Open banking and privacy: a new love story
Last editedMay 2023 2 min read
What is open banking?
Open banking allows you (the account holder) to share your banking data and make payments with third-party financial providers (TPPs) via application programming interfaces (APIs). Open banking unlocks more control and flexibility over your financial data, making it easier for you to manage, move and leverage personal funds.
You can also learn more about open banking terms in our glossary here.
What are the concerns?
Unless people are working for banks, fintechs or financial regulations, “just one in four people have heard of open banking”, according to a survey of 2,000 people by Splendid Unlimited, as reported by the Financial Times in 2019. A 2018 survey conducted by Which? indicated that 92% of the public doesn't know what open banking is or how it could affect them.
How does open banking work and how can I use it?
The structure behind open banking is complex, relying on regulated technology developed by banks and fintechs. In simple terms, open banking lets you connect your bank account with a TPP. You can then share your bank account data so that the TPP can provide you with different products and services that might not be available with your bank.
Making financial data available has kickstarted a revolution inside financial markets. Use cases are limited only by one’s imagination. We have seen companies implement open banking technologies in different ways:
Money transfer tools: offering faster and cheaper payments solutions
Personal finance: budgeting, savings tool, income & expense products
Consumer lending: consolidated credit history across your bank accounts
Business lending: automated bank statement collection, financial health
Buy now pay later
Who is responsible for the safety of open banking?
In the UK, the Open Banking Implementation Entity (OBIE) is a body which is tasked with creating the Open Banking Standard. It enables banks and TPPs to create the technology to interact with each other.
The OBIE Standard includes the Customer Experience Guidelines which provide practical guidance on the open banking customer journey and the OBIE specifications which serve as the technical blueprint. These are designed to support both banks and TPPs in their compliance with financial and privacy regulations.
OBIE also provides a directory for TPPs and banks. You can always check how a company is regulated in the UK and what rights you have here. There is no similar body in the EU but you can still check the regulatory status of a company either using the EBA register or the national competent authority register in the relevant jurisdiction.
Data sharing, privacy and choice
Open banking didn’t forget about privacy and security. Making your data flexible and accessible means it also needs to be protected.
Strong Customer Authentication (SCA) was created to avoid unauthorised access to bank accounts and to verify user identity when making online transactions or accessing your account information. SCA also eliminates the need for bank login credentials sharing, protecting you further.
This means that even though banks had to deliver this technology and make data available for use, only you can decide when to share your financial information and who to share it with. This ensures you are always in control. You can find out more about SCA and how it works in our guide.
When you decide to use a 3rd party product and share your banking data, make sure you read the privacy notice to understand how your data will be used and what rights you have.
Open banking is eliminating unsafe practices
Before open banking APIs were introduced, third-party providers (TPPs) could only access your bank account data through screen scraping, which greatly increased the risk of harm to your privacy and security.
Screen scraping meant that TPPs needed access to your log-in credentials, essentially impersonating you to access your bank account data. This was a less transparent use of people’s data, and it was putting people’s data at risk of cybercrime. Open banking enables you to only share the account data the TPP needs to perform their service, which limits the account data to only what is necessary.
What is our role in open banking?
GoCardless is a regulated TPP and is able to access your bank account data. We have built connections to over 2,400 banks across the UK and the EU and along with our partners, or directly, we can use these connections to build a better product for you, the account holder.