What’s the difference between open banking and screen scraping?

Open banking allows companies other than your bank and building society permission to access your accounts through a secure set of technologies and standards without the need to actively share your account details.

Screen scraping, also known as direct access, allows companies other than your bank access to your financial transaction data by logging into digital portals on your behalf. But unlike open banking, you have to actively provide them with your account details.

Open banking pros and cons

Open banking was introduced in 2018 as a result of the Competition and Market Authority (CMA) requirement for the UK's nine largest banks to 'open up' their customers' financial data with the consent of customers.

This was requested so that approved, regulated third parties such as budgeting and savings apps could access this data in a secure and standardised way.

How does open banking work?

Every page on the internet is stored somewhere on a remote server, and each time you visit a page on the web, you interact with the API (Application Programming Interface) of a company’s remote server - this is the machine that tells the webpage to load on your computer screen.

Open banking is based on companies sharing APIs, which means you can now complete several tasks in one place on the same screen or application, instead of logging in or visiting a different website to perform a different task.

Open banking apps, such as Money Dashboard, allow you to view all of your accounts with different banks in one place (eg current accounts, savings accounts, credit cards, etc).

It’s aimed at encouraging innovation and improving services in the market, which will lead to better products to help consumers better manage their finances.

In practice, it’s hoped this will allow you to better analyse your in and outgoings, and in turn better manage your money.

What are the benefits of open banking?

One key benefit of open banking is that you’ll be able to let apps access your data without actually having to hand over your login details to anyone.

You know exactly what information is being shared with each company and can revoke access easily.

Visit the Which? Money website for more information on open banking.

What are my rights if something goes wrong?

Banks have to make your financial data available to approved third parties in a standardised format (known as an ‘open API’) – but must get your permission before sharing.

Apps that want to access your data through an open banking API must be registered with the Financial Conduct Authority (FCA) and join the Open Banking Directory.

This means the banks have responsibility for actioning their customers’ requests and keeping data secure.

But despite banks doing everything to be as secure as they can, they are not immune to data breaches, website crashes or persistent attempts by hackers to infiltrate their systems.

If something goes wrong and you’re unhappy with the service provided, complain to your bank or financial provider.

It must give you its final response within 15 days of you making a complaint.

If you’re unhappy with the response, you can complain to the Financial Ombudsman Service (FOS) - also referred to as the financial ombudsman.

The financial ombudsman can get involved when the 15-day timeframe is up – or earlier, if you consent to it.

Pros and cons of screen scraping

Screen scraping is a process of handing over your bank login details to an app so it can access your transactional data directly from your account.

How does screen scraping aka direct access work?

It works by allowing third parties to access bank accounts by essentially 'impersonating' the customer.

This has raised consumer protection concerns that the third party could in theory access all of an individual's financial data, not just that required for the particular transaction.

There haven't been any known breaches that Which? is aware of, but screen scraping is being phased out as a result of these concerns and in a bid to tighten up and improve the process, security and data of customers. 

This means all money-saving and budgeting apps will be moving towards the same open banking technology and screen scraping will stop by the time the new Second Payment Services Directive (PSD2) regulations come into force from September 2019.

What are the benefits of screen scraping?

Some useful money-saving apps such as Plum, which is authorised and regulated by the Financial Conduct Authority, and even budgeting apps such as HSBC Connected, use this technology at the moment to help you save cash.

These apps retrieve the incoming and outgoing transactions in a user's bank account, which allows it to provide you with handy analysis and advice on your spending habits.

The technology is also used by lenders and accounting products to retrieve customers' financial data with their consent.  

For example, Plum uses its smart algorithm to analyse your spending and then, every few days, it will transfer money into your Plum savings according to your ‘savings mood’ which you can adjust at any time.

Plum has told Which? that it is already taking steps to adapt its technology to the connectivity methods required by PSD2, which come into force in September, and is getting ready to flick the switch to open-banking journeys.

Plum says that it is engaging with the banks, regulators and customers and plans move to open banking as soon as it can see an improved customer experience across all banks.

What are my rights if something goes wrong?

The question of who accepts liability if a transaction is compromised is unclear at the moment.

This is because screen scraping often requires the customer to provide their login details.

So, by providing a third party with your login details, you’re granting them permission to access your bank account to perform the service you approved of.

Screen scraping technologies will be as secure as possible to the extent companies are able to implement them. 

For example, Plum told Which? it uses symmetric cryptography and password algorithms to encrypt sensitive data and performs regular system tests in order to probe its stability.

If you decide to use a third-party app that uses screen-scraping technology, it’s really important that you trust them to have access to your accounts.

So, you should always carefully consider whether you’re prepared to accept any associated risks of providing your financial data to third parties.

Use several sources to check out the company:

  • What's their Trust Pilot score? 
  • What are people saying about the company on social media platforms such as Facebook and Twitter?
  • What have trusted publications and sites such as Which? said about the company?
  • Ask them what their processes are - are you happy with the answers they give?

Sensitive information such as online banking details are more at risk of becoming compromised once it has been passed onto a third party.

Banks are not obliged to return any money if you’ve given a third party provider your login details.

Under the new regulations, if something goes wrong and you’re unhappy with the service provided, you'll be able to complain to the bank or financial provider.

It must give you its final response within 15 days of you complaining to them and if you’re unhappy with the response, you can complain to the Financial Ombudsman Service (FOS).

The financial ombudsman can get involved when the 15-day timeframe is up – or earlier, if you consent to it.

Please tell us what you think of the Which? Consumer Rights website.

Your feedback is vital in helping us improve this site. All data will be treated confidentially. This survey will take approximately 5 minutes to complete.

Please take our survey so we can improve our website for you and others like you.