Open banking rules come into force on Saturday, when the big banks have to hand control over financial data back to consumers. These ambitious plans could transform the way we manage our money, but is open banking safe?
Hoping to encourage innovation and improve services, the Competition and Markets Authority (CMA) has told the nine largest banks in the UK to make it possible for customers to share their current account data with third parties, should they wish to do so.
This initiative aligns with wider plans being implemented across Europe under the second Payment Services Directive (PSD2).
The Open banking deadline is set for 13 January, although only Allied Irish Bank, Danske, Lloyds Banking Group and Nationwide are ready. Five of the nine banks (Bank of Ireland, Barclays, HSBC, RBS and Santander) have been given more time to comply with the new rules.
Here, we explain:
- What is open banking?
- What will open banking look like?
- Do I have to share my data?
- Is open banking secure?
- What protections are in place?
- What are the risks of open banking?
What is open banking?
The CMA is pushing for open banking to increase competition in the current account market and ultimately help consumers make better financial decisions – by forcing banks to open up customer data such as transaction history and spending habits.
It’s likely to get off to a slow start and awareness is low – Which? recently revealed that 92% of the public have never heard of open banking – but the first examples might be smartphone or tablet apps that link all of your current accounts in one place, giving you a clearer picture of your finances.
Initially, open banking only applies to personal and small business current accounts but there are plans to extend it to all online products with a payments facility over the next few years (e.g. e-wallets and credit cards).
Loan accounts and mortgages could be added at a later date but there are no firm plans at present.
Open banking also makes it possible for regulated firms to make payments directly from a bank account, without you needing to enter your card details or use a third party such as PayPal.
What could open banking look like in the future?
Eventually, these reforms could pave the way for a single platform providing one point of access to all of your financial accounts, with any number of apps able to ‘plug in’ and offer you highly personalised services.
For example, apps might be able to move money between your accounts to help you avoid charges, or spot trends in your spending to help you save money and find cheaper suppliers for all your household bills.
What if I don’t want to share my data?
You decide who you share your information with, and nothing happens without your explicit consent. If you don’t want to share your data, you don’t have to.
Importantly, you can also revoke consent at any time. If you give a firm permission to access your current account data and later change your mind, it should take little more than a few clicks to withdraw consent.
Is open banking secure?
Cyberattacks such as the Equifax data breach have made consumers understandably wary of giving anyone access to their personal or financial data.
However, open banking does provide important safeguards – not least because you don’t have to hand over your banking login details.
Broadly speaking there are two ways to share your data:
- Most of the personal finance apps on the market, such as Bud, Chip, Moneyhub and Yolt, have had to rely on screen-scraping. This means they ask for you usernames and passwords so that they can log in posing as you, and read the data presented.
- This comes with additional risks – sharing login details with a third party has previously invalidated your bank’s terms, and it could also leave you vulnerable to malicious attacks from fraudsters posing as legitimate firms. You should check that any third party you share your details with is trustworthy and authorised to offer the services.
- Open banking is different because it uses APIs, or application programming interfaces. As well as being less clunky and prone to errors, APIs don’t need your login details to communicate. Instead, this technology enables digital systems to ‘talk’ to each other directly, for example, APIs let you book Uber via Google Maps, or sign up for Tinder using your Facebook profile.
What other protections are in place?
The nine largest banks – the CMA9 – have been told to build standard APIs so that current account data can be shared in a secure and consistent way.
The open banking APIs use a central directory which allows your bank to check that the third-party requesting access is who they say they are.
All of the firms enrolled on this directory must comply with data protection laws and be appropriately regulated.
You can also check the Financial Services Register to find out what services a firm is authorised to provide. From 13 January, you can look for reference to:
- Account information sharing e.g. budgeting apps and price comparison sites that let you view accounts from multiple providers in one place.
- Payment initiation e.g. retailers that let you pay directly out of your bank account, as an alternative to using a third party such as a Visa debit card or PayPal.
What are the risks of open banking?
Current account data contains highly sensitive information so there is always some risk to sharing this type of information.
It’s also important to note that although all banks must allow third parties access to your data (with your consent), it’s only the CMA9 that need to provide that access through the open banking APIs.
For a while at least, it’s likely that third parties will have to use a combination of open banking (for current account data) and screen-scraping (for non-current account data such as credit card transactions).
If this is the case, they should make the distinction crystal clear. And if you’re asked to hand over login details, you should be confident that the firm you’re dealing with is trustworthy and authorised to provide the services on offer.
It will probably take many months for open banking to get underway in a meaningful way, but criminals are likely to see this shake-up as an opportunity so be on your guard for any unsolicited emails or phone calls asking you to share your data or transfer money.
For more details on the benefits as well as the risks, read our full guide to open banking.