In January 2018, a new law comes into effect that could open up banking forever. But what is it, how will it work – and should you be worried?
Following comments asking us about our views on open banking in a recent convo, we thought we’d share our most recent policy points on the subject.
Not so long ago, I had four current accounts with four different banks: one as my main account, one to manage the bills in the house share I lived in, and two that I used as savings accounts because they offered better interest rates.
It was a bit of a nightmare. I had four different usernames, four different passwords, an array of secret questions and ‘memorable information’. And anytime I wanted to move money from one account to the other I had to find the debit card and the reader, or the little number pad, and remember how on earth to use it. If only I’d lived in 2018.
From January next year, thanks to the Second Payment Services Directive (PSD2), every provider of a ‘payment account’ will have to provide a way for third parties to access data about the account and to make payments from it (although you don’t have to give anyone access if you’re uneasy). This could be to show your spending in different ways to help you budget and plan, to ‘aggregate’ your accounts in a single place, or to automatically divert money to a savings account.
This could have all sorts of benefits, including helping people better manage their finances, and even potentially improving competition in banking, by reducing the ‘hassle factor’ of holding a current account and a savings account with different institutions.
Services that do these sorts of things already exist but their take-up is quite low. This is partly because to use them you have to provide your bank login details and the service provider logs in as if they’re you (sometimes called ‘screen-scraping’). This understandably feels far too risky for many people, and it’s also against many, if not all banks’ T&Cs, so you risk being treated as ‘grossly negligent’ if you later need to make a fraud claim.
Open banking means banks have to offer an application programming interface (API) for these third parties – basically a separate ‘door’ to the account through which they’ll access, rather than impersonate you. And to go through that door they will need three things: to be authorised by the Financial Conduct Authority (and your bank has to check this when giving access); to have your consent to see or use the information; and for you to prove to your bank it’s you authorising the access (probably by logging in).
This is a much safer way for a third party to access the information in your account, and it could lead to the development of all sorts of innovative services (including beyond financial services). For example, you might get an app that alerts you if you don’t have enough money to meet an expected payment, or notices if your energy bill seems high this month. These could be from new financial technology companies, established banks, or even companies such as Facebook or Google.
One main barrier to this market developing – and a potential risk for consumers – is undoubtedly data security. Although it’s much safer than giving your login details out, hackers might target these third parties to try to get at your financial details or even make payments, and it’s vital that you’re able to trust these third parties to have a high level of security.
We’ll be watching closely to make sure that regulators are taking this seriously as they authorise and monitor this market, and that consumers are protected and have access to redress if things do go wrong.
Relatedly, it’s still possible that screen-scraping will be allowed to continue as a backup, in case banks’ interfaces fail. This is unacceptable on security grounds, and also risks damaging consumer confidence in a way that chokes off the market and its possible benefits altogether.
We’re also concerned that payments made by third parties could be bank transfers – and if there’s more of those, there are more payments for which you’re inadequately protected in the event you’re tricked into paying a fraudster.
But if these concerns can be addressed, we think open banking could deliver huge benefits to consumers. And, if nothing else, it’ll be nice to know that the next generation of financially savvy house sharers don’t have to go through the same experience I did.
Would you use an open banking service? What sorts of ways can you imagine these services being useful to you? What questions or concerns do you have that might stop you using something like this?