Australia’s financial regulators will not intervene in the controversial practice of “screen scraping” despite it being banned in the EU and pressure from Australia’s largest bank and some fintechs to outlaw it.
During a senate hearing last week, the Australian Securities and Investments Commission (ASIC) said it was not intending to stop the practice where consumers hand their banking credentials to a third party, typically a fintech, to access their data for use in other financial services, and it had seen no evidence of harm to consumers.
ASIC’s comments, and similar sentiments from the ACCC, has divided the financial industry down the lines of those using the method – who argue it is a customer’s right to decide who accesses their data – and those which see it as unsafe and/or redundant in Australia’s upcoming Consumer Data Right regime.
Speaking to the senate committee, ASIC’s acting executive director, financial services, Tim Gough said the regulator would still monitor the market closely but had no plans to prevent screen scraping.
“… there’s no evidence of which we’re aware of any consumer loss from screen scraping,” Gough told the Committee.
In Europe traditional screen scraping is being phased out by regulators while America’s biggest bank, JP Morgan Chase, announced earlier this year it will prohibit it.
In Australia, however, it is set to continue, although many expect screen scraping to be made redundant by the upcoming Consumer Data Right and open banking which allows consumers to access their data and transfer it to third parties via APIs, typically an easier and more secure method of sharing data.
Rebecca Schot-Guppy, general manager, FinTech Australia told the Senate Committee there was no good reason to outlaw screen scraping before CDR and open banking had matured, a view shared by the architect of Australia’s open banking scheme, Scott Farrell.
Schot-Guppy told the committee, “From our perspective, the reasonable conclusion is that no attempt should be made to outlaw screen scraping until CDR and CDR data is readily available across the economy.”
“More broadly, the CDR should be implemented in a manner that is easier to access, provides better functionality and is cheaper than scraping. This will remove the need for companies to use screen scraping to obtain specific confidential financial data.”
Stakeholders weigh in
The news that screen scraping will continue was welcomed by some of the fintechs which rely on screen scraping for data to power their offerings and see it as a leveller against industry incumbents.
Wisr, a neolender which helps customers consolidate debt said the regulators had made the smart decision, and eliminated a “grey area” which was being exploited by incumbents.
For example, the Commonwealth Bank of Australia has been advising customers that providing credentials to fintechs to scrape their data was a security risk and a potential breach of terms and conditions.
Wisr’s COO, Mathew Lu, said, “This decision is the smart decision, as consumers are the ones who own their data, and consumers should be empowered and have the right to decide who and how they share their data with, and not be constrained or dictated to by technology choice.
“We are very pleased that the regulators recognised, that to ban screen scraping, before the consumer data right has had the opportunity to mature, would not be in the best interests of the consumer. Behaviours contrary to this guidance, are now clear indications of anti-competitive behaviour and should stop, immediately.”
Others see screen scraping as fundamentally unsafe.
Lisa Schutz, founder and CEO of Verifier, which brands itself as a fintech and a regtech, says if it were up to her screen scraping would be banned altogether.
“There are a very small number of companies that use the Privacy Act [properly to share data] and effectively do an emergent version of the Consumer Data Right, of which Verifier is one,” Shultz said on a Gartner panel last month.
“Screen scraping is problematic because the data holder doesn’t know that it’s not [the customer]. And that has all sorts of risks, cybersecurity implications [and] privacy implications.”
Two prominent consumer protection groups, the Financial Rights Legal Centre and the Consumer Action Law Centre, have previously warned that a failure to cleanup or ban screen scraping would put consumers at risk.
In an earlier joint submission to the same Senate Committee, the groups said, “[Screen Scraping] is an inherently unsafe online practice and is exactly the opposite to every other piece of online safety and security advice provided to Australians by both the online industry and in government advisories.”