What is Open Banking?

How secure is Open Banking?

Chapter 4

Open Banking is very secure. Essentially as secure as your online banking. 

The Open Banking API endpoints have been built by the banks themselves and have been put through extensive testing by both the banks and a number of authorised and regulated third-parties like OpenWrks.

Not only does Open Banking exist within the banks established and highly secure technology platforms, the APIs themselves provide a highly secure way to transfer data. You, as the customer and owner of your data, are the only person who can authorise any connection between your bank and a regulated third party. It means you never have to share your bank login details with anyone, just use them to log in to your online banking as normal. From within your online banking, you can easily control what data you share, with who, for how long and for what reason.

“An example of Open Banking in action.

If you have ever bought a house, you will know the huge amount of information you have to provide to get a mortgage. Bank statements, payslips, utility bills, credit card bills, the list goes on and worse of all you have to provide all of this information as physical documents. Mortgage providers use all of this information to verify your identity, understand what financial commitments you already have and what other things you spend your money on so they can ensure that a mortgage is affordable for you.

With Open Banking you could grant permission for a mortgage provider to securely access your bank account online at the touch of a button. The mortgage provider could then verify your identity, assess your affordability and give you a decision on a mortgage in hours, not days or weeks. You don’t have to find, print and send in paper documents and wait for that information to be analysed before a decision can be made.

It is these types of processes and more that Open Banking can revolutionise. Making clunky and outdated financial services simple, slick and personalised to our specific needs.


Which businesses can use Open Banking?

Only highly regulated and authorised businesses will be able to make use of Open Banking. The businesses that are allowed to use Open Banking APIs, like OpenWrks, are all listed on the FCA’s Open Banking directory. In order to get listed, businesses need to go through a stringent assessment by the FCA and have systems, processes and security standards in place that are as robust as a bank. 

To remain authorised, a business will undergo ongoing FCA auditing, regular security checks and will have to adhere to all of the guidance highlighted by the CMA.    

Top tips to steer clear of fraudulent businesses

You should always be aware of fraudulent businesses that could use different techniques to gain access to bank accounts. Here are two things you should always check to ensure you’re using an authorised and regulated third party.

  1. Always check that the third-party you’re sharing your data with is FCA authorised. This means that they are regulated by the Financial Conduct Authority, who check that the business is working to a high financial security standard. You can do this by searching for their company in the FCA register.
  2. When you transfer your data using an Open Banking API, you should always be redirected to your banks website to log in to your online banking. Take the time to check that the website you’ve landed on, is definitely your account providers website and is secure. 

You should never be asked by anyone other than your bank to supply any of your online banking details such as usernames, passwords, ID numbers or memorable words. 

Who are the FCA?

The FCA stands for Financial Conduct Authority. The FCA is an independent entity and works to ensure that consumers get a fair deal. To do this they regulate all businesses within the financial services industry to ensure that they’re all working to a high standard.

 What do the FCA regulate?

Any third party provider that is authorised by the FCA to use Open Banking connections have had their business plan, risks, budgets, resources, systems, controls and staff independently reviewed. The FCA hold all financial businesses in the UK to the same standards.

“How to search for a regulated business in the FCA register

To check whether a third party is FCA regulated you’ll need to search for a business within the FCA register.

Let’s use OpenWrks as an example.

Firstly, go to the FCA register. It’s here you’ll be able to search the name of the business you’re considering using an Open Banking connection with. Enter the name of the business into the search bar and click ‘Search the Register’.

In the example of OpenWrks, you’d input ‘OpenWrks’.

You’ll then be presented with our status and reference number along with information on regulators, permissions and trading/brand names.

For OpenWrks, because it is a trading name of our limited business Business Finance Technology Group, you’ll be presented with this page. In the ‘Trading/ brand names’ drop down you’ll find reference to OpenWrks.

If you’re unable to find the business you’re looking for within the FCA register, firstly check that you’ve spelt the name correctly. Secondly, if you can find their FCA number on their website try searching for that. But if you still can’t find the business then they aren’t regulated by the FCA and you should not go through an Open Banking connection with that business.   


Dangers of screen scraping

Before Open Banking was implemented, and still to this day, some financial services firms have been using ‘screen scraping’ to start providing their customers with some of the financial tools that Open Banking will unlock.

This way of accessing financial data leaves people vulnerable to fraud as they need to supply the service provider with all of their online banking login details, so that provider can log into the customers account and scrape the data.  

The FCA and bank account providers do not condone the use of screen scraping technology to provide financial services or tools and in 2019 the use of screen scraping will be banned in the United Kingdom.

Chapter 1

Who's who?

Everything you need to know about Open Banking.

Chapter 2

How we got here

Way back in 2013 The Competition and Markets Authority (CMA) started a review of the UK retail banking industry and financial...

Chapter 3

Who are the participating banks

9 UK based banks were ordered to create Open Banking APIs. These participating banks are referred to as the CMA9.

Chapter 4

How secure is Open Banking?

Open Banking is very secure - as secure as your online banking. The Open Banking API endpoints have been built by the banks...

Chapter 5

What data will be shared?

The information that you choose to share through Open Banking will vary depending on the service that you want to receive.

Chapter 6

How do I provide or remove permissions?

Your online banking is the only place where you can control who has permission to see your bank account and for what purpose.

Chapter 7

What does AISP & PISP mean?

To be fully authorised through PSD2 to use the Open Banking APIs businesses have to be registered as either an AISP or PISP.

Chapter 8

Quickfire Open Banking FAQs

All your questions answered in our quick fire Open Banking FAQs.

Chapter 9

Open Banking jargon dictionary

Our Open Banking jargon dictionary has been put together to translate acronyms and keywords into simple terms.