Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
  • FIRST POST
    • MSE Rosie
    • By MSE Rosie 9th Jan 18, 3:15 PM
    • 76Posts
    • 35Thanks
    MSE Rosie
    Open Banking explained
    • #1
    • 9th Jan 18, 3:15 PM
    Open Banking explained 9th Jan 18 at 3:15 PM
    Hi!

    This is the discussion thread for the



    Click reply below to discuss. If you havenít already, join the forum to reply.


    Thanks folks,
Page 2
    • 18cc
    • By 18cc 13th Jan 18, 1:32 PM
    • 529 Posts
    • 316 Thanks
    18cc
    thanks _dl_ that was very useful
    • geoffers4
    • By geoffers4 13th Jan 18, 2:28 PM
    • 122 Posts
    • 811 Thanks
    geoffers4
    Yep I'm curious about this change too and hopeful it will open up more competition in the banking sector. Bit frustrating that initially it's only the big banks that have to comply - as the smaller challenger banks are the ones offering the best interest rates these days.

    No. 2 in Save 12k in 2017, 2018
    No.22 in Save 12k in 2016
    No.30 in Save 12k in 2015
    No. 6 in Save 12k in 2014
    No.193(!) in Save 12k in 2013
  • jamesd
    you could grant a mortgage app temporary access to your current accounts to allow it to do a real-time assessment of your income and expenditure so it can work out automatically what mortgage you can afford.
    Originally posted by 18cc
    Yes, I expect that to be the sort of misleading and unhelpful thing it'll be used for. Current account transaction information can't reliably reveal my income or expenses. Most of my income never identifiably goes through a current account and much spending is too erratic to show up usefully.
    • Zanderman
    • By Zanderman 13th Jan 18, 5:18 PM
    • 1,595 Posts
    • 4,125 Thanks
    Zanderman
    So, for example, you could grant a mortgage app temporary access to your current accounts to allow it to do a real-time assessment of your income and expenditure so it can work out automatically what mortgage you can afford.
    Originally posted by 18cc
    Yes, I expect that to be the sort of misleading and unhelpful thing it'll be used for. Current account transaction information can't reliably reveal my income or expenses. Most of my income never identifiably goes through a current account and much spending is too erratic to show up usefully.
    Originally posted by jamesd
    Agree entirely with jamesd - simply looking at income and expenditure across current accounts would be completely unhelpful for mortgage applications for anyone with multiple accounts, variable income, and variable outgoings. Or even those with simpler systems, especially now that interest-paying current accounts are often used for savings and so may have significant amounts kept in them towards some forthcoming expenditure. My own situation, lots of current accounts, rather erratic income, careful budgeting and saving for expenditure - but almost all in current accounts - would completely confuse an App!
    • jubro
    • By jubro 15th Jan 18, 4:15 PM
    • 51 Posts
    • 14 Thanks
    jubro
    DWP /Benefit Agency
    Currently neither the DHSS/DWP/BA (or whatever is the currently correct name for the organisation that handles state unemployment, sickness and other benefits) nor the Inland Revenue have any registration and would appear not to be eligible to apply for registration.
    However I am concerned that this may become part of the required access that benefit claimants have to give in the future. I would strongly oppose any direct access to "open banking" (or something similar) by such government agencies. As a claimant I accept that I am required to produce any and all financial information requested and make an accurate and clear disclosure of my financial circustmances. I can see advantages from both sides to being able to access this directly from source. With the amount of 3rd party agencies "contracted" to this type of work and the disasters of previous experience with new IT systems and working practices I would have serious concerns about giving access to my banking data being a requirement of the benefits claim.
    • WiseDad
    • By WiseDad 15th Jan 18, 7:39 PM
    • 4 Posts
    • 2 Thanks
    WiseDad
    Screen-scraping still risky?
    That is my understanding. Open Banking makes use of 'API' and does not require you to give login details to anyone.

    Screen-scraping does require you to give login details and my understanding is that UK banks do NOT approve this and doing so means that you may not be protected,eg in cases of error or hacking.
    I don't think Open Banking has changed this (although will eventually replace screen-scraping).

    Can MSE clarify if they agree or if they think users are now protected for screen-scraping?
    • MoneySavingTart
    • By MoneySavingTart 26th Jan 18, 11:25 AM
    • 47 Posts
    • 15 Thanks
    MoneySavingTart
    For my circumstances, I don't think I'd want to use any third party services like this and so would not give my permission.
    Reading the thread it appears that anyone using a service like this would not have to give account login information but what would they give? a/c no sort code and my name are readily available on cheques etc so how is it possible to stop "dodgy dealer of the day" applying to become registered and then access my account by saying I gave them permission.

    To me this needs a dual permission system where the account holder authorises his bank to allow service provider XYZ access AND XYZ also hold permission from him with some sort of secure one time key code issued by his bank and passed to XYZ.
    As we know scammers will work incessantly to get round security provisions especially when money is involved.
    Closed banking for me until I decide to request open banking.
    • WiseDad
    • By WiseDad 26th Jan 18, 11:46 AM
    • 4 Posts
    • 2 Thanks
    WiseDad
    Open Banking Ltd response
    I sought clarification from Open banking Ltd and they replied as follow:

    Open Banking doesnít use screen scraping but secure APIs with all requests authorised by the customer and the customer authority validated with the account holding bank prior to any data being shared or payments being made.

    I believe some banks may have recently changed their terms and conditions with regards to screen scraping. This is not as a result of Open Banking so you would need to review the updates to establish if there has been any change in position, particularly around liability due to the sharing of internet banking log in details.


    It thus seems that Open Banking does not reduce the risk of screen-scraping. Unless banks protect the consumer from fraud, errors and hacking of the third party (as well as the bank), the consumer is left exposed to these risks.
    • AirlieBird
    • By AirlieBird 26th Jan 18, 12:03 PM
    • 1,038 Posts
    • 847 Thanks
    AirlieBird
    For my circumstances, I don't think I'd want to use any third party services like this and so would not give my permission.
    Reading the thread it appears that anyone using a service like this would not have to give account login information but what would they give? a/c no sort code and my name are readily available on cheques etc so how is it possible to stop "dodgy dealer of the day" applying to become registered and then access my account by saying I gave them permission.

    To me this needs a dual permission system where the account holder authorises his bank to allow service provider XYZ access AND XYZ also hold permission from him with some sort of secure one time key code issued by his bank and passed to XYZ.
    As we know scammers will work incessantly to get round security provisions especially when money is involved.
    Closed banking for me until I decide to request open banking.
    Originally posted by MoneySavingTart
    That is effectively what happens. There is a 3 step process.

    1. You give consent to the Third Party Provider by agreeing to what they can do on your account and whether it is one time access, time limited or recurring. It will then either ask you for your account details or ask which payment services provider your account is with. I think it can only ask for account details if you are consenting to it being able to make payments.
    2. You are redirected to the payment services provider where your identity is authenticated by you logging in to your account or by some other agreed means.
    3. In your bank/payment service provider's platform you give authorisation to which accounts you are giving this third party access to and reconfirming the access terms in step 1. You are then logged off and redirected back to the Third Party's site.
    Last edited by AirlieBird; 26-01-2018 at 12:10 PM.
    • MoneySavingTart
    • By MoneySavingTart 26th Jan 18, 12:08 PM
    • 47 Posts
    • 15 Thanks
    MoneySavingTart
    That is effectively what happens. There is a 3 step process.

    1. You give consent to the Third Party Provider by agreeing to what they can do on your account and whether it is one time access, time limited or recurring. It will then either ask you for your account details or ask which payment services provider your account is with.
    2. You are redirected to the payment services provider where your identity is authenticated by you logging in to your account or by some other agreed means.
    3. In your bank/payment service provider's platform you give authorisation to which accounts you are giving this third party access to and reconfirming the access terms in step 1. You are then logged off and redirected back to the Third Party's site.
    Originally posted by AirlieBird
    Ah Thanks AirlieBird for that extra info that I'd not seen before.
    It has put my mind more at rest regarding Open Banking!
    • Nick_C
    • By Nick_C 26th Jan 18, 12:15 PM
    • 3,845 Posts
    • 5,286 Thanks
    Nick_C
    It thus seems that Open Banking does not reduce the risk of screen-scraping.
    Originally posted by WiseDad
    Of course it doesn't. They are two totally different things.

    Screen scraping apps such as First Direct Internet Banking don't use APIs.

    Open Banking does not use screen scraping technology.
    • WiseDad
    • By WiseDad 26th Jan 18, 12:39 PM
    • 4 Posts
    • 2 Thanks
    WiseDad
    Screen-scraping still risky?
    I was told by a third party (financial management software) that the recent changes meant that screen scraping would now be 'approved' by banks (so that its use would not negate any fraud protection they provided). This does not appear to be correct. Open Banking Ltd suggests that some banks have changed their policy on this (but did not indicate which banks or what the change was).

    It would be interesting to know which banks approve 'screen scraping' but where does one find out (without lengthy enquiries?).
    • Anthorn
    • By Anthorn 26th Jan 18, 3:57 PM
    • 3,673 Posts
    • 948 Thanks
    Anthorn
    I was told by a third party (financial management software) that the recent changes meant that screen scraping would now be 'approved' by banks (so that its use would not negate any fraud protection they provided). This does not appear to be correct. Open Banking Ltd suggests that some banks have changed their policy on this (but did not indicate which banks or what the change was).

    It would be interesting to know which banks approve 'screen scraping' but where does one find out (without lengthy enquiries?).
    Originally posted by WiseDad
    In the context of Open Banking screen scraping is obsolete in the sense that in order to screen scrape one's account the login credentials would be needed to access the account. In open banking the login credentials are not shared and therefore screen scraping would not be possible. The major concern as I see it is that screen scraping could allow access to data which the account holder has not authorised under open banking. But it's a question of who and what you are: Fintech (Financial Technology) entities like screen scraping but the more traditional entities want to abolish it. As far as I know Screen Scraping has either been outlawed in the E.U. or is close to being outlawed in the E.U.
    https://www.finextra.com/blogposting/14793/screen-scraping-is-dead-long-live-screen-scraping
    • AlexMac
    • By AlexMac 29th Jan 18, 11:28 AM
    • 2,042 Posts
    • 1,793 Thanks
    AlexMac
    Has anybody actually heard a peep from their Banks about this Brave New World?
    None of my three banks nor three CC providers have anything about it on their websites; so it looks like Imran Gulamhuseinwala (the geek in the weird suit) who is tasked with "making it happen"
    http://www.wired.co.uk/article/open-banking-market-problems-fintech-expert
    isn't busting a gut!

    So I wait in beathless anticipation for all this "whole bunch of things that people haven't even heard about yet" which are promised in the trailer.
    • MoneySavingTart
    • By MoneySavingTart 29th Jan 18, 11:37 AM
    • 47 Posts
    • 15 Thanks
    MoneySavingTart
    I expect that banks and card providers have been forced into open banking rather than welcoming it.
    My feeling is that the banking service providers won't really want to push this as it seems to be more about Comparison sites and 3rd party outfits that will be approaching us for access permission so they can suggest that we might find xxx card provider attractive.
    • AirlieBird
    • By AirlieBird 29th Jan 18, 11:52 AM
    • 1,038 Posts
    • 847 Thanks
    AirlieBird
    None of my three banks nor three CC providers have anything about it on their websites;
    Originally posted by AlexMac
    You must bank with some obscure banks then as Lloyds/Halifax, Barclays, HSBC/first direct, RBS/Natwest, Nationwide and Santander all have Open Banking pages on their website.
    • schiff
    • By schiff 29th Jan 18, 11:53 AM
    • 17,987 Posts
    • 9,376 Thanks
    schiff
    I find this 'innovation' scary in the extreme and from the start I was determined not to have anything to do with it.

    I assume 'agencies' would be able to scour the market for you with regard to all sorts financial - bank accounts, savings, insurance, investments, etc - but we have MSE to do all that, why invite strangers?

    A bit like when you've bought olive oil or chick peas from Tesco and you get the list of offers including those items from then onwards.
    Last edited by schiff; 29-01-2018 at 11:56 AM.
    • nic_c
    • By nic_c 12th Feb 18, 8:46 AM
    • 1,523 Posts
    • 832 Thanks
    nic_c
    I was told by a third party (financial management software) that the recent changes meant that screen scraping would now be 'approved' by banks (so that its use would not negate any fraud protection they provided). This does not appear to be correct. Open Banking Ltd suggests that some banks have changed their policy on this (but did not indicate which banks or what the change was).

    It would be interesting to know which banks approve 'screen scraping' but where does one find out (without lengthy enquiries?).
    Originally posted by WiseDad
    As far as I understand it. Open banking introduces API using oAuth so no need to share login details and at present screen scraping is tolerated and banks may cover fraud but the idea is to outlaw it to comply with EU law. So any company still using screen scraping may be right in saying you could be covered by your banks fraud protection, but more because on the introduction of Open Banking there seems to be a fudge of accepting both methods but aiming to remove screen scraping as an option, I suppose to give companies time to move from one system to the other with their apps.
    • nic_c
    • By nic_c 12th Feb 18, 9:05 AM
    • 1,523 Posts
    • 832 Thanks
    nic_c
    That is effectively what happens. There is a 3 step process.

    1. You give consent to the Third Party Provider by agreeing to what they can do on your account and whether it is one time access, time limited or recurring. It will then either ask you for your account details or ask which payment services provider your account is with. I think it can only ask for account details if you are consenting to it being able to make payments.
    2. You are redirected to the payment services provider where your identity is authenticated by you logging in to your account or by some other agreed means.
    3. In your bank/payment service provider's platform you give authorisation to which accounts you are giving this third party access to and reconfirming the access terms in step 1. You are then logged off and redirected back to the Third Party's site.
    Originally posted by AirlieBird
    Some clear english statement like this needs to be included with the information banks put out. I have had Open Banking T&C from my banks which, paraphrasing, basically say "these T&C state if we get a request to provide details of your balance and transactions to a third party that you have given permission to then we must do that. If you don't like these T&C then you need to close your account before XXX date"
    Nothing to say how they will know you have given authority, how you can check, or whether you can revoke any permissions to third parties and how you may do that. This is what scares people - in that permission could be hidden away in long t&c that the third party will access your data rather than specifically outlining the request that you need to opt-in to continue. So a company that you give details t set up a DD then use general acceptance of T&C to pull your banking data to allow them to offer add-on services or target spam more effectively.
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

3,955Posts Today

9,229Users online

Martin's Twitter