This was published 4 years ago
'Very concerning correlation': CBA warns against 'screen scraping'
Banking giant Commonwealth Bank has warned that customers who hand over their banking password to other businesses, such as fintech firms, face a greater risk of falling victim to scams or fraud.
As a Senate committee considers a potential ban on a practice known as "screen scraping," which is used by some fintech firms, CBA has draw on its own data to highlight what it calls a "very concerning correlation."
Screen scraping occurs when a consumer gives their banking user name and password to a third party, such as a fintech firm, in order to access their data. Some lenders also use the technique to conduct credit checks.
CBA has been the most vocal of the major banks in opposing the practice, sparking accusations from some fintech firms that the banking giant is trying to stifle competition.
In a submission to a Senate inquiry into fintech being chaired by NSW Liberal Senator Andrew Bragg, CBA said customers with logins via an aggregator (those who used screen-scraping) were "two or more times more likely to experience fraud," which it called a "statistically significant" result.
CBA's group executive in charge of retail banking, Angus Sullivan, repeated the bank's view that sharing login details was not "safe," despite the counter claims of many fintech firms.
“It is impossible for us to say there’s definitely causality, but given the prevalence and given the risks inherent in password sharing... there’s clearly a very concerning correlation,” Mr Sullivan told journalists on Monday.
“Customers who have logins via aggregators... are more likely to experience fraud.”
Fintech firms have responded to concerns about the risks of screen-scraping by saying the technique provides "read only" access to accounts, not the ability to make payments. Consumer groups, on the other hand, have argued the practice is risky.
Fintech Australia's general manager, Rebecca Schot-Guppy, said this was the first the group had heard about CBA's data on the risks of screen scraping.
"There’s no data or proof out there that prove CBA’s claims around screen scraping. This claim hasn’t been surfaced to us in our myriad of discussions with the bank attempting to reconcile their position on this practice," she said.
"The fintech industry can only survive by putting customers first. Fintechs would not conduct screen scraping practices if they felt it put any of their customers at risk."
A data-sharing regime known as "open banking," due to commence around the middle of this year, should in theory ultimately negate the need for screen scraping, but fintech firms say "open banking" is in its early stages will not provide the data they get from screen scraping.
Mr Sullivan said the industry had invested about $500 million in open banking, and it was working “very intensely” to the deadline, which has already been delayed once. Mr Sullivan said he did not think the outbreak of coronavirus would change the timing of the launch of open banking.