/ Money

Will open banking open new possibilities?

Open banking

In January 2018, a new law comes into effect that could open up banking forever. But what is it, how will it work – and should you be worried?

Following comments asking us about our views on open banking in a recent convo, we thought we’d share our most recent policy points on the subject.

Not so long ago, I had four current accounts with four different banks: one as my main account, one to manage the bills in the house share I lived in, and two that I used as savings accounts because they offered better interest rates.

It was a bit of a nightmare. I had four different usernames, four different passwords, an array of secret questions and ‘memorable information’. And anytime I wanted to move money from one account to the other I had to find the debit card and the reader, or the little number pad, and remember how on earth to use it. If only I’d lived in 2018.

Open Banking

From January next year, thanks to the Second Payment Services Directive (PSD2), every provider of a ‘payment account’ will have to provide a way for third parties to access data about the account and to make payments from it (although you don’t have to give anyone access if you’re uneasy). This could be to show your spending in different ways to help you budget and plan, to ‘aggregate’ your accounts in a single place, or to automatically divert money to a savings account.

This could have all sorts of benefits, including helping people better manage their finances, and even potentially improving competition in banking, by reducing the ‘hassle factor’ of holding a current account and a savings account with different institutions.

Services that do these sorts of things already exist but their take-up is quite low. This is partly because to use them you have to provide your bank login details and the service provider logs in as if they’re you (sometimes called ‘screen-scraping’). This understandably feels far too risky for many people, and it’s also against many, if not all banks’ T&Cs, so you risk being treated as ‘grossly negligent’ if you later need to make a fraud claim.

Open banking means banks have to offer an application programming interface (API) for these third parties – basically a separate ‘door’ to the account through which they’ll access, rather than impersonate you. And to go through that door they will need three things: to be authorised by the Financial Conduct Authority (and your bank has to check this when giving access); to have your consent to see or use the information; and for you to prove to your bank it’s you authorising the access (probably by logging in).

This is a much safer way for a third party to access the information in your account, and it could lead to the development of all sorts of innovative services (including beyond financial services). For example, you might get an app that alerts you if you don’t have enough money to meet an expected payment, or notices if your energy bill seems high this month. These could be from new financial technology companies, established banks, or even companies such as Facebook or Google.

Unanswered questions

One main barrier to this market developing – and a potential risk for consumers – is undoubtedly data security. Although it’s much safer than giving your login details out, hackers might target these third parties to try to get at your financial details or even make payments, and it’s vital that you’re able to trust these third parties to have a high level of security.

We’ll be watching closely to make sure that regulators are taking this seriously as they authorise and monitor this market, and that consumers are protected and have access to redress if things do go wrong.

Relatedly, it’s still possible that screen-scraping will be allowed to continue as a backup, in case banks’ interfaces fail. This is unacceptable on security grounds, and also risks damaging consumer confidence in a way that chokes off the market and its possible benefits altogether.

We’re also concerned that payments made by third parties could be bank transfers – and if there’s more of those, there are more payments for which you’re inadequately protected in the event you’re tricked into paying a fraudster.

But if these concerns can be addressed, we think open banking could deliver huge benefits to consumers. And, if nothing else, it’ll be nice to know that the next generation of financially savvy house sharers don’t have to go through the same experience I did.

Will you be using open banking?

No (51%, 92 Votes)

I'll wait and see (39%, 70 Votes)

Yes (10%, 18 Votes)

Total Voters: 180

Loading ... Loading ...

Would you use an open banking service? What sorts of ways can you imagine these services being useful to you? What questions or concerns do you have that might stop you using something like this?


It’s an interesting concept and there’s a definitive paper regarding API security here. Among some of the issues raised are those tied directly to the quality of API programming: transactions that are secure in isolation become insecure in combination, whether because of application syntax, feature interaction, slow information leakage or concurrency problems. So I would tend to treat it as I would a major OS upgrade: wait for quite a while to see how they deal with the bugs.

My concern, being over-cautious, is in giving data to third parties that can be misused or hacked, and I can only rely on others to assess the reliability of these “third parties”.

However, at a personal level, I see no need for this and by handing over control of your finances, some detriment in losing the hands-on knowledge of how they stand. I operate two current accounts, one little used. Transferring money to and from a savings account is simple and quick. I have no difficulty with the relevant passwords nor log-ins. By recording transactions I know where I stand financially at any moment and, if something unexpected arises, know how best to deal with it.

For those who cannot be bothered to record and monitor their financial affairs this may well be a solution. I’d rather keep control of mine.

This comment was removed at the request of the user

I suspect that horse has well and truly bolted, Duncan, with the introduction of the Direct Debit authority. If I’m right, this is only the 21st C implementation of the same idea.

I think you credit the Conservative Party with far more intelligence and influence than it warrants, Duncan. I think this one comes straight from the banking industry and some of its parasitic affiliates.

I can’t see it doing me any favours. What increasingly astonishes me in this digital world is how easily people accept that they need constant ‘minding’ from a software application or a digital personal assistant. The surest way to make the population go completely doolally is to substitute a moronic piece of apparatus for the use of their grey cells and the occasional pencil and paper. It started with the whistling kettle and we’ve gone downhill ever since.

Fair point, Ian, but DD’s are managed entirely by the banks concerned without the involvement of third parties. Plus there is a cast iron Direct Debit guarantee.

Another unnecessary service, being promoted as a service we need and such an innovation is not only good for us but we need it and must want it.
Sorry but 21st century tech or not this is a item we do not need, should not use, will never be 100% safe. People themselves need to take responsibility for controlling their finances, and only you should be the one to monitor and decide on it.
Giving over to this type of system is totally unnecessary, unwarranted and unwelcome in my opinion.

Today I’ve received the (first) letter from one of my banks telling me about “open banking”. I really do not see any real advantages (for me, anyway).

Part 1:

It explains “a new way to pay”. It says, when you pay an online retailer
“Today: opt to pay by debit/credit card or Paypal —– online retailer’s bank makes request——debit/credit card company or Paypal processes payment—–money leaves your account”

From 13 Jan 2018: “Opt to pay directly from your bank account——-online retailer requests payment from your account——-your bank asks you to type in some security details to give your consent—–bank sens payment directly to online retailer”

So where is the benefit for me? I might prefer to use a credit card to delay payment but, if I use a debit card, funds will still go from my account. I don’t bother with Paypal.

I buy many small items from small companies, mainly through eBay. The most recent purchase was 50 polytop nails for £2.85 including postage. I don’t fancy giving an unheard of company my card details, so I pay by PayPal. There is rarely more than £100 in my PayPal account.

Today I’ve received the (first) letter from one of my banks telling me about “open banking”. I really do not see any real advantages (for me, anyway).

Part 2: New ways to view and manage your account

Today; Your computer/device——–log in to account A, account B, or account C etc—–to access your account A, B, or C etc

From 13 Jan 2018: Sign up for a service—-confirm what information you want to share with the service—–give your consent by typing in some of your security details—–log in to the service and view data from different accounts and organisations all in one place”.

That sounds useful, but at the risk of disclosing sensitive information to third parties. I use MSMoney, update it whenever I use an account, it lists all forthcoming income and bills so know where I stand. I don’t need a third party to handle this for me.

Maybe the banks should give away a common money-management app that does the same?

In Hong Kong they are introducing something similar but far more stringent and if the customer declines to sign his/her account then the account is suspended and access to it is denied. HSBC are making its customers pay for the US$1.2billion it received for helping its high rollers launder their drug money, so the mass of “poor” customers are required to pay the price. I’m tempted to go back to the old-fashioned “under the mattress” way of managing my money.

Sounds like another step towards governments doing away with cash and also being able to more easily remove money from our accounts against our will, should they so wish. With such account aggregation, I bet there’ll be some small print that allows government to view the details, “if necessary”. I certainly wouldn’t trust them with this additional power / ability to control.
Use this ‘service’ at your peril.

This comment was removed at the request of the user

My online bank invited me to allow them to share information. Obviously I said “NO!” but inviting me to share is very different from what I just read about banks having to share if I ask them to. I never asked them to!

This comment was removed at the request of the user

Nick White says:
18 November 2017

PSD2 is the EU’s Payment Services Directive. Thus being members of the EU, the UK are obligated to this change. It’s conceptually a fine idea but the practice is likely to be awful. If the APIs are not implemented well, then they could leak account details of accounts either side of one that has permission. People impersonating the account holder and giving permission for a Third Party to have access..etc….. Smartphone access will require an Android or iPhone based device, none of the others or dumb phones are likely to work. Called my credit card company and the responses to my questions over security and access were non-existent. I will be requesting a list of current third party able to access my account. I did confirm that their debt management agency and credit checking agencies have access. That probably includes Equifax who have recently been hacked in the US but affects UK accounts. Government agencies will only need to request access to one account in order to get a full perspective of your finances. In their written communications, the companies should be listing who currently as third parties have access to your accounts and if none they should state none. I would expect this to be regularly checked. I asked the credit card company what checks and balances they had on security and there was no answer. It’s only two months away with Christmas and New Year in the way. Totally unconvinced. I would welcome an outline from Which on what to include in a letter to these folk, in order to protect ourselves from their possible incompetence.

So all of your account details linked to one app on a mobile device which could be lost or stolen ! I don’t think so. These apps will be a window in to you account and the provider will be able to see how much money you’ve got (or not got). You can be sure it will only be a matter of time before this means targeted advertising of savings rates, loans and overdrafts, especially if the app providers is someone like Facebook. It could in theory at least even mean personalised pricing if the government don’t rule it out.

On a separate note, having more than one bank account can be a bit of a fiddle but is not actually difficult, so it’s hard to see why a Which? Senior Policy Advisor is struggling with it especially as Which? regularly promote having more than one account and moving money around them to gain the best interest rates.

We have a number of accounts – 2 current and a number of savings. Keep a record of the relevant log-in details somewhere secure and it really is no hassle. The current accounts are the only ones regularly accessed. Life is now all about logging in – whether to your bank(s), energy company, Amazon, M&S payments, council tax, Which?….Which? Convo…….. Something we have to come to terms with.

No thanks have we taken leave of our senses! Those who are experts in committing bank fraud must be rubbing their hands with glee at these proposals.

If your current account and/or savings accounts do not require use of the internet then you will not have a problem. Just be a Luddite !

This comment was removed at the request of the user

David says:
29 December 2017

Which?’s job is to examine all the options, all the providers, and make recommendations. I look forward to reading them soon.

David R says:
14 January 2018

No. I will not be joining open banking. It is not to my benefit for other people to know anything about what my finances are or how I spend my money.