change was).

    It would be interesting to know which banks approve 'screen scraping' but where does one find out (without lengthy enquiries?).

    In the context of Open Banking screen scraping is obsolete in the sense that in order to screen scrape one's account the login credentials would be needed to access the account. In open banking the login credentials are not shared and therefore screen scraping would not be possible. The major concern as I see it is that screen scraping could allow access to data which the account holder has not authorised under open banking. But it's a question of who and what you are: Fintech (Financial Technology) entities like screen scraping but the more traditional entities want to abolish it. As far as I know Screen Scraping has either been outlawed in the E.U. or is close to being outlawed in the E.U.
    https://www.finextra.com/blogposting/14793/screen-scraping-is-dead-long-live-screen-scraping
  • AlexMac
    AlexMac Posts: 2,990 Forumite
    First Anniversary Name Dropper First Post Combo Breaker
    Options
    Has anybody actually heard a peep from their Banks about this Brave New World?
    None of my three banks nor three CC providers have anything about it on their websites; so it looks like Imran Gulamhuseinwala (the geek in the weird suit) who is tasked with "making it happen"
    http://www.wired.co.uk/article/open-banking-market-problems-fintech-expert
    isn't busting a gut!

    So I wait in beathless anticipation for all this "whole bunch of things that people haven't even heard about yet" which are promised in the trailer.
  • MoneySavingTart
    MoneySavingTart Posts: 91 Forumite
    First Post First Anniversary Combo Breaker
    Options
    I expect that banks and card providers have been forced into open banking rather than welcoming it.
    My feeling is that the banking service providers won't really want to push this as it seems to be more about Comparison sites and 3rd party outfits that will be approaching us for access permission so they can suggest that we might find xxx card provider attractive.
  • AirlieBird
    AirlieBird Posts: 1,046 Forumite
    Options
    AlexMac wrote: »
    None of my three banks nor three CC providers have anything about it on their websites;

    You must bank with some obscure banks then as Lloyds/Halifax, Barclays, HSBC/first direct, RBS/Natwest, Nationwide and Santander all have Open Banking pages on their website.
    Did you really mean to put loose?
    Lose: no longer possess, not to retain, unable to find
    Loose: not firmly or tightly fixed in place
  • schiff
    schiff Posts: 20,099 Forumite
    Name Dropper First Post First Anniversary
    edited 29 January 2018 at 12:56PM
    Options
    I find this 'innovation' scary in the extreme and from the start I was determined not to have anything to do with it.

    I assume 'agencies' would be able to scour the market for you with regard to all sorts financial - bank accounts, savings, insurance, investments, etc - but we have MSE to do all that, why invite strangers?

    A bit like when you've bought olive oil or chick peas from Tesco and you get the list of offers including those items from then onwards.
  • nic_c
    nic_c Posts: 2,928 Forumite
    Name Dropper First Post First Anniversary
    Options
    WiseDad wrote: »
    I was told by a third party (financial management software) that the recent changes meant that screen scraping would now be 'approved' by banks (so that its use would not negate any fraud protection they provided). This does not appear to be correct. Open Banking Ltd suggests that some banks have changed their policy on this (but did not indicate which banks or what the change was).

    It would be interesting to know which banks approve 'screen scraping' but where does one find out (without lengthy enquiries?).
    As far as I understand it. Open banking introduces API using oAuth so no need to share login details and at present screen scraping is tolerated and banks may cover fraud but the idea is to outlaw it to comply with EU law. So any company still using screen scraping may be right in saying you could be covered by your banks fraud protection, but more because on the introduction of Open Banking there seems to be a fudge of accepting both methods but aiming to remove screen scraping as an option, I suppose to give companies time to move from one system to the other with their apps.
  • nic_c
    nic_c Posts: 2,928 Forumite
    Name Dropper First Post First Anniversary
    Options
    AirlieBird wrote: »
    That is effectively what happens. There is a 3 step process.

    1. You give consent to the Third Party Provider by agreeing to what they can do on your account and whether it is one time access, time limited or recurring. It will then either ask you for your account details or ask which payment services provider your account is with. I think it can only ask for account details if you are consenting to it being able to make payments.
    2. You are redirected to the payment services provider where your identity is authenticated by you logging in to your account or by some other agreed means.
    3. In your bank/payment service provider's platform you give authorisation to which accounts you are giving this third party access to and reconfirming the access terms in step 1. You are then logged off and redirected back to the Third Party's site.

    Some clear english statement like this needs to be included with the information banks put out. I have had Open Banking T&C from my banks which, paraphrasing, basically say "these T&C state if we get a request to provide details of your balance and transactions to a third party that you have given permission to then we must do that. If you don't like these T&C then you need to close your account before XXX date"
    Nothing to say how they will know you have given authority, how you can check, or whether you can revoke any permissions to third parties and how you may do that. This is what scares people - in that permission could be hidden away in long t&c that the third party will access your data rather than specifically outlining the request that you need to opt-in to continue. So a company that you give details t set up a DD then use general acceptance of T&C to pull your banking data to allow them to offer add-on services or target spam more effectively.
  • jimroy
    jimroy Posts: 151 Forumite
    First Anniversary First Post Name Dropper
    edited 13 January 2019 at 2:30PM
    Options
    sheepworrier wrote: »
    Are there any 3rd Party budgeting apps that are FCA registered yet? Searching for YOLT on the FCA website gave no hits, but Money Dashboard came up with two hits. On the app in the App Store, I could see no mention of FCA registration, but following the link to the developers website the FCA registration number is listed and matches the one that came up on my FCA search. So in a round the houses way, does that mean I am protected if I give Money Dashboard my banking details?

    I recently had to re-authorise Yolt for Open Banking for use with my FD accounts. And now they will only show my current account and not my others because FD say they don't have to. But as per the MSE article here I've just read about it, at the moment Open Banking is just for current accounts and will roll out later to other types.

    I haven't had to Open Banking reauthorise my Money Dashboard account yet, but it's good to hear they are FCA registered. But then again, I'm disappointed that when it does it'll only link my current accounts and I'll have to add my others as 'offline' in the meantime. No more 'screen scraping.' What a pain.

    Anyway, you're right, Yolt aren't FCA authorised; but they are EEA Authorised.

    https://register.fca.org.uk/ShPo_FirmDetailsPage?id=001b000000MfF4VAAV

    I wonder what difference that makes in the eyes of our linked UK banks?
  • Gentoo365
    Gentoo365 Posts: 499 Forumite
    First Anniversary Name Dropper Combo Breaker First Post
    Options
    Who will pay compensation if customer (A) is scammed by scammer (B) into using a the services of a genuine (Open Banking) app offered by company (C) to move money from their bank (D) to another bank (E)?

    If the banks have to act on instructions given via the open banking API, does that not increase the risk of fraud?

    ..or can banks refuse to accept instructions via this method.
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 343.2K Banking & Borrowing
  • 250.1K Reduce Debt & Boost Income
  • 449.7K Spending & Discounts
  • 235.3K Work, Benefits & Business
  • 608.1K Mortgages, Homes & Bills
  • 173.1K Life & Family
  • 247.9K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.9K Discuss & Feedback
  • 15.1K Coronavirus Support Boards