/ Money

Open Banking: how can you stay safe when sharing financial data?

Credit card

Open Banking – the ability to securely share your current account data with trusted third parties – has been running in the UK for a few months. Guest author, Caroline Ambrose, from Barclays UK, explains…

While we’re certainly still in the early days, what we’ve seen so far with Open Banking is an exciting step forward. It will give you the chance to take charge of your financial data and grant access to it in ways that can help you manage your money better.

New tools and services will be developed to allow you to see multiple accounts in one place, gaining helpful insights about your holistic spending and saving, and the opportunity to interact with your accounts more easily. And in time you’ll see more innovative ways to make and take payments.

Safety

But for some, the question of sharing also raises a question over security. If we unlock the vault to this key asset, how can we be sure our financial data remains safe?

First off, it’s important to understand that, while the benefits of services using Open Banking will be great, it’s a personal choice. Everyone has the ability to decide if they want to use a service that requires them to share their data, and if they do, they will have the control over who they give it to.

For those who want to take advantage of the new services using Open Banking, the Government and industry have spent a lot of time building a system designed to keep you safe and secure, should you choose to share your data.

How it works

It works through what we call APIs (or Application Programming Interfaces). These clever bits of technology allow different systems to safely and securely communicate with one another, but – and here’s the crucial bit – they also allow the user (in this case, the customer) to stay in control.

So while you may choose to use a service on Monday, on Tuesday you can change your mind and turn it off. The use of APIs mean that – when you press ‘disconnect’, your data stops being shared at that instant. You will also be able to know exactly what specific information you are sharing for any service you use

The services that use Open banking will be welcomed by different people in different ways. However, whatever your choice, it should be driven by how you want to manage your money and not fears over the safety of your data. Consumers can be confident that so long as the service they’re using uses APIs, they’re safe and in control.

This is a guest post by Caroline Ambrose. All views expressed are Caroline’s own and not necessarily those also shared by Which?.

Do you use Open Banking? Will you consider using it in the future? Or do you still have concerns?

Comments
Member

I have not used Open Banking and am not keen to use any new service until it has been well established and has been shown to be secure.

At a time when removal of ATMs and bank branches has already caused considerable problems for many bank customers, particularly in rural areas, I suggest that the banks focus on finding ways of maintaining and restoring essential services. I suggest, Caroline, that Barclays could take a lead and push other banks to work together and provide shared branches where it is not economically viable for any bank to maintain a branch. Another suggestion would be to install ATMs at shops, Post Offices, village halls to serve the needs of local communities.

Member

It will give you the chance to take charge of your financial data and grant access to it in ways that can help you manage your money better.“.

I am sorry to be something of a cynical dinosaur on occasions.

“Take charge of your financial data”: I can do quite a bit of that already with the help of MS Money – home accountancy made simple. If the banks wanted to help their customers, a good start would be to provide them with similar software. It not only tracks bank accounts, but looks at investments (if any), upcoming bills, credit and debit cards……………………..

“Help you manage your money better”. I use Excel spreadsheets to look budgets – income and outgoings – to check when and how much I will be spending and earning. Again, banks could help by providing software to help people do this for themselves.

I would not hand over more personal and financial data to another organisation in an insecure environment; it is quite unnecessary if you learn to understand your own finances.

Member

MS Money, wow thats an old program! Surprised it even runs on modern windows

Member

Larry5 have a read of MS,s own resolution to any problems with MS Money . You have to use the Registry but in Windows its easy compared to Linux which I have https://www.thewindowsclub.com/use-microsoft-money-on-windows-10

Member

I was dubious and looking at alternative software for a Win10 computer, but loathe to leave MSMoney that I had used successfully for years. I downloaded the free “Sunset edition” and it runs fine.

Member

I have not used open banking, largely because most of my money management requirements are already coordinated under one institution and I effectively have a dashboard showing me in one place all the accounts that I have – including insurance products. I have seen bank advertisements showing the claimed benefits of open banking but if I can see what I hold elsewhere I have an awful feeling that the open banking provider can do so as well, and I would prefer to keep some things private thank you. If I had a pound for every time someone in the banking industry said that new systems could “safely and securely communicate with one another” I would be quite wealthy. I think I shall wait for a few years of unbroken operating performance reliability with no outages, hackings, data breaches, system collapses, fraud cover-ups, and other problems before trusting the banks to share my data responsibly.

Member

Change the “few years” to “Decades” and I’ll agree totally. Banks have NEVER promoted ANYTHING that is not beneficial exclusively to the banks themselves. Trust them ? They are having a laugh ! Not in 100 years will I ever “trust” any bank to do anything other than look after its OWN INTERESTS !

Member

I will not be using open banking.

But I would hope the banks make full use of it to track criminal activity and stolen funds.

Member

Sorry but words fail me ! as a US tennis player said- you CANT be serious !! Have all my posts and words come to nothing , have all my warnings about third parties fallen on barren ground (ears ) where have I failed ?? I do not wish to be derogatory about this convo but I cant stand by and accept it . Its obvious its following big business dogma for a start and American at that. Where do you want me to start ? API,s –your joking of coarse , long ago I was warned about them by US sources but its obvious this will never sink in till evidence is supplied , well I have it by the barrel-load on my PC but I will put the most non technical I can find till somebody wants the full technical details https://www.csoonline.com/article/2956367/mobile-security/api-security-leaves-apps-vulnerable-5-ways-to-plug-the-leaks.html but for those in the know – memory leak read
https://www.programmableweb.com/news/why-exposed-api-keys-and-sensitive-data-are-growing-cause-concern/analysis/2015/01/05 I have a veritable mountain of highly technical info but as its not liked here I will refrain. Peace be unto us all as the Guru said.

Member

There was a previous Conversation in October last year on this topic but it only garnered 24 comments. See –
https://conversation.which.co.uk/money/will-open-banking-open-new-possibilities/

At least Duncan is utterly consistent in his virulent opposition to ‘open banking’ and I loved his comment [one of many in this vein] as follows – “meet Lucas the confirmed-dyed in the wool – the real deal – the sure thing – guaranteed for life – no bull: glory be that I am one. I fall on my knees and thank God for His mercies. My address: Luddite Village-by-the-sea, 1 Luddite Gardens, by way of the Primrose-lined Luddite Lane, 1LDD LD2“. As can be seen, his characterisation as a Luddite is entirely by his own declaration but none the worse for that.

That October Conversation followed on from one in March 2017 [only 47 comments] called “Would you do all your banking on your mobile phone?”. See –
https://conversation.which.co.uk/money/mobile-banking-atom-bank-monzo-revolut/

The usual suspects all protested. It’s difficult to see where Which? stands on it.

Member

Looking at your second link it is interesting to see how different age groups view mobile-only accounts – the the graphic in the introduction. Maybe Caroline would be reading some more positive comments about Open Banking if younger people had replied.

Member

But that brings up the age old question do you ignore sage advice and just do what you like Wavechange read my answer to Vynor on the supposed “positives ” put forward by those with an advantage to gain.

Member

It was just a provocative comment to elicit discussion, Duncan. 🙂 If you read my opening comment you can see that I have my own reservations and am definitely not interested.

Rightly or wrongly, many of us (with notable exceptions) become less willing to adopt new ideas when we get older. If we do decide to adopt technology such as online banking, contactless cards, smartphones etc. we often become advocates.

My bank has today told me that it will be discontinuing sending paper statements. I’m not quite sure why I carried on receiving them when it was so easy to download them as csv files for the past seven years.

Member

I still get paper statements from mine and you can get shortened versions from the banks ATM –that’s if you don’t live 10 miles from the nearest one like me. I have no problem with genuine innovation Wavechange but nowadays there is always a quid pro quo. I don’t have a smartphone because I would be telling the world every geographic move I made even turning them off doesn’t stop your location being known. I have the most modern up to date protection apps on my browsers and I am innovative in computer technology, I would need to be forced to use online banking and if it wasn’t for DD I would be hiding my cash under floorboards although its wiser to store gold -10 carat upwards . For example, I am using a good spelling app on one browser, unfortunately, there is always a payback for the free version and that is persistent cookies bored into my PC programming but one of my apps shows every move on a website using part of the webpage to display whats going on and another good app shows them all being deleted by it . It’s nice to watch all the trackers that want to track you for gain. Which actually isn’t too bad compared to some.

Member

Somebody pro banks or dont like me saying Which isn’t too bad compared to say- the Guardian and other newspapers who,s long list of trackers nearly run off the web-page in length ,and persistent ones at that ?

Member

The reason you give for not having a smart phone is curious, Duncan. I am not sure why you should worry that you “would be telling the world (your) every geographic move”. Most of the people I know delight in letting their family, friends and other contacts know whenever they are somewhere different from the usual circuit – you don’t hear from them for weeks on end and then suddenly they need to phone you from the airport to say they are off to Maastricht and “can you recommend a restaurant?” or some equally lame and limp excuse to publicise their exotic lifestyle.

I have a smartphone but ninety-five per cent of my time is spent within five miles of the city centre of Norwich so tracing my movements would be a pretty unrewarding exercise and in any case, unlike you, I am not interesting enough to generate that sort of enquiry. Whenever I go away for a day, or have a short break as I have just had in London [oh no – I’ve let the cat out of the bag now], I don’t need to take my smart phone with me so I am still recorded as being in Norwich; you could adopt the same policy in order to foil your pursuers. I am indifferent to whether or not you wish to use a smart phone but I have heard that they can be quite useful, although other means of communication remain available.

P.S. As I have suggested before – you should also give yourself a calmer life and stop worrying about the thumbs down to your comments; you don’t know who they are from or even what they actually mean on the spectrum from just “I don’t agree with you” to “I totally detest what you are saying”. Give peace a chance – roll with the punches.

Member

John, I’m all for giving peace a chance! I’ve only recently acquired a secondhand smartphone from a son and use it more than I expected. It’s not very good for posting comments as it seems to lead to even worse spelling than normal (missing letters and, however hard I try “there” my brain wants “their”, and I do know the difference).

It is very handing for checking websites while I’m out, searching for places, tourist attractions, nearest ATM (hardly ever use one), and using maps to find your way around a strange place. Plus, no doubt, loads more I haven’t yet discovered and wouldn’t know I needed.

I could not care less about being tracked – I’ve nothing to hide. However, one day, if anything untoward happens or when I become weak in memory it might be very useful to be tracked – and found.

We can take Convos too seriously, as if when we speak someone seems to question our motivation, knowledge, integrity rather than appreciating that we all have differing points of view, background, knowledge, and the right to explore issues along a different tack perhaps. Not a reasons to shoot the messenger, but to attract reasoned responses. It is what conversations are about, isn’t it? It’s not prime minister’s questions.

Member

Hear, hear! Malcolm.

I don’t care for the demanding style of interrogation that sometimes emerges here, nor the use of links as crowbars to force doors open. I think links are useful to substantiate comments and reference further information, not to substitute for a comment and force readers to go elsewhere and then come back to continue the conversation. I would propose that the community guidelines could usefully be adapted to cover the appropriate, and supportive, use of links.

Member

I dont believe I am hearing what you posted John , not directly in relation to your reply to malcolm but your comment -links used as crowbars —— what the dickens did you and others complain /criticize .condemn me heavily about ????? NOT providing links – we cant believe you Lucas-=-where,s the—-LINKS I was nearly blown apart by the autocratic criticism . NOW its a 180 degree turn ? I was totally at odds with MT BUT one thing I did admire – this lady is NOT for turning/changing . I am STILL getting it but when I do provide links —- the goalposts are shifted .

Member

John its not just knowing your location , what you dont know is that GCHQ/NSA can take over your smartphone without you knowing watch what you watch , operate your mike /camera and generally upload all your data . There is a lot more . Give Peace a chance John ? you obviously have no idea of the number of US/UK and other countries organisations I am min contact with to do just that and have been for years — quote-Bible /Tora – and it came to pass , when Joram saw Jehu that he said ,is it peace Jehu ? And he answered .What peace , so long as the whoredoms of the mother Jezebel and her witchcrafts are so many ? Jezebel= USA foreign policy thats my answer John. Also -the only thing necessary for the triumph of evil is for good men to do NOTHING .

Member

Duncan – I have no criticism of links that are inserted after a comment to give added detail, or as evidence, or to reference some supporting material in a publication or elsewhere – so carry on providing links as I do when I think it would help. What I don’t like – and it’s only my personal preference – are comments [or whole new threads] that start with a link and little else. This wouldn’t happen in a real-life Conversation; I think contributors should summarise what they are trying to tell us and use a link [if necessary] to back it up or extend the contribution for those who wish to explore it in more detail.

My remarks were not directed at you – it has become a common behaviour. In the early days we could not insert links and had to explain ourselves. I happen to think that remains the most courteous way to proceed.

Member

Yes, I know all that Duncan. It doesn’t bother me. GCHQ can tap into all calls on any device from anywhere in the world so worrying about smart phones seems irrelevant to me. Those with nothing to hide have nothing to fear. My reference to “peace” was in the form of advice to you to give yourself some peace from worrying about things you can’t control or influence. You seem to be obsessed with access to your computers via back doors, tracking your internet use, following your movements on a phone, and polluting your cyberspace. I think it gives you a bad time while most of us seem to manage to have enjoyable on-line experiences without all the anxiety you project, but it’s up to you. All I am saying is that, as we get older, we don’t need all this fretful overload of suspicion and distrust. In my opinion, the simple life is the better one.

I support your invocation of the observation attributed inconclusively to Edmund Burke that “the only thing necessary for the triumph of evil is that good men do nothing”. I am sure you [like most of us] have done many good things in your life, Duncan, and need have no fear of misjudgment at the appointed hour, so you do not have to keep going at full tilt wearing yourself to a frazzle for ever and a day. You are allowed to take it easy and give yourself some peace.

Member

Both your replies sound reasonable to me John thats all I want even-handedness. I have never known peace in my life John its a stranger to me , only twice as a kid I had a “dream visitation ” afterwards I had peace for three days . Even in my old age there is still a fire burning through me , I shouldn’t be alive from the things that have happened to me .

Member

Which? do not seem to examine these topics critically and help any of us with expert advice. Maybe they do not have the capability.

I won’t touch open banking (well not now), simply because I do not see the need for it. I can quite happily control my own finances, helped by personal accounting software..

I’ve just had a 32 pp colour booklet (presumably 700 000 others have also) from Which? entitled “Planning for your family’s future”. I have not read it from cover to cover, but it mostly deals with financial matters and products. However, nowhere I can I find any information on keeping track of finances (whether paper or software based) nor on everyday budgeting.

I would really like Which? to spend some time and expertise in helping people look after their money for themselves. Another booklet? Or even paid-for software. Before they look at indulging in new banking initiatives people should learn how to keep track of all their finances, and how to set up and monitor a personal budget. Is this too much to ask?

Member

I passed my booklet onto a friend but I cannot recall any advice on avoiding an unauthorised overdraft. That would have been useful. The booklet had a couple of pointers that I found helpful, however.

Member

Hi Malcolm. This guest post from Barclays is intended to discuss open banking more broadly. However, our Which? Money team does have a guide on the subject that you can find here:

https://www.which.co.uk/money/banking/switching-your-bank/open-banking-sharing-your-financial-data-anscq4g8p62h

This goes into more detail around its uses, security etc. This explanation of Open Banking standards should also be useful: https://www.openbanking.org.uk/providers/standards/

Member

@gmartin, Hello George. I did read the Which? guide when it was first put online but as far as I am concerned it does not adequately explain the real advantages – if there are any – to a customer when they give such wide access to their data. There is nothing in it that convinces me to use it, or how I would benefit, when other secure and private methods to track my information are available.

The main point I was making was that in my view, rather than promote another financial product that is subject to questions about its usefulness and its security, Which? could look at providing, or pointing to, ways that people good get a better grip on their own finances without involving data sharing with 3rd parties. Personal financial software does this, and although this has been reviewed, there could be more encouragement for people to use it to control their money.

I think we – Which? – should press for the banks to issue basic software to individuals to help them track all their money and accounts, personally not through a system that involves a number of 3rd parties. I also think that they could devise home budgeting software to help people control their spending.

I see no reason why Which?, with its expertise, could not also look at cooperating with this. You did produce an income tax calculator if I remember rightly, and maybe you could get BBA cooperation and funding to help the cause.

Member

Thanks Malcolm. I’ll pass all this on to Chiara (the author of the guide) to find out if the Money team has any plans to further advise on personal finances.

Member

@gmartin, Thanks George. I hope we’ll hear back from Chiara or yourself as to whether Which? sees this as worthwhile.

Member

It would be useful to hear from those with experience of Open Banking.

After a few years of using a contactless card without losing money I’m now happy with using it routinely and it removes the possibility that someone could see me entering my PIN in a busy shop etc.

On the other hand I was a fairly late adopter of online banking because the terms and conditions were highly technical and not really fair for the consumer, at least according to friends who worked in computer science. Once they were revised and written in terms I could understood I adopted online banking.

I’m not yet ready for phone payment systems because I don’t know enough to be sure that they are secure.

Member

I must say, given the number of data breaches that have occured, I find it difficult enough to trust my own bank with my data. The idea of trusting third parties is preposterous.

Member

I’d like a clear and rational explanation of exactly what great advantage Open Banking could be to a potential private customer. So far those I have seen have waffled on but not made any kind of convincing case. Perhaps someone here can tell me why I must join in?

Member

It’s a bit like the desperate marketing for smart meters and virtual assistants, isn’t it? A solution looking for a problem.

Member

So, would any of the Which team use “Open Banking.” ? It does seem to be like someone’s good idea looking for a purpose, rather than an essential service that we should all use. I don’t see any reason to “Open Bank”. since I like to keep my finances simple and I know what I’ve got, where it is, what I’ve spent and what’s left. My finances are private, for obvious reasons, and the idea of sharing them with others seems absurd. What are they going to do with the information and why do they need to know what I spend, save and earn? The opening introduction is somewhat vague in its description. I don’t have any difficulty accessing accounts, bill paying -by various means – is straight forward and that’s it. If I want financial advice I seek it in a place I choose and divulge the information necessary for that transaction. I can’t speak for those with complicated accounts or those who have loaded credit cards to pay off, and, maybe a helping hand could do some good there. For me, I am about as mystified now as I was before I read this page and intend to remain so.

Member

To demystify you Vynor here is the “right on ” -you know it makes “sense”-less – we can help you – your money is “safe ” (in our hands ) – god is with us -so must you be – dont be a “loser ” -be “with it ” and all the other “Americanisms ” you can think of to DISTRIBUTE your money into profit for third party businesses. Notice its only the really rich who can afford off-shore entities helped by City lawyers and City accountants and this “initiative” is NOT aimed at them as they are not so stupid -so for you Vynor –get with the Programmme https://thefinancialbrand.com/58913/open-banking-standard-api-regulation-fintech/ This is part ONE part 2 tells the truth.

Member

I have been reading up more on this in the USA and malcolm I know you are “big “on Standards –guess what APi,s DONT have Standards and there are so many holes in it that bedroom hackers will have a field day and Which is going to be inundated with complaints of –my data has been stolen and I lost £50,000 . Even the official organisations arent sure of it but because the USA is pushing it HMG does the same -WHY because the City/Britain is the Banker for the USA and the USA is the Military anyway read https://diginomica.com/2018/03/02/psd2-and-the-api-challenge-for-open-banking/ part 2 still to come. You think your data in banks is only looked at by ONE bank – not so read this Canadian banking app for banks – P***d enables API applications to connect with users bank accounts https://plaid.com/

Member

I would never use Open Banking, its totally unsafe and unsecure!

Member
DerekP says:
6 July 2018

It is good to hear that this won’t be compulsory. I think that’s all I need to know.

Member
Patrick Taylor says:
6 July 2018

“your holistic spending and saving” *

holistic
həʊˈlɪstɪk,hɒˈlɪstɪk/
adjective
adjective: holistic

Philosophy
characterized by the belief that the parts of something are intimately interconnected and explicable only by reference to the whole.
Medicine
characterized by the treatment of the whole person, taking into account mental and social factors, rather than just the symptoms of a disease.

As many of you are aware there are people who for various reasons cannot control their money. This may be tied to manic-depression, an inability to deal with numbers, or infirmity. If the banks wish to provide holistic solutions to help humans deal with finance I suggest that they look at the disadvantaged section of their customers rather than those few with multiple accounts and savings.

Would I use it. No never because having multiple bodies with access to your data does not seem to provide any benefit to me. That the financial sector will have a better picture of my dealings is not actually a reason to sign up. Quite the reverse.

csoonline.com/article/3268111/application-security/5-myths-of-api-security.html

Member

Glad to know I dont have what “some ” thought I have -manic depression Patrick as I dont conform to the psychiatric diagnose you say is a characteristic of its symptoms . Never “mind” something else will turn up–I am sure it will .

Member

Entirely relevant to this convo– Google and Mastercard have “teemed up ” to track your purchases using Mastercard cards so that Google can hit you with adverts or “re-direct you ” to its advantage , its been going on for a while (secretly ) . Read Bloomberg.com https://www.bloomberg.com/news/articles/2018-08-30/google-and-mastercard-cut-a-secret-ad-deal-to-track-retail-sales I thank god I have nothing “Google ” on my PC not even apps or part of apps , nor Amazon nor Microsoft I spent a good while running down every programme and app it took a while , I would rather lose an app than allow the worlds biggest commercial tracker to track me , you would be surprised in what technical areas of your system Google has infiltrated. Read the full story.