- Information that may be shared with consent
- Duration of Data that can be shared
- Initiate Data Sharing
- Authentication Process for approving and amending data sharing
- How to view your One Time Password (OTP)
- Approve sharing request
- View requests to share data in Internet Banking
- Stop sharing data
Information that may be shared with consent
Credit Union SA is currently a Data Holder. Our members, or Data Owners, may consent to share their Credit Union SA data with an authorised organisation, referred to as a Data Recipient. A Data Recipient can request our members to consent to sharing their data for a range of purposes, such as a product application, or for use within an app.
- Full name
- Address details
- Contact details
- Account number
- Account types
- Where consent has been granted, full transaction details for the past 6 years
- Direct debits active within the last 13 months
- Scheduled payments
- Up to 2 years of closed account transaction history
Product specific data
- Your product characteristics
- Product type
- Product name
- Fees, charges and interest rates
- Features and benefits
- Terms and conditions
- Member eligibility requirements
Duration of Data that can be shared
When consent to share data is provided to a Data Recipient, the duration that the data will be available is also set. Data can be shared with the Data Recipient for either:
Up to 365 days
- Accessed for one purpose only
- Available for 24 hours
- Set number of days
Initiate Data Sharing
Before we, as a Data Holder, make data available to a Data Recipient, the Data Owner (you) must authorise for us to share your data. This process is initiated through the Data Recipient’s own channel, such as a website or app.
During this process, you will confirm the consent period, find out what happens when you withdraw or amend consent and select data to be shared.
If you need assistance with this process, please contact the Data Recipient.
Once completed, you will be directed to our Authentication to share data webpage to begin the Authorisation Process, outlined below.
Authentication Process for approving and amending data sharing
Before we, as a Data Holder, make your data available to a Data Recipient, the Data Owner (you) must complete a process to authorise the consent through our Open Banking portal. Members can also amend their consent using the following steps.
The Authentication process consists of the following steps:
1. Enter your Member Number and select Next.
If you’re amending your data sharing requests you won’t need to do this step. The system will recognise you already.
2. A One Time Password (OTP) will be sent.
- The OTP will be notified in one of the following ways:
- Via your registered email address
- Via a push notification to your registered device
- Generated by you via Internet Banking or within the Mobile Banking App
- How you receive your OTP will be determined by your Internet Banking or Mobile Banking App settings. Learn how to change your settings.
- Only one OTP will be generated per request.
- If you do not have access to your specified email address or device, you can log in to Internet Banking to view your OTP. The code generated in Internet Banking will be the same code.
3. Enter your OTP to move to finalise the authentication and move through the consent phase.
- Your code will only be valid for 10 minutes.
- Only one OTP can be generated at one time.
- If you need your code resent to you, or your code expires, please click ‘Resend one time password’
- New codes will also only be valid for 10 minutes.
How to view your One Time Password (OTP)
OTP to your email address
When you request an OTP, your nominated email will be displayed at the OTP entry screen – hashed out for your security.
OTP to your device
If you have Push Notifications set up on your registered device, you will receive a pop-up notification with your password.
OTP to Internet Banking and Mobile Banking App
If you do not have a registered email address or Push Notifications setup, you will need to generate an OTP using Internet Banking or our Mobile Banking App.
When you log into Internet Banking, select Security then OTP. You will be presented with either the Secure SMS window or VIP Security Code validation page. The page you see will depend on which Two-Factor Authentication (2FA) mode you have enabled on your account.
Members must go through the 2FA process in Internet Banking to access the Generate Password page. Once authenticated, click the Generate code button to view the OTP.
Mobile Banking App
When you log into the Mobile Banking App, select Settings then Sharing requests where you will be asked to re-enter your App PIN.
You will be presented with a 6 digit code if a third party is currently requesting access to the data you have requested to be shared.
Approve sharing request
The Approve Sharing Request screen will display to you the following details:
- How long the data will be available to the Data Recipient.
- The start date for the data being shared.
- Instructions for reviewing, amending and stopping the request once this has been approved.
If you don’t wish to proceed with the information which is presented on this screen, please click Deny Request to cancel the request moving forward.
You will also be able to access our CDR Policy prior to approving your sharing request.
Data to be shared
The next screen will display a summary of the data you are consenting to share. This will include:
Name, occupation, and contact details
- Residential Address
- Mailing Address.
Account balance details
- Name of account, type of account, account number, account balance, interest rates, fees, discounts, account terms, and account mail address.
- Incoming and outgoing transactions, amounts, dates, descriptions of transactions.
Direct debits and scheduled payments
Select accounts to share
On the next screen, a list of your eligible accounts will be presented for selection.
Please note, we are not required to share consumer data:
- where the account was closed no more than 24 months before that time – transaction data in relation to a transaction that occurred more than 12 months before the account was closed;
- where the account was closed more than 24 months before that time:
- account data that relates to the account; and
- transaction data that relates to any transaction on the account:
- product specific data in relation to a product relating to any such account.
- when not mandated by the ACCC. Products and types of data to be shared will be progressively rolled out. Refer to the Open Banking timeline.
Select the accounts which you wish to share with the Data Recipient or click Select All accounts to share the entire list. Once all required accounts are selected, click confirm to finalise the sharing request.
When you don’t select any accounts, you will be authorising for us to share your personal data only.
View requests to share data in Internet Banking
You can view the requests you have consented to in Internet Banking or within our Mobile Banking App.
Within Internet Banking, select Sharing under the Security Menu. In order to access the Sharing page, you will need to be registered for Secure SMS.
Within the Mobile Banking App, this is accessed in the main menu by selecting Settings and then Sharing management.
Data sharing status:
- Data sharing is currently active with the Data Recipient.
- Data sharing has been withdrawn, by the Data Owner or the Data Holder.
- The duration of data sharing with the Data Recipient has expired.
- Data is only available to the Data Recipient for 24 hours.
Click on the status to view further details.
Frequently asked questionsView all Open Banking FAQs
Open Banking, also known as Consumer Data Right (CDR) is an opt-in service which gives you greater access and control over your data.
The current stage of Open Banking allows you to authorise your credit union or bank to share your data with other accredited organisations, making it easier to compare and switch products and services or access new and improved services.
Learn more about Open Banking, and how it will benefit you here.
Open Banking aims to give you greater visibility and control over your banking data, greater ease of comparison between products and services in terms of both price and quality, and the ability to switch between providers more quickly and easily – all without pesky paperwork.
Yes. Open Banking is a government initiative and only accredited organisations can take part. Financial institutions and other companies that participate in Open Banking will need to adhere to strict security standards when accessing and storing your data and will be subject to the Privacy Act. And accredited organisations will only be able to access data at your request.
Open Banking is also regulated by the Australian Competition and Consumer Commission (ACCC), the Office of the Australian Information Commissioner (OAIC), the Treasury and the Data Standards Body (DSB).
The major banks began sharing product reference data during July 2019.
From 1 July 2020, when requested by a customer, major banks are required to share data to accredited Data Recipients. This includes customer data, account data, transaction data and product specific data.
From 1 October 2020, non-major banks, building societies and credit unions, including Credit Union SA, are required to share product reference data using a Product Application Programming Interface (API). APIs are a software intermediary that allows two applications to talk to each other.
Our Product API covers Home Loans, Car Loans, Personal Loans, Transaction Accounts, Savings Accounts, Term Deposits, Overdraft Accounts, Debit Cards and Credit Cards we provide to our members. Information available through the API includes product features, constraints, eligibility, rates, fees and discounts and links to our Terms and conditions.
From July 2021, you will be able to authorise us to share your banking data with accredited organisations from within Internet Banking. This may include your account information and/or transaction history. You will control what is shared, and your data will be used only for the purpose you authorise. Initially, you will only be able to share data for certain products – over time, more of your data will be available to share as we expand this list. Please note, data sharing is not currently available for accounts held in either more than one name or a non-personal name.
- Saving Accounts
- Transaction Accounts
- Term Deposits
- Credit Cards
- Home Loan Offset Accounts
From 1 November 2021, you will be able to authorise us to share your Home Loan and Personal Loan banking data with accredited organisations from within Internet Banking.
- Home Loans
- Personal Loans
You will also be able to authorise us to share two years of closed account transaction history with accredited organisations, for Credit Union SA accounts included in Open Banking.
From 20 January 2022, you will be able to authorise us to share your Lines of Credit and Overdraft information with accredited organisations from within Internet Banking or the Mobile Banking App.
- Lines of Credit
Visit the CDR website for other key dates.
Open Banking is an opt-in service, which means you choose whether to use it or not.
If you choose for us to share your data with another organisation using Open Banking, you will need to have Internet Banking access. If you don’t have Internet Banking, we can help – simply call us on (08) 8202 7777.
Under the CDR legislation, we will not charge you to share your data with an accredited third party, and we won’t charge accredited third parties to access your data either.