Uncovering the differences between Open Banking & Screen Scraping

Technology has made its impact on history, shaping the way we perceive the world through the lenses of convenience. We have fashioned ourselves tools to better manipulate our surroundings for practicality and ease, and such tools have undergone modifications to improve our experiences. Data sharing has now evolved from sharing paper statements and screen scraping to consumer-friendly Open Banking. The benefits of Open Banking as a data sharing method go beyond efficiencies associated with digital transfer of information. Indeed, this new regulatory framework enhances the consumer’s security, confidence and control over their data. At the same time it creates both opportunities and challenges for companies and it appears inevitable that the industry will gradually adapt by fading out screen scraping data sharing methods.
In this analysis, Adatree explores the evolution and future of data sharing with an outline of the key differences between screen scraping and Open Banking.
The history of digital data sharing
Since the 1980s, financial institutions such as banks and credit unions have commonly used screen scraping to extract data from legacy systems later to be adapted into modern applications. This technique was an expedited digital process as opposed to manually sharing, entering, and analysing data; additionally, companies were able to gather information from said data and cater to their customers accordingly. Digital data sharing has now evolved to Open Banking, or the Consumer Data Right in Australia. This is a regulator driven approach to mandating types of data with specific SLAs and common technical standards for third parties to participate and access data.
what is Screen Scraping?
To obtain a variety of services, customers provide their bank login credentials, such as their username and passwords, to a company—often times a bank or a lender—that facilitates the scraping of a customer’s information. These third parties then log into web-based platforms as though they were the customers themselves, seeing what their customers would see in the online banking “screen”. Once logged in, the third party would “scrape” the data.
The “scraping” extracts the data from a digital display, collects it as raw text, and converts it for use in other applications. Data can continuously be “scraped” and updated from the customer’s accounts when refreshed. To facilitate this automatic process, screen scraping utilises image processing, so the accuracy may not be perfect.
For years, companies used screen scraping to extract data from legacy systems of financial institutions; they then transfer that data to modern applications to be used for other purposes. For example, a budgeting app can import a customer’s ongoing transactions, often with a delay.
Screen scraping provides not only for improved efficiency in obtaining and storing data, it is also fairly easy to implement at any third party institution seeking data. However, these benefits come at a disadvantage to consumers in terms of transparency and control.
Advantages of Screen Scraping Sit Largely With The Business
Screen scraping may be considered superannuated, especially since it doesn’t have the same transparency and immediacy as Open Banking does, as outlined below. However, unlike in the UK where screen scraping was first banned, it is still legal in Australia. In fact, according to the Australian Securities and Investments Commission (ASIC), screen scraping is a reliable and safe method, hence unnecessary to be proscribed. Yet despite the attested “reliability” and “safety”, is screen scraping truly a method that should be perpetuated?
Screen scraping still does have many advantages. The setup process is fast for the third party because it bypasses the data holder’s systems and data sharing permissions. It is straightforward as it only requires customers to share their login credentials. The customer data can then be stored digitally and accessed by the third party at any frequency and without any restrictions. Finally, there is no expiration date for accessing the data.
These benefits largely stem from the lack of barriers, regulation or standards for security, data storage, data usage, or ongoing access. Screen scraping is currently more popular for accessing bank transactions than Open Banking. Yet with the regulatory shifts and the associated shifts in customer preferences, this is likely to change.
Customer Disadvantaged by Screen Scraping Methods
Screen scraping has been widely adopted since it has long been one of the few viable digital sharing methods. Whilst it carries a range of benefits to third parties, the current shift towards Open Banking reflects the disadvantages of this method to customers.
Screen scraping requires the customer relinquish their control over their own data once the login details are shared. This results in a lack of transparency and requires a high level of trust for the third party on behalf of the customer. The customer does not know how and where the data will be stored; whether the data will be sold or shared, with whom, and for what purpose, everything remains unknown. If the customer decides for their data to be deleted, they lack legal recourse. The only way that customers can prevent this continued data sharing is to change their password.
It is not surprising that a significant number of consumers do not fully grasp the extent to which their information is being accessed, shared, stored and retained—or by whom—when they use financial apps. -PNC Bank
Even if a level of trust is established between the customer and the third party, and that should be based upon the company’s commitment to security, screen scraping is not infallible when it comes to breaches. Sharing credentials with a third party also is in violation of the terms and conditions of many institutions, which may increase the liability of the consumer.
While screen scraping uses HTTP encryption over traffic, it is ultimately an unregulated practice with technical standards and customer controls falling significantly short of the requirements for third parties receiving data through Open Banking.