What’s Open Banking and is it safe?
Have you heard the term ‘Open Banking’ floating around but been left scratching your head about what it means for you and if it’s even safe to use?
Don’t worry, you’re not alone. It’s a relatively new concept that might seem confusing at first, but we’ll do our best to break it down for you and we’ll continue to share useful insights and updates on Open Banking as it progresses.
So, what is Open Banking?
Open Banking is the result of Australia’s new Consumer Data Right (CDR) which gives you the right to share your banking data between providers, making it easier to access services that suit your individual needs and situation. You’ll control who holds your data, for how long and how it’s used.
While banking will be the first application of the CDR in Australia, it’s expected that other industries will follow, including the energy and telecommunication sectors.
Consumers should see lots of benefits and opportunities with Open Banking but of course, with any changes in the financial sector, it’s important to understand how you can keep yourself and your data secure.
Why do fraudsters want your data in the first place?
Your data can be highly profitable for Fraudsters. The most common ways fraudsters make money from your data include:
- using your identity to commit credit fraud or other financial crimes
- tricking you into giving your banking passwords, card numbers or access to your devices by way of social engineering
- setting up fake online profiles to scam your friends and family.
Should I be worried?
It’s important to note at this stage that passwords and card numbers won’t be shared via Open Banking. And to access your Open Banking data requires second-factor authentication (2FA), just like setting up a new payment from your account. Very secure!
So really, by taking the same precautions you do today (more on that later!), you’ll protect yourself from scams designed to access your data via Open Banking.
Plus, organisations participating in the Open Banking system must be accredited by the Australian Competition & Consumer Commission (ACCC) and must adhere to strict security standards.
But there are also more protections in place to help specifically with the Open Banking rollout. Let’s take a look.
So now we know why fraudsters want your data, let’s look at some of the ways financial institutions, legislators and FinTech’s will be looking to protect it:
One of the most important positives to the way Open Banking is being introduced in Australia is that it has been a steady and considered approach. This means financial institutions have time to plan, design and deliver mandated security measures.
2. Learning from the UK
Open Banking has been in place in the UK since January 2018. This has given Australia the opportunity to observe, learn and adapt to any vulnerabilities that arose during the UK rollout.
3. It’s not ‘open’ in every sense
Financial institutions can’t share your data with other organisations without your explicit consent. If you thought Open Banking meant ‘open data’ and felt worried we would be sharing your data around, you can breathe a sigh of relief. While we use the word ‘open’ to describe the concept of flowing data, it’s not open without restrictions and you will always have control over what is shared, when it’s shared and with who.
4. Security measures, logins and passwords
Just like it is now, your personal information and banking data will be protected and kept secure. The only difference will be that you can choose to share it with accredited third parties if you wish. To do that you’ll need to go through Two-factor Authentication (2FA), just like when you want to send money to a new payee. Most interactions with third parties will be done via Application Program Interface (API, which experts say is the most secure way to share data between organisations
To keep you protected, government and legislative bodies including the Office of the Australian Information Commissioner, the ACCC and the Data Standards Body have received a lot of support and investment to manage and secure the rollout in Australia.
What can I do to make my banking safer?
Financial institutions, and government and legislative bodies work hard to keep your banking data and personal information secure. But it’s also important that you do a few things to protect yourself.
1. Check, check and check again.
It’s important to always ask questions and consider the who, what, how and why before giving out your personal information to anyone by taking these steps:
- Always verify a caller using an independently checked phone number, such as a contact number from an official website, bill, statement or phone book.
- Never provide access to your computer or other devices to any caller, no matter their ‘reason’.
- Never provide Secure SMS’ or One Time Passcodes (OTPs) to another person. If you’re ever asked to give them to a person, it’s a scam!
- Never download any software or visit a website because someone on the phone or via email has told you to.
- Always check emails for signs of scams and delete them straight away if you’re suspicious.
And remember your financial institution will never ask for your internet banking password or OTP to authorise a data sharing request.
2. Keeping your information safe from family and friends
Although we all like to share things with those who are closest to us, it’s important that you don’t share your data (passwords, PINS, OTPs etc.) with anyone, including family and friends. Sadly, domestic and financial abuse is a reality. If you suspect your accounts are at risk from someone close to you, call your financial institution to discuss how they can help protect you.
3. Stop using the same old password
While it might feel easier to use that same password for each online account you have, you might be leaving yourself vulnerable. A strong and unique password, normally containing a mixture of upper and lower case letters, numbers and symbols, can help reduce the risk of your login details being compromised, hacked or stolen. It also means if you are compromised you won’t have multiple accounts exposed. A password manager can help you create and keep unique strong passwords safe.
4. Unsecure networks, unsecure transactions
Avoid using public networks, Wi-Fi or computers in places like shopping centres or libraries for important personal transactions. They may not be secure, and you could risk others accessing your information.
5. Don’t share too much
Social media can be an easy place for fraudsters to target victims, either by reaching out and forming relationships and extorting money or by finding out personal information through shared posts or profile details. We recommend reviewing and adjusting your privacy settings so you have more control over who can see your information.
6. Say something when you see something
Contact your financial institution as quickly as possible if you notice any unfamiliar or suspicious activity on your account. Check your transaction history regularly and reach out as soon as you notice something is out of the ordinary. Your financial institution will be able to guide you through the process.
Think you’ve been scammed?
If you think you’ve been the victim of a scam, you’ll need to let us know straight away so we can secure your account. Here’s how:
- Call us on (08) 8202 7777
- Monday to Friday 8am – 8pm (ACST)
- Saturdays 8am – 2pm (ACST)
Outside of these hours you can report card or Osko (bank transfer) fraud to our 24/7 Fraud Bureau Service on 1300 705 750