Scraping to orchestrating: The three waves of open banking
Open banking’s evolution has come in three distinct waves. From the advent of screen scraping to the development of account-to-account payment orchestration, here’s what each has involved…
1. Pre PSD2 and the reliance on screen scraping
Open banking – the practice of consumers securely sharing their banking data with Third Party Providers (TPPs) via API – was preceded by screen scraping, a data-sharing mechanism that, despite being controversial, is still used in certain scenarios. It works like this:
- A customer shares their online banking login credentials with their chosen TPP
- The TPP then impersonates the customer by using software to log in to their bank account
- This software ‘scrapes’ and stores the customer’s transactional data so the TPP can provide a service
These services range from payment initiation (enabling a budgeting app to top up a savings account, for example) to retrieving data that can be used in a mortgage application. It was, prior to PSD2, a clever enough solution.
So much so, in fact, that it’s worth asking the question: is screen scraping a precursor to open banking, or its first wave? It may not fit the post-PSD2 definition of open banking – centred on API connectivity – but it was the first method of opening up banking data to TPPs, ultimately to the consumer’s benefit.
So, why the controversy? Well, the moment a consumer shares their login details – which they should never do, with anyone – they expose themselves to risk. Aside from unwittingly sharing their credentials with cyber criminals, there’s the possibility of hackers gaining access to data that TPPs store as plain text.
Screen scraping, then, was never sustainable. TPPs having unrestricted access to customers’ login details and their data – with the possibility that that data could be targeted by nefarious third parties – was simply too risky a situation. Enter PSD2.
2. PSD2, secure APIs and a focus on bank connectivity
The revised Payment Services Directive’s arrival in 2018 attempted to replace screen scraping with APIs. Rather than handing over their login credentials, consumers could now grant permission to TPPs, from within their online banking environment, to securely access only the data they need to provide the desired service.
PSD2 resulted in banks across Europe developing open APIs (which allow one application to talk to another and exchange information) that only licensed TPPs can access. These APIs facilitate access to data that’s not only encrypted, but which consumers control (in terms of how much they’re willing to share).
But this second wave of open banking is still only lurking over the first. We mentioned earlier that, despite PSD2 taking effect five years ago, screen scraping is still used – despite there being tighter rules around its use. Why? Because the quality of bank APIs varies, especially in Europe, TPPs sometimes resort to screen scraping to offer the desired level of service. It must, however, disclose that this is the method it uses.
This inconsistency in API quality has resulted in a focus on improving bank connectivity rather than product development. This is really the reason for Volt’s existence – our real-time payment network, by virtue of having multiple connections to banks around the world, effectively harmonises and standardises the open banking payments experience. With this in place, we’ve been able to switch our focus to open banking product innovation. It’s this that defines the third wave.
3. Post PSD2 product innovation
Payment orchestration lies at the heart of open banking’s third wave. Volt’s own orchestration layer allows payments to be routed by the fastest, most secure networks and connections – no matter where they’re initiated. Once you have this level of coverage, standardisation and user experience, you can start to build value-add products.
Build them well and open banking can realise its full potential. They can address practical business needs and concerns over cost, cashflow and fraud. They can also spark mass adoption among consumers looking for a faster, easier and safer way to pay. The adage ‘built it and they will come’ has never been truer.
Creating an orchestration layer on top of our global real-time network has given us the ability to develop products such as Connect, which provides valuable open banking payment data, Circuit Breaker, which intelligently prevents fraud, and Pay by Link, which brings open banking payments to customers on whichever channel they’re using.
This third wave of open banking is catching up with and swallowing the first two. But, like any wave, it will one day break. When it does, another even bigger wave will have emerged from the horizon. It will represent the dawning of the open finance era – when consumers won’t just be able to share their banking data with TPPs, but their complete financial footprint. That, though, is a story for another day.