Open Banking is no longer a “will it, won’t it happen”. It’s a reality.
For those businesses looking to hit the ground running with Open Banking there are two options.
1. Spend the next 12 months building API connections to every bank, build a customer consent flow, make sense of the data you can access and then decide how and where you’re going to use it to add value for your customers. Or,
2. Engage an Open Banking partner that’s already created the Open Banking connections and tools to deploy the data instantly into your business to add value for your customers.
If you want to realise the value of Open Banking quickly, then engaging an expert partner may be the best way to go, but as Open Banking is so new, it’s important to make sure you’re asking the right questions of any prospective partner.
Any business that enables customers to share their financial information or make payments through Open Banking APIs has to be regulated by the FCA and authorised as an Account Information Service Provider (AISP), a Payment Information Service Provider (PISP) or both.
AISPs are authorised to get a customers consent to connect to their bank account on a read-only basis and use that financial information to provide a service.
PISPs are authorised to get a customers consent to connect to their bank account on a write basis and initiate payments on the customer’s behalf directly from their bank account.
Most providers will reference their FCA registration number on their website, however, it’s sensible to double check this yourself by searching for the business name in the FCA Open Banking register. If their business is FCA regulated they will appear in this list of firmsauthorised for Open Banking. The register will also state if they’re registered as an AISP or PISP.
If the business isn’t regulated by the FCA or authorised as an AISP or PISP then they aren’t authorised to provide a service using the Open Banking APIs built and maintained by the banks, they may be selling you a solution which relies on screen scraping instead.
Screen scraping isn’t Open Banking
Open Banking APIs are a purpose built and regulated technology solution that allows individuals and SMEs to securely share the financial information from their accounts with businesses they trust.
Alternative technologies for sharing bank account information are available, but these solutions are not purpose built by the banks, are not maintained by the banks and are not regulated. These technologies are often termed “Screen Scraping” as the data is collected by emulating the customer logging into their account and then “scraping” the account information.
In order to screen scrape, customers need to supply their full online banking login details to a third party. That third party then uses that information to access their online bank account and digitally ‘scrape’ financial information direct from the account. This method of collecting a person’s financial information has some very obvious security issues associated with disclosing your full bank credentials to a third party. Some banks deem the use of these solutions to be a breach of their customers’ terms and conditions meaning that the customer has no recourse or protection in the event their credentials are used maliciously.
As a result of this risk to consumers, from September 2019 these solutions will not be permitted.1.
Open Banking uses dedicated API endpoints that have been built by the banks to allow people to securely share their financial information. The account owner needs to give permission before that information is shared and they don’t need to provide any of their account login details to a third party. They simply log in to their bank as usual.
With GDPR coming into force in May 2018 (that’s next month!), any consent journey needs to comply with all of the upcoming changes to data protection regulation to protect consumers. This means that the customer needs to give their explicit consent for their information to be accessed, clearly understand what the information is being accessed for, by who and for how long.
But just being compliant is not enough. The consent journey will have to provide an intuitive user experience that helps build trust with your customers and provides a clear value exchange and incentive for your customer to share their information with you. It’s not enough to be able to technically build an Open Banking consent journey, even one that’s GDPR compliant, if it’s a scary or unpleasant experience or not clear to the customer what they get in return, then unfortunately very few of your customers will complete it.
If you tick off these checkpoints, you’ve found an Open Banking partner worth pursuing.
If you would like to see how OpenWrks ticks off everything on this list and more, or to see a demo of our Open Banking solutions, get in touch with us at firstname.lastname@example.org.