ASIC & ACCC: Screen scraping is a valid method of data sharing
Both ASIC and the ACCC have stated that they will not be banning ‘screen scraping.’
Understanding access to consumer consented financial data
With the Consumer Data Right (CDR) and open banking set to be rolled out in July, everyone is looking to CDR legislation to deliver an open banking regime. The reality is, that “open banking” and the use of consumer data to provide better financial products and services has been in practice long before the notion of a Consumer Data Right in Australia.
Whilst CDR legislation provides the mechanism and consumer protections to support ‘open data’, it is not the only enabler of fintech innovation. Innovative financial products and services, whether it be budgeting apps or better online banking experiences, are already widely available and adopted thanks to digital data capture services.
Despite this, news on the Consumer Data Right has led to drastic calls by major financial institutions to ban the practice of screen scraping. Aside from the obvious competition that fintechs pose for major banks, part of the debate behind calls for a ban is that screen scraping traditionally carries negative connotations when it comes to data privacy and security.
The case for screen scraping
To clarify this debate, it is important to note that screen scraping technology has evolved and from a security standpoint, there is little difference between using APIs as opposed to direct data capture methods. Both encrypt traffic over a HTTPS connection and both require an exchange of information for a token to complete the authentication process (login/pass vs API key) – meaning they are almost identical in nature.
ASIC’s update to RG209 actually recognises digital data capture as a secure and effective method for data sharing – to achieve responsible lending. Mortgages and other large personal loans may no longer be subject to ASIC’s responsible lending obligations but this does not change the fact that screen scraping is a recognised method of data sharing by regulatory bodies.
The advantage of Open Banking APIs
Rather than security, the main advantage of using open banking APIs is that the data received would be more structured thus reducing time-to-development (especially when retrieving data from multiple financial institutions). It would also provide prescribed guidance on handling of data and reduce the potential of misinterpretation.
There are numerous reasons a ban on screen scraping would simply not work. According to EY’s 2019 Fintech Australia Census, Australia’s fintech adoption rate sits at 58 per cent. A ban would not only disrupt Australia’s fintech industry, it would also impact the many consumers that rely on their products and services in everyday life. Additionally, uncertainty remains over many aspects of CDR, such as the participation timeline for non-major ADIs and how access to API data will be phased. In relation to phased API access, there will be a period of transition where digital data capture services are needed to supplement API derived data. Many Fintechs will require more than just product reference data from major banks (to be made available on July 1) to carry out business as usual.
Editor’s note: Since writing, the disclosure deadline for product reference data has been delayed to the 31st of January, 2021.
The other limitation is that the CDR allows consumers to select which individual accounts they’d like to share with an accredited third party. Although the ability for a consumer to be in full control of the data they’re sharing is welcomed, it does have the unintended consequence of allowing consumers to engage in dishonest practices. For example, an individual may choose to omit credit card and other loan accounts when applying for a home loan. In these cases, digital data capture services can be used to return a holistic view of the individuals accounts and ownership.
Whilst practices like screen scraping could eventually be made redundant under a matured CDR regime, digital data capture services remain an important and necessary part of fintech innovation in the interim. At Basiq, we are working in alignment with CDR legislation as it is being updated. Our stance is that, rather than calling for a screen scraping ban, it is much more constructive to discuss how fintechs will transition from digital data capture methods to using open banking APIs. We recognise that the CDR is still in its infancy and it is important that the perspectives of the fintech community and consumers shape the application of the CDR in banking.