Is new banking revolution a fraudster’s charter?
That’s the fear as new rules let you share your bank passwords and spending habits with other firms. Follow our essential guide to keep your money safe . . .
is ‘less safe’ and makes you more vulnerable to fraud. This is because under Open Banking you don’t need to disclose log-in details, the company formally requests encrypted data from your bank. If the firm is not part of Open Banking, it will log in to your account posing as you and copy whatever data it finds — this is known as ‘screen scraping’. Banks have updated their terms and conditions to spell out that they may not reimburse you should something go wrong in this instance. Nationwide says that if you give your details to an unregistered firm it will ‘not be responsible for any losses you suffer as a result of misuse or disclosure of information about your account by that third party’. Brian Brown, head of insight at data analysts Defaqto, says: ‘Anyone thinking of sharing their log-in details with an unregistered third party needs to read the terms and conditions very carefully. ‘Banks will not take responsibility if something goes wrong when you gave the third party permission to take funds from your account.
‘As far as they’ll be concerned, they will have just done as you’ve told them to, so if something goes wrong you could be left seriously out of pocket.’
If the company is registered by the FCA and you notice a payment you didn’t authorise, you should be able to claim back the money from your bank — providing you haven’t been negligent with your account details. If the third party was at fault, your bank will reclaim the money from that organisation.
Some banks are also suggesting to customers that it is up to you to check the firm is registered before handing over your details.
You can check this on the Financial Services Register, at fca.org.uk/firms/financial-servicesregister. However, it may take up to 18 months for some firms to register — and you will not be protected in the meantime.
If you have a problem with a registered third party that will not rectify the issue, you can complain to the Financial Ombudsman by calling 0800 023 4567. If you are concerned by how the firm uses your data, you can report the incident to the Information Commissioners Office.
A spokeswoman for Lloyds Banking Group says: ‘Open Banking is safest where your log-in details won’t be shared with third parties. If our customers have been victims of fraud we always review the specific circumstances, looking at each on a case-by-case basis.’
WILL MY DATA STAY PROTECTED?
THIS so-called banking revolution has already been described as a fraudster’s charter.
Your bank account transactions alone can tell someone where you live, work, shop, whether you are religious, if you belong to a trade union, what political party you support, who provides your mortgage, credit card and utilities . . . the list goes on.
If all — or any — of this information falls into the wrong hands, it could be used to steal your identity or raid your account. By knowing so much about you it will also be far easier for fraudsters to trick you into handing over more information at a later date or to carry out a scam.
Experts are concerned that with so many firms contacting customers about changes to their terms and conditions and offering new services, fraudsters will seize the opportunity to try to trick you into handing over your details. They have also warned that fraudsters may set up fake open webpages that mirror legitimate sites. Others fear dishonest firms could bury traps in the small print, leaving customers more exposed than they realise.
Mr Brown, of Defaqto, says: ‘We will pore over the terms and conditions of any new app or service launched to ensure there are no hidden catches in the small print.
‘Customers must be careful to keep track of to whom they have given access to their information.’
Then there is the question of how secure your data will be once you’ve handed it over.
Even major firms such as Equifax and TalkTalk are not immune to cyber attacks. So if you’re sharing your sensitive data, you need to be sure you trust the firm to guard it well.
Howard Davies, chairman of RBS, has said the bank is not confident its customers’ data will be protected from hackers when shared with third parties.
You should also be sure that the service offered merits the risk of handing over your details — and isn’t just a money-making scheme for the company.
Gareth Shaw, money expert at Which?, says: ‘Open Banking has the potential to offer consumers more control of their finances and boost choice, but it also comes with potential risks around data privacy and security.
‘Regulators and industry must ensure that customers are properly protected from data breaches and scams, which is vital if consumers are to use these services with confidence and trust.’
Imran Gulamhuseinwala of the Open Banking Implementation Entity, which was set up by the Competitions And Markets Authority to oversee the Open Banking roll- out, says: ‘This is a remarkable project. If we get it right, we will, for the first time anywhere in the world, put the customer in control of their data, their privacy and their finances.
‘The Open Banking system is built with rigorously tested software and security systems that enable customers to share access safely and securely.
‘This can only happen with a customer’s explicit permission (and with full understanding of how, for how long and for what purpose this data will be used).
‘ In the event of fraudulent payments, banks are required to reimburse the customer. They are further protected by data protection laws and have full recourse to the Financial Ombudsman.’
A spokeswoman for the FCA says: ‘Before you use one of these services be alert, and make sure you are confident that any organisations you share your information with are who they say they are. You should make sure that you understand the service and that you are happy with who will be providing it to you.’
AMAJOR revolution in banking took place at the weekend — but you probably won ’t have noticed.
Under new laws, you can now ask your current account provider to share details of your income, spending habits and debts with third-party internet companies. You are also now allowed to hand over your password and log -in details to these firms.
The idea is that the third party can save you money by helping you budget or shop around for cheap deals. But banks are already warning that some customers could be left out of pocket if they fall victim to fraud.
Our guide to this new system, which is called Open Banking explains everything you need to know about the shake -up — and shows the dangers of handing over the keys to your banking secrets. ,
WHAT’S THIS REVOLUTION ABOUT?
UNDER new rules introduced at the weekend, banks can share information about your current account and spending habits with other companies. This includes whether you pay for your bank account, the size of your overdraft and details of any transactions and direct debits.
Who gets access to this information is completely up to you.
It might be that you want a price comparison website to help you find a new bank account with a better overdraft, or a budgeting app to track your spending.
But whatever it is, you must give explicit permission to your bank to share your details — and you can withdraw consent at any time.
Over the next 18 months, the rules will be extended to allow firms to share information about credit cards, prepaid cards and ‘e-wallets’ such as PayPal and Apple Pay.
WHY SHOULD I HAND OVER MY DETAILS?
THE competition watchdog wants banks to do more to fight for our business. Its research shows that just 3 pc of people switch current accounts in a year.
By forcing banks to share your data in a standardised, secure way , it hopes it will be easier for customers to see better deals and boost competition in the market.
Only the largest nine current account providers — Allied Irish Bank, Bank of Ireland, Barclays, Danske Bank, HSBC, Lloyds Banking Group, Nationwide, RBS Group and Santander — are required to share your data when asked, but others are expected to sign up voluntarily.
However, despite the new rules taking effect last Saturday , only three of the nine — Allied Irish Bank, Danske Bank and Lloyds — are ready to start sharing data.
The rest have been given an extension to update their systems. Most should be ready by March.
HOW WILL AN APP TRACK MY MONEY?
IF YOU are on a company’s mailing list you may soon get requests for you to share information. Or when signing up for a new mobile phone app or applying for a new account or loan there may be a box to tick allowing access.
Only customers with an online banking account will be able to share details.
If you bank online and you give a third party permission to access your account information, they should spell out how they intend to use the details and how long they need access to them.
When taking out a loan, the company would likely need to see a snapshot of your current account only once to assess if you can afford the repayments. But if you sign up to a budgeting app, it will need ongoing access to your data to monitor your spending.
If you decide to go ahead, you will be directed to your bank or building society’s online banking log-in page, where you will need to sign in and confirm that you are giving your permission. Y our encrypted data will then be sent to the company. You do not need to share your online banking log-in details or passwords.
You will have to give permission to each company with which you want to share your information — it is not a matter of turning on a general data-sharing button.
As long as you don ’ t give permission via your online banking, your data will not be shared. If you get unsolicited requests, you should report them.
After 90 days, each firm will need to request permission again to continue using your data.
You can change your mind at any time and tell your bank to stop sharing your information, or you can cancel with the firm directly.
Only firms registered with the City watchdog , the Financial Conduct A uthority, ( or the European equivalent) can use the Open Banking system to access your data like this.
ARE THERE ANY PERKS TO IT?
EXPERTS hope there will be a wave of clever new budgeting apps which let you see all your financial information — current accounts, credit cards and savings accounts — in one place.
With access to your transaction information they could tell you where to make savings by reduc - ing your overdraft charges, credit card interest or loan repayments.
They could alert you when you’re about to go into the red and move money from a savings account.
Price comparison websites could use the information to help you find cheaper broadband and energy deals and give a more accurate idea of potential savings.
Three banks, one of which is First Direct, are understood to be developing similar tools to adver - tise deals on household bills that should appeal specifically to you.
Some firms, such as lender Zopa, plan to use the new rules to speed up loan applications. Instead of having to send off bank statements in the post to prove your income, you’ll be able to simply click a button to share your current account information.
In this way it could also speed up affordability checks for mortgage applications.
Retailers are expected to work with banks so that when shopping online you may be able to see your bank account balance on screen at the checkout. You can also ask an app to take a payment directly from your account — so you may no longer need a debit or credit card when spending online.
But none of it can be tested as the banks and technology firms have yet to launch their new apps and services.
CAN I KEEP MY PASSWORDS SAFE?
UNDER separate EU rules, called the Payment Services Directive, you are now also allowed to share online banking log- in details and passwords with third parties — such as money management apps — that are not registered under the UK’s Open Banking.
Previously, banks considered sharing usernames and passwords to be a breach of their terms and conditions, so you struggled to get your money back if you fell victim to fraud.
Yet even though it is no longer prohibited, banks say it is still risky and they still will not be responsible for any losses you suffer as a result.
On its website, Lloyds says sharing log-on details with firms working outside of Open Banking