Open banking: How safe is it?


Harriet Holmes

AML Services Manager

image close up of a person's hands using their phone against a dark background

Designed with security at its heart - open banking technology is safe to use. However, misinformation is leaving consumers concerned and confused as to what data can be accessed and how it is used. Below, we dispel these misconceptions and explore how open banking is working to keep consumer data safe and protect firms against fraud and anti-money laundering. 

Misconceptions surrounding open banking

When it comes to open banking, it is paramount that consumers are made aware that their data is safe, particularly due to the sensitive nature of the information being accessed. Without this information being communicated, hesitancy and misconceptions begin to surface, often leading consumers to go down the traditional, paper route.However, sending information via email or post poses a higher risk, where statements may be tampered with or incepted in transit. Open banking reduces the risk of any data breaches as a result of hacking, poor security or insider threats.

Consumers are often misinformed that open banking provides more data or information, leading them to view it as invasive. When in reality, open banking allows you to share the minimum data necessary for the product or service you want to use through a secure digital process.

If a firm is authorised, it can only access data needed for the service that a consumer has provided authority for – so a consumer only grants permission for a provider to look at one current account with one bank. Then the provider is limited. It wouldn't be possible to look at a credit card held with the same bank unless the consumer gave express permission.

Plus, all providers must comply with data protection rules, including GDPR.

How do I know my data is safe?

So what can you to do ensure your data is safe? If you are a consumer, a practical step is to check that the provider requesting permission to use open banking is authorised before permitting them to view your data, which you can do by visiting the FCA Register or the Open Banking Directory. In addition to this, providers should also take steps to ensure they are informing consumers on their website or app if it's authorised, along with their unique registration number.

As an example, here is what Thirdfort sends out:

Thirdfort Limited is registered in England with Company No. 10757456 and VAT registered VAT No. 281589466. Registered office: Belle House, Platform 1 Victoria Station, London SW1V 1JT. Website disclaimer. Thirdfort Limited is authorised and regulated by the Financial Conduct Authority under the Payment Services Regulation 2017 to provide payment services (firm reference number 806236). Thirdfort Limited is registered with the Information Commissioner’s Office under registration number ZA292762 for the purposes of the protection of data.

Watch out! Some providers may not be registered with the FCA. If this is the case, it is important to appreciate this comes with an increased risk. In these situations, consumers will not be afforded the same protection against fraud – if a consumer loses money, their bank may not pay out.

But it doesn’t end there, here are four more ways in which open banking is working to keep consumer data safe and protect firms against fraud and anti-money laundering.

  1. Secure data access and transmission: open banking uses proven and secure technology. Consumers will never be asked to give access to their bank login details, PINs or passwords to anyone other than their own bank or building society. 

    Thirdfort will never see or store any consumer credentials.

  2. Consumer-led access: the consumer chooses when, with whom, and for how long they have access to the data. Their data, their way.

  3. One source of truth: open banking enables a one-source truth of data; it allows multiple accounts to be linked together. It ensures that the financial records are genuine and obtained independently, directly from the source.

  4.  Extra protection: the consumer bank or building society will normally refund money if unauthorised payments are made. This is only applicable if the service utilises open banking for payments.

The functionality and data Thirdfort access cannot be used to make payments. 

Consumers can validate and find more information on open banking independently.
Money Helper, Money Saving Expert, the Financial Conduct Authority and Which?

Subscribe to our newsletter

Subscribe to our monthly newsletter for recaps and recordings of our webinars, invitations for upcoming events and curated industry news. We’ll also send our guide to Digital ID Verification as a welcome gift.

Our Privacy Policy sets out how the personal data collected from you will be processed by us.