According to fintech expert Jill Berry, consumers should err on the side of caution and be aware of the information third-party companies obtain when they bank online.
The digitization of banking services has added convenience to consumers through methods such as online transfers, bill payments, faster loan approvals and ease of data sharing, but what when asked to share your banking login information with a third party company, even one that is credible?
According to Berry, who is the CEO and co-founder of Adatree, there are several things people should look out for when banking online, and there are ways to protect data if people need to share their bank details.
“Screen scraping is a little-known term whereby a third party extracts or scrapes a customer’s digital data for various services using their leaked banking login credentials,” Berry says.
“Commonly used by personal budgeting apps, instant lenders, or payment services, an organization asks the user for their banking username and password, which they use to log in to access (scratch) the required information and sometimes even more,” she explains.
“The upside: making it easier for consumers to manage, compare, or switch banking products. But there are many downsides to what information these unethical data providers can access and how often without you. know.”
Berry says most people are looking for ways to save time and effort, but when it comes to the convenience of sharing data via screen scraping, consumers have less control, security and transparency when they transmit their bank identifiers.
“Once third parties have a customer’s contact details, the consumer doesn’t know how and where the data will be stored, whether it will be sold or shared, with whom and for what purpose, everything remains unknown,” she says.
“It can also be accessed by this hidden data provider or screen scraping service at any frequency without any restrictions. There is no expiration date for them to stop scraping the data customers and their consent cannot be withdrawn. The only benefit is that convenience customers simply provide their login details.”
Financial institutions have used screen scraping since the 1980s to speed up the digital process, rather than manually sharing, capturing and analyzing data.
“Fast forward to 2019, the federal government created legislation called Consumer Data Right (CDR), known as Open Banking in the financial industry, that puts consumers back in control,” Berry says.
“Consumers choose what data they want to share and for how long. To stop sharing their data at any time, they can simply withdraw their consent and ask the company to delete their data.”
Top tips for consumers to protect themselves if asked to share their banking credentials with third parties:
Consider opting for the manual method. Sharing your bank ID could reduce admin life a bit, but at what cost? Is it really worth having an unidentified data provider own or worse sell your data?
Until CDR becomes commonplace, Berry recommends manually downloading your statements from your online bank and sending them to the third-party company.
“While it may take a little longer and be a cumbersome process, you’ll have peace of mind knowing that your data remains safe in the hands of those you choose to share it with,” she says.
Change your password as soon as possible.
“In cases where online or paper statements are insufficient and your bank username and password must be provided, change your password as soon as the third party has accessed the required data,” says Berry.
“This will prevent them from logging back into your account to access your bank details later, without your knowledge and express consent.”
Find the company you share your data with.
“Some banking services that are not yet part of consumer data rights require screen scraping to complete a loan application or for other services,” Berry says.
“If there is no alternative method, do your research around the company you need to share your data with. In particular, you want to know if they do ethical data sharing, which gives you more control and transparency,” she said.
“If you find that they don’t have ethical data practices, it might be a good idea to consider another provider that has better ethics.”
Find out if the lender or service provider will use CDR in the future.
“While screen scraping relinquishes your control and ability to consent to the use of your own data, CDR does the opposite, it empowers you, as a consumer,” Berry says.
“If screen scraping is still the preferred method of the lender or service provider you use, ask them if they will implement CDR in the future, which puts your interests and privacy first. No password needs to be shared, consent can be granted and revoked at any time, and your data remains in your control.”