Skip to content

Open banking and privacy: a new love story

Vitor Urbano
Written by

Last editedMay 20232 min read

What is open banking? 

Open banking allows you (the account holder) to share your banking data and make payments with third-party financial providers (TPPs) via application programming interfaces (APIs). Open banking unlocks more control and flexibility over your financial data, making it easier for you to manage, move and leverage personal funds. 

You can also learn more about open banking terms in our glossary here

What are the concerns?

Unless people are working for banks, fintechs or financial regulations, “just one in four people have heard of open banking”, according to a survey of 2,000 people by Splendid Unlimited, as reported by the Financial Times in 2019. A 2018 survey conducted by Which? indicated that 92% of the public doesn't know what open banking is or how it could affect them. 

How does open banking work and how can I use it?

The structure behind open banking is complex, relying on regulated technology developed by banks and fintechs. In simple terms, open banking lets you connect your bank account with a TPP. You can then share your bank account data so that the TPP can provide you with different products and services that might not be available with your bank. 

Making financial data available has kickstarted a revolution inside financial markets. Use cases are limited only by one’s imagination. We have seen companies implement open banking technologies in different ways:

  • Money transfer tools: offering faster and cheaper payments solutions

  • Personal finance: budgeting, savings tool, income & expense products

  • Consumer lending: consolidated credit history across your bank accounts 

  • Business lending: automated bank statement collection, financial health

  • Buy now pay later

Who is responsible for the safety of open banking? 

In the UK,  the Open Banking Implementation Entity (OBIE) is a body which is tasked with creating the Open Banking Standard. It enables banks and TPPs to create the technology to interact with each other. 

The OBIE Standard includes the Customer Experience Guidelines which provide practical guidance on the open banking customer journey and the OBIE specifications which serve as the technical blueprint. These are designed to support both banks and TPPs in their compliance with financial and privacy regulations. 

OBIE also provides a directory for TPPs and banks. You can always check how a company is regulated in the UK and what rights you have here. There is no similar body in the EU but you can still check the regulatory status of a company either using the EBA register or the national competent authority register in the relevant jurisdiction. 

Data sharing, privacy and choice

Open banking didn’t forget about privacy and security. Making your data flexible and accessible means it also needs to be protected. 

Strong Customer Authentication (SCA) was created to avoid unauthorised access to bank accounts and to verify user identity when making online transactions or accessing your account information. SCA also eliminates the need for bank login credentials sharing, protecting you further. 

This means that even though banks had to deliver this technology and make data available for use, only you can decide when to share your financial information and who to share it with. This ensures you are always in control. You can find out more about SCA and how it works in our guide

When you decide to use a 3rd party product and share your banking data, make sure you read the privacy notice to understand how your data will be used and what rights you have. 

Open banking is eliminating unsafe practices

Before open banking APIs were introduced, third-party providers (TPPs) could only access your bank account data through screen scraping, which greatly increased the risk of harm to your privacy and security.

Screen scraping meant that TPPs needed access to your log-in credentials, essentially impersonating you to access your bank account data. This was a less transparent use of people’s data, and it was putting people’s data at risk of cybercrime. Open banking enables you to only share the account data the TPP needs to perform their service, which limits the account data to only what is necessary. 

What is our role in open banking?

GoCardless is a regulated TPP and is able to access your bank account data. We have built connections to over 2,400 banks across the UK and the EU and along with our partners, or directly, we can use these connections to build a better product for you, the account holder.

Over 85,000 businesses use GoCardless to get paid on time. Learn more about how you can improve payment processing at your business today.

Get StartedLearn More
Interested in automating the way you get paid? GoCardless can help
Interested in automating the way you get paid? GoCardless can help

Interested in automating the way you get paid? GoCardless can help

Contact sales

Try a better way to collect payments, with GoCardless. It's free to get started.

Try a better way to collect payments

Learn moreSign up