Open Data, Explained
Open financial data should be easy to understand and
accessible to everyone. That's why we created this open data dictionary
highlighting the terms you need to know, in plain English.
Screen scraping involves a third party logging into a bank’s app or website on the customer’s behalf, retrieving information or initiating a payment.
There are only two techniques to establish a connection to a bank and retrieve financial data or complete transactions via a bank account. Either an application programming interface (API) is used, or screen scraping.
The use of screen scraping has enabled data to be exposed, compromising the security of the user. Open Banking APIs have no such risks. Banks and consumers therefore have more control over the data retrieved, sharing only what is necessary for the third-party service. Customers do not need to share their credentials with the third party, thus risking losing them in the event of a cyber security breach.
Furthermore, Open Banking APIs are transparent when it comes to the consumer, enabling an individual to grant or revoke access to their data. The third-party provider does not need to receive access to the consumer’s login details when these APIs are used.
Screen scraping works by allowing a third party to access a customer’s bank account using the customer login credentials. Those credentials are then stored by the third party, which means they can scrape the data from the bank account and use this information just like the customer would, whenever required.
Screen scraping isn’t a secure method for accessing data. When a third party accesses the user’s bank account, they can view everything as the consumer would, and have the ability to interact with the financial data as if they were the consumer.
The European Commission prohibits the use of screen scraping, as does the Finacnial Conduct Authority in the UK. It is currently unregulated in Australia and the Government has indicated it intends to introduce legislation to phase out the practice over time.
Security is at the core of Open Banking, and everything has been built with maximum security in mind. This applies to everything from the APIs to all related data handling.
Open Banking has implemented strong customer authentication and consent management features to ensure security.
Wych has integrated robust security features that can protect businesses including bank level security. We ensure bank-grade security is in place to protect customers and their sensitive information. We encrypt data at rest and in transit using minimum 2048-bit encryption. We do not use screen scraping.
Any companies receiving data must demonstrate their security and be accredited by the ACCC before receiving any data. When asking to access this data, companies must also inform consumers how and for how long it will be used.