/ Money

Will open banking open new possibilities?

24
Open banking
Profile photo of Jamie Thunder Jamie Thunder Senior Policy Advisor
Comments 24

In January 2018, a new law comes into effect that could open up banking forever. But what is it, how will it work – and should you be worried?

Following comments asking us about our views on open banking in a recent convo, we thought we’d share our most recent policy points on the subject.

Not so long ago, I had four current accounts with four different banks: one as my main account, one to manage the bills in the house share I lived in, and two that I used as savings accounts because they offered better interest rates.

It was a bit of a nightmare. I had four different usernames, four different passwords, an array of secret questions and ‘memorable information’. And anytime I wanted to move money from one account to the other I had to find the debit card and the reader, or the little number pad, and remember how on earth to use it. If only I’d lived in 2018.

Open Banking

From January next year, thanks to the Second Payment Services Directive (PSD2), every provider of a ‘payment account’ will have to provide a way for third parties to access data about the account and to make payments from it (although you don’t have to give anyone access if you’re uneasy). This could be to show your spending in different ways to help you budget and plan, to ‘aggregate’ your accounts in a single place, or to automatically divert money to a savings account.

This could have all sorts of benefits, including helping people better manage their finances, and even potentially improving competition in banking, by reducing the ‘hassle factor’ of holding a current account and a savings account with different institutions.

Services that do these sorts of things already exist but their take-up is quite low. This is partly because to use them you have to provide your bank login details and the service provider logs in as if they’re you (sometimes called ‘screen-scraping’). This understandably feels far too risky for many people, and it’s also against many, if not all banks’ T&Cs, so you risk being treated as ‘grossly negligent’ if you later need to make a fraud claim.

Open banking means banks have to offer an application programming interface (API) for these third parties – basically a separate ‘door’ to the account through which they’ll access, rather than impersonate you. And to go through that door they will need three things: to be authorised by the Financial Conduct Authority (and your bank has to check this when giving access); to have your consent to see or use the information; and for you to prove to your bank it’s you authorising the access (probably by logging in).

This is a much safer way for a third party to access the information in your account, and it could lead to the development of all sorts of innovative services (including beyond financial services). For example, you might get an app that alerts you if you don’t have enough money to meet an expected payment, or notices if your energy bill seems high this month. These could be from new financial technology companies, established banks, or even companies such as Facebook or Google.

Unanswered questions

One main barrier to this market developing – and a potential risk for consumers – is undoubtedly data security. Although it’s much safer than giving your login details out, hackers might target these third parties to try to get at your financial details or even make payments, and it’s vital that you’re able to trust these third parties to have a high level of security.

We’ll be watching closely to make sure that regulators are taking this seriously as they authorise and monitor this market, and that consumers are protected and have access to redress if things do go wrong.

Relatedly, it’s still possible that screen-scraping will be allowed to continue as a backup, in case banks’ interfaces fail. This is unacceptable on security grounds, and also risks damaging consumer confidence in a way that chokes off the market and its possible benefits altogether.

We’re also concerned that payments made by third parties could be bank transfers – and if there’s more of those, there are more payments for which you’re inadequately protected in the event you’re tricked into paying a fraudster.

But if these concerns can be addressed, we think open banking could deliver huge benefits to consumers. And, if nothing else, it’ll be nice to know that the next generation of financially savvy house sharers don’t have to go through the same experience I did.

Will you be using open banking?

No (51%, 92 Votes)

I'll wait and see (39%, 70 Votes)

Yes (10%, 18 Votes)

Total Voters: 180

Loading ... Loading ...

Would you use an open banking service? What sorts of ways can you imagine these services being useful to you? What questions or concerns do you have that might stop you using something like this?

Comments
24
Ian says:
13 October 2017

It’s an interesting concept and there’s a definitive paper regarding API security here. Among some of the issues raised are those tied directly to the quality of API programming: transactions that are secure in isolation become insecure in combination, whether because of application syntax, feature interaction, slow information leakage or concurrency problems. So I would tend to treat it as I would a major OS upgrade: wait for quite a while to see how they deal with the bugs.

2
 |     Reply    Report
Share   
malcolm r says:
13 October 2017

My concern, being over-cautious, is in giving data to third parties that can be misused or hacked, and I can only rely on others to assess the reliability of these “third parties”.

However, at a personal level, I see no need for this and by handing over control of your finances, some detriment in losing the hands-on knowledge of how they stand. I operate two current accounts, one little used. Transferring money to and from a savings account is simple and quick. I have no difficulty with the relevant passwords nor log-ins. By recording transactions I know where I stand financially at any moment and, if something unexpected arises, know how best to deal with it.

For those who cannot be bothered to record and monitor their financial affairs this may well be a solution. I’d rather keep control of mine.

12
 |     Reply    Report
Share   
duncan lucas says:
14 October 2017

Has somebody taken leave of their senses ??? Another Third-party access I think I am wasting my time on Which warning posters of the dangers in this type of exercise introduced by big business to gather up your details for third party exploration . Safe ??? if you believe that then god help this world . As long as this is not forced on us then I wont be using it , another business idea from Tory Party Central Office I wonder who lobbied and who got the money ?

7
 |     Reply    Report
Share   
Hide replies ∧
Ian says:
14 October 2017

I suspect that horse has well and truly bolted, Duncan, with the introduction of the Direct Debit authority. If I’m right, this is only the 21st C implementation of the same idea.

-2
 |     Reply    Report
Share   
John Ward says:
23 November 2017

I think you credit the Conservative Party with far more intelligence and influence than it warrants, Duncan. I think this one comes straight from the banking industry and some of its parasitic affiliates.

I can’t see it doing me any favours. What increasingly astonishes me in this digital world is how easily people accept that they need constant ‘minding’ from a software application or a digital personal assistant. The surest way to make the population go completely doolally is to substitute a moronic piece of apparatus for the use of their grey cells and the occasional pencil and paper. It started with the whistling kettle and we’ve gone downhill ever since.

0
 |     Reply    Report
Share   
John Ward says:
23 November 2017

Fair point, Ian, but DD’s are managed entirely by the banks concerned without the involvement of third parties. Plus there is a cast iron Direct Debit guarantee.

1
 |     Reply    Report
Share   
evertonboy says:
16 October 2017

Another unnecessary service, being promoted as a service we need and such an innovation is not only good for us but we need it and must want it.
Sorry but 21st century tech or not this is a item we do not need, should not use, will never be 100% safe. People themselves need to take responsibility for controlling their finances, and only you should be the one to monitor and decide on it.
Giving over to this type of system is totally unnecessary, unwarranted and unwelcome in my opinion.

6
 |     Reply    Report
Share   
malcolm r says:
17 October 2017

Today I’ve received the (first) letter from one of my banks telling me about “open banking”. I really do not see any real advantages (for me, anyway).

Part 1:

It explains “a new way to pay”. It says, when you pay an online retailer
“Today: opt to pay by debit/credit card or Paypal —– online retailer’s bank makes request——debit/credit card company or Paypal processes payment—–money leaves your account”

From 13 Jan 2018: “Opt to pay directly from your bank account——-online retailer requests payment from your account——-your bank asks you to type in some security details to give your consent—–bank sens payment directly to online retailer”

So where is the benefit for me? I might prefer to use a credit card to delay payment but, if I use a debit card, funds will still go from my account. I don’t bother with Paypal.

3
 |     Reply    Report
Share   
Hide replies ∧
wavechange says:
17 October 2017

I buy many small items from small companies, mainly through eBay. The most recent purchase was 50 polytop nails for £2.85 including postage. I don’t fancy giving an unheard of company my card details, so I pay by PayPal. There is rarely more than £100 in my PayPal account.

2
 |     Reply    Report
Share   
malcolm r says:
17 October 2017

Today I’ve received the (first) letter from one of my banks telling me about “open banking”. I really do not see any real advantages (for me, anyway).

Part 2: New ways to view and manage your account

Today; Your computer/device——–log in to account A, account B, or account C etc—–to access your account A, B, or C etc

From 13 Jan 2018: Sign up for a service—-confirm what information you want to share with the service—–give your consent by typing in some of your security details—–log in to the service and view data from different accounts and organisations all in one place”.

That sounds useful, but at the risk of disclosing sensitive information to third parties. I use MSMoney, update it whenever I use an account, it lists all forthcoming income and bills so know where I stand. I don’t need a third party to handle this for me.

Maybe the banks should give away a common money-management app that does the same?

0
 |     Reply    Report
Share   
michaelharfoot@yahoo.co.uk says:
18 October 2017

In Hong Kong they are introducing something similar but far more stringent and if the customer declines to sign his/her account then the account is suspended and access to it is denied. HSBC are making its customers pay for the US$1.2billion it received for helping its high rollers launder their drug money, so the mass of “poor” customers are required to pay the price. I’m tempted to go back to the old-fashioned “under the mattress” way of managing my money.

1
 |     Reply    Report
Share   
dave3 says:
29 October 2017

Sounds like another step towards governments doing away with cash and also being able to more easily remove money from our accounts against our will, should they so wish. With such account aggregation, I bet there’ll be some small print that allows government to view the details, “if necessary”. I certainly wouldn’t trust them with this additional power / ability to control.
Use this ‘service’ at your peril.

1
 |     Reply    Report
Share   
Hide replies ∧
duncan lucas says:
29 October 2017

Dave3 I predicted that a year ago -your right Once the banks have 100 % control of your ( their ) money they have this country in the palm of their hands , Don’t obey us -no money- dont like the government-no money- scared Britain will comply – pacified without lifting a finger. Political control from big Banks IMF etc. Buy gold – 10 carat or above – revert to Gold Standard – cut borrowing by the government , live within our means In any case US global economists predict a big Collapse . Check out US debt as of NOW .Both the UK/USA print more even more money . Banks aren’t stupid they are now buying up business’s/properties/ land instead of worthless bonds.

0
 |     Reply    Report
Share   
Not paranoid just careful says:
29 October 2017

My online bank invited me to allow them to share information. Obviously I said “NO!” but inviting me to share is very different from what I just read about banks having to share if I ask them to. I never asked them to!

0
 |     Reply    Report
Share   
Hide replies ∧
duncan lucas says:
29 October 2017

Quite right definitely NOT paranoid . I got one too contacted my bank to protest. Its part of the big banks UK drive for globalisation scheme , or should I say dogma to “open up ” OFFICIALLY your account to the world. Don’t listen to the sly jargon , they don’t care a hoot who sees your data , US financial centres are hacked constantly and if you allow this US conglomerates will have all your data . They might have it unofficially but then you could sue them if things go wrong . Don’t believe the line “safe in our hands ” -bull ! Its not going to stop I said a long time ago globalisation was here to stay and I think HMG will actually enforce it on the British population in the one-sided US/UK “trade” deals ( for the City ).

0
 |     Reply    Report
Share   
Nick White says:
18 November 2017

PSD2 is the EU’s Payment Services Directive. Thus being members of the EU, the UK are obligated to this change. It’s conceptually a fine idea but the practice is likely to be awful. If the APIs are not implemented well, then they could leak account details of accounts either side of one that has permission. People impersonating the account holder and giving permission for a Third Party to have access..etc….. Smartphone access will require an Android or iPhone based device, none of the others or dumb phones are likely to work. Called my credit card company and the responses to my questions over security and access were non-existent. I will be requesting a list of current third party able to access my account. I did confirm that their debt management agency and credit checking agencies have access. That probably includes Equifax who have recently been hacked in the US but affects UK accounts. Government agencies will only need to request access to one account in order to get a full perspective of your finances. In their written communications, the companies should be listing who currently as third parties have access to your accounts and if none they should state none. I would expect this to be regularly checked. I asked the credit card company what checks and balances they had on security and there was no answer. It’s only two months away with Christmas and New Year in the way. Totally unconvinced. I would welcome an outline from Which on what to include in a letter to these folk, in order to protect ourselves from their possible incompetence.

0
 |     Reply    Report
Share   
Stubbles says:
22 November 2017

So all of your account details linked to one app on a mobile device which could be lost or stolen ! I don’t think so. These apps will be a window in to you account and the provider will be able to see how much money you’ve got (or not got). You can be sure it will only be a matter of time before this means targeted advertising of savings rates, loans and overdrafts, especially if the app providers is someone like Facebook. It could in theory at least even mean personalised pricing if the government don’t rule it out.

On a separate note, having more than one bank account can be a bit of a fiddle but is not actually difficult, so it’s hard to see why a Which? Senior Policy Advisor is struggling with it especially as Which? regularly promote having more than one account and moving money around them to gain the best interest rates.

1
 |     Reply    Report
Share   
Hide replies ∧
Jamie Thunder says:
22 November 2017

Hi Stubbles,

You’re right that security is the big issue here – although bear in mind that if your phone was stolen and a thief managed to make a payment using Open Banking, that would be an unauthorised transaction (so you should be able to get your money back). That’s far from the only concern, of course, but you’ll have protection in that scenario.

One of the main points about Open Banking is that it could mean all sorts of things – some of which might be good for consumers and some not. We’ll be keeping a close eye on how Open Banking providers are using the service, including promotions, and we’re looking more generally at things like personalised pricing as well.

As for my difficulty with multiple accounts, my point was that it’s a hassle rather than being difficult exactly. We’re certainly in favour of people taking advantage of the rates different accounts offer (as I was doing) – but having to keep multiple passwords, usernames, customer numbers etc, all of which might have different length or character requirements, makes it a pain, especially if you need to log in regularly. I might work for Which?, but I’m only human! 😉

0
 |     Reply    Report
Share   
malcolm r says:
22 November 2017

We have a number of accounts – 2 current and a number of savings. Keep a record of the relevant log-in details somewhere secure and it really is no hassle. The current accounts are the only ones regularly accessed. Life is now all about logging in – whether to your bank(s), energy company, Amazon, M&S payments, council tax, Which?….Which? Convo…….. Something we have to come to terms with.

0
 |     Reply    Report
Share   
Hugo says:
22 November 2017

No thanks have we taken leave of our senses! Those who are experts in committing bank fraud must be rubbing their hands with glee at these proposals.

1
 |     Reply    Report
Share   
sue says:
29 December 2017

If your current account and/or savings accounts do not require use of the internet then you will not have a problem. Just be a Luddite !

0
 |     Reply    Report
Share   
Hide replies ∧
duncan lucas says:
29 December 2017

Sue – meet Lucas the confirmed-dyed in the wool -the real deal-the sure thing-guaranteed for life – no bull-Luddite – glory be that I am one , I fall on my knees and thank God for His mercies my address- Luddite village-by-the-sea- 1 Luddite gardens-by way of the Primrose lined Luddite Lane – -1LDD-LD2

0
 |     Reply    Report
Share   
David says:
29 December 2017

Which?’s job is to examine all the options, all the providers, and make recommendations. I look forward to reading them soon.

0
 |     Reply    Report
Share   
David R says:
14 January 2018

No. I will not be joining open banking. It is not to my benefit for other people to know anything about what my finances are or how I spend my money.

0
 |     Reply    Report
Share   
 

Related discussions