There has been recent press covering screen-scraping scams and how these scams could target individuals and businesses. There is a better answer to these concerns than restraining your data. In addition to warning customers to be vigilant of bad actors, our financial institutions would do well to support the development of an Open Finance environment. Under Open Finance, we have control over our financial data and who can see it and use it to help us. The promise of Open Finance is that if our financial data is shareable in a safe and ethical manner, it could add significant value to our lives.
This wave of regulatory change, already in the UK and Europe, is making its way to South Africa, as seen by recent consultation papers from the Financial Services Conduct Authority (FSCA) and Reserve Bank. Open Finance enables safe and easy data sharing through standardising technology that has existed for some time.
Application Programming Interfaces (APIs) — software that allows different systems to talk to each other — allow financial institutions to securely share our data, with consent, with approved third parties. Approved third-party companies can use this data to create customer value by developing innovative products and services.
Screen-scraping — a technique whereby a third party logs into a customer’s banking profile as if it is the customer — has arisen out of the need to create an environment that Open Finance itself seeks to create. Screen-scraping is the available alternative given that financial institutions have typically not developed these APIs to share data in an elegant manner.
Some financial institutions have used their dominance to argue that screen-scraping provides third parties with uncontrolled access and that bad actors may commit fraud. These claims may be to obstruct competition, when, in practice, no local cases of screen-scraping fraud have been shared.
In its recent consultation paper on open finance, the FSCA acknowledges that “screen-scraping, when practised by responsible parties, is a usable mechanism for data access with good control for security and operational risk”. The Reserve Bank also proposes facilitated screen-scraping “as a fallback mechanism when open APIs are inaccessible”.
Locally, 22seven and three major SA banks partnered with one of the most reputable data aggregators in the world to collect financial data via screen-scraping. Since its inception in 2012, 22seven has not had a reported instance of fraud or financial crime.
While we wait for Open Finance, our financial institutions should engage with each other and third-party companies to preserve a safe environment for sharing data. It will benefit us all.
- Jikku Joseph – Managing Director at 22seven