How to use Open Banking
Credit Union SA is currently a Data Holder. Our members, or Data Owners, may consent to share their Credit Union SA data with an authorised organisation, referred to as a Data Recipient. A Data Recipient can request our members to consent to sharing their data for a range of purposes, such as a product application, or for use within an app.
Information that may be shared with consent can include:
- Full name
- Address details
- Contact details
- Account number
- Account types
- Where consent has been granted, full transaction details for the past 6 years
Product specific data
- Your product characteristics
- Product type
- Product name
- Fees, charges and interest rates
- Features and benefits
- Terms and conditions
- Member eligibility requirements
Duration of Data that can be shared
When consent to share data is provided to a Data Recipient, the duration that the data will be available is also set. Data can be shared with the Data Recipient for either:
Up to 365 days
- Accessed for one purpose only
- Available for 24 hours
- Set number of days
Initiate Data Sharing
Before we, as a Data Holder, make data available to a Data Recipient, the Data Owner (you) must authorise for us to share your data. This process is initiated through the Data Recipient’s own channel, such as website or app.
During this process you will confirm the consent period, find out what happens when you withdraw consent and select data to be shared.
If you need assistance with this process, please contact the Data Recipient.
Once completed, you will be directed to our Authentication to share date webpage to begin the Authorisation Process, outlined below.
Before we, as a Data Holder, make your data available to a Data Recipient, the Data Owner (you) must complete a process to authorise the consent through our Open Banking portal.
The Authentication process consists of the following steps:
1. Enter your Member Number and select Next.
2. A One Time Password (OTP) will be sent.
- The OTP will be notified in one of the following ways:
- Via your registered email address
- via a push notification to your registered device
- generated by you via Internet Banking.
- How you receive your OTP will be determined by your Internet Banking or Mobile Banking App settings. Learn how to change your settings.
- Only one OTP will be generated per request.
- If you do not have access to your specified email address, or device, you can log into Internet Banking to view your OTP. The code generated in Internet Banking will be the same code.
3. Enter your OTP to move to finalise the authentication and move through the consent phase.
- Your code will only be valid for 10 minutes.
- Only one OTP can be generated at one time.
- If you need your code resent to you, or your code expires, please click ‘Resend one time password’
- New codes will also only be valid for 10 minutes.
How to view your One Time Password (OTP)
OTP to your email address
When you request an OTP, your nominated email will be displayed at the OTP entry screen – hashed out for your security.
OTP to your device
If you have Push Notifications setup on your registered device, you will receive a pop-up notification with your password.
OTP to Internet Banking
If you do not have a registered email address or Push Notifications setup, you will need to generate an OTP using Internet Banking.
When you log into Internet Banking, select Security then OTP. You will be presented with either the Secure SMS window or VIP Security Code validation page. The page you see will depend on which Two-Factor Authentication (2FA) mode you have enabled on your account.
Members must go through the 2FA process in Internet Banking to access the Generate Password page. Once authenticated, click the Generate code button to view the OTP.
Approve sharing request
The Approve Sharing Request screen will display to you the following details:
- How long the data will be available to the Data Recipient.
- The start date for the data being shared.
- Instructions for reviewing and stopping the request once this has been approved.
You will also be able to access our CDR Policy prior to approving your sharing request.
Data to be shared
The next screen will display a summary of the data you are consenting to share. This will include:
Name, occupation, and contact details
- Residential Address
- Mailing Address.
Account balance details
- Name of account, type of account, account number, account balance, interest rates, fees, discounts, account terms, and account mail address.
- Incoming and outgoing transactions, amounts, dates, description of transactions.
Select accounts to share
On the next screen, a list of your eligible accounts will be presented for selection.
Please note, we are not required to share consumer data:
- where the account was closed no more than 24 months before that time – transaction data in relation to a transaction that occurred more than 12 months before the account was closed;
- where the account was closed more than 24 months before that time:
- account data that relates to the account; and
- transaction data that relates to any transaction on the account:
- product specific data in relation to a product relating to any such account.
- when not mandated by the ACCC. Products and types of data to be shared will be progressively rolled out. Refer to the Open Banking timeline.
Select the accounts which you wish to share with the Data Recipient or click Select All accounts to share the entire list. Once all required accounts are selected, click confirm to finalise the sharing request.
When you don’t select any accounts, you will be authorising for us to share your personal data only.
View requests to share data in Internet Banking
You can view the requests you have consented to in Internet Banking. Under the Security menu select Sharing. In order to access the Sharing page, you will need to be registered for Secure SMS.
Data sharing status:
- Data sharing is currently active with the Data Recipient.
- Data sharing has been withdrawn, by the Data Owner or the Data Holder.
- The duration of data sharing with the Data Recipient has expired.
- Data is only available to the Data Recipient for 24 hours.
Click on the status to view further details.