Consumer Data Right FAQ: Is it safe to share data via Open Banking?
When it comes to questions about Open Banking, safety is a hot topic – just ask Google. Well, wonder no more! We have the answers to all your security and privacy concerns.
Sharing of banking data has been a service provided in Australia in an unregulated capacity for many years. Open Banking has formalised this capability via the Consumer Data Right (CDR) that is mandated and regulated by the Australian Government.
Let’s touch on some factors that contribute to the safety and security of CDR Open Banking for consumers.
Consumers have full control over their banking data
Consumers must provide explicit consent before their data is shared with third-party providers. They have the ability to choose what data is shared, for what purpose and for how long. They can also revoke consent at any time, giving them greater control over their information.
Strong authentication that does not include password sharing
Open Banking requires strong customer authentication to prevent unauthorised access. Unlike screen scraping it doesn’t involve customers sharing their online banking password, and instead uses some form of Multi Factor Authentication such as a mobile SMS or in app verification code.
Sharing data via secure banking APIs
Open Banking relies on secure Application Programming Interfaces (APIs) for data sharing between Data Holders (such as banks) and Data Recipients (such as third party apps). These APIs follow strict security specifications such as Financial-grade API (FAPI) and standards such as OAuth 2.0 and OpenID Connect to ensure data is transmitted securely.
Consumers are protected by strict privacy regulations
Open Banking operates under strict privacy regulations, including the Privacy Act 1988 and the Australian Privacy Principles. Data Holders and Data Recipients are required to handle consumer data responsibly, ensuring its confidentiality, integrity, and protection. They must have robust data protection measures in place to safeguard against breaches or unauthorised use.
Compliance is regulated by the ACCC
Open Banking in Australia is regulated by the Australian Competition and Consumer Commission (ACCC) and Office of the Australian Information Commissioner (OAIC). These regulatory bodies ensure that Data Holders and Data Recipients adhere to security standards and compliance requirements. Ongoing monitoring and auditing help identify any vulnerabilities or risks and ensure the safety of consumer data.
Ongoing Government commitment to security
Finally, the government is maintaining it’s investment in a safer digital future, this year’s Federal Budget included a further investment in the Consumer Data Right of $88.8 million over two years, with a focus on several areas including:
- cyber security improvements across all CDR agencies to reflect the evolving data landscape. This includes constant assessment and updates to the security standards adopted.
- expanding awareness of the CDR brand as a trusted, safer data-sharing model that allows consumers to easily identify CDR-enabled providers, products and services. Consumers will become more security aware when sharing their data and will be choosing CDR data share options over less secure alternatives.