Sharing of banking data has been a service provided in Australia in an unregulated capacity for many years. Open Banking has formalised this capability via the Consumer Data Right (CDR) that is mandated and regulated by the Australian Government.
Let’s touch on some factors that contribute to the safety and security of CDR Open Banking for consumers.
Consumers must provide explicit consent before their data is shared with third-party providers. They have the ability to choose what data is shared, for what purpose and for how long. They can also revoke consent at any time, giving them greater control over their information.
Open Banking requires strong customer authentication to prevent unauthorised access. Unlike screen scraping it doesn’t involve customers sharing their online banking password, and instead uses some form of Multi Factor Authentication such as a mobile SMS or in app verification code.
Open Banking relies on secure Application Programming Interfaces (APIs) for data sharing between Data Holders (such as banks) and Data Recipients (such as third party apps). These APIs follow strict security specifications such as Financial-grade API (FAPI) and standards such as OAuth 2.0 and OpenID Connect to ensure data is transmitted securely.
Open Banking operates under strict privacy regulations, including the Privacy Act 1988 and the Australian Privacy Principles. Data Holders and Data Recipients are required to handle consumer data responsibly, ensuring its confidentiality, integrity, and protection. They must have robust data protection measures in place to safeguard against breaches or unauthorised use.
Open Banking in Australia is regulated by the Australian Competition and Consumer Commission (ACCC) and Office of the Australian Information Commissioner (OAIC). These regulatory bodies ensure that Data Holders and Data Recipients adhere to security standards and compliance requirements. Ongoing monitoring and auditing help identify any vulnerabilities or risks and ensure the safety of consumer data.
Finally, the government is maintaining it’s investment in a safer digital future, this year’s Federal Budget included a further investment in the Consumer Data Right of $88.8 million over two years, with a focus on several areas including:
Important Information: This article has been prepared by Basiq Pty Ltd (ABN 95 616 592 011) (Company), and was originally published on 24 August 2023 on www.basiq.io. Information is current as at the publication date, and the Company has no obligation to update or correct this article. The information contained in this article is of a general nature and is not intended to address the objectives or needs of any particular individual entity, and should not be regarded in any manner as advice. To the extent permitted by law, the Company and its related bodies corporate will not be liable for any errors, omissions, defects or misrepresentations in the information in this article or for any loss or damage suffered by persons who use or rely on such information (including for reasons of negligence, negligent misstatement or otherwise. © 2023 Basiq Pty Ltd
