The landmark Parliamentary inquiry into the FinTech sector has again descended into a feud over the controversial practice of screen scraping, much to the chagrin of FinTech Australia.
Screen scraping is the process of obtaining and translating a screen that displays data from one app to another, usually done through a user handing over login details for their bank account to a third party, usually a FinTech firm.
Major banks and consumer groups have said the practice is inherently unsafe and are pushing the committee to recommend that it be banned in its interim report, due at the end of the month.
Several FinTech companies have hit back, claiming the practice only provides them with ‘read only’ access, and it wouldn’t be necessary if the Consumer Data Right was broadened and improved.
After the issue dominated the early public hearings for the Select Committee on Financial Technology and Regulatory Technology, the question of whether to ban screen scraping has again cropped up, with the Commonwealth Bank telling the committee there is a “very concerning correlation” between this practice and greater risks of fraud and scams.
In an answer to a question on notice, the big four bank said its fraud analytics team conducted a study on screen scraping and found that users that allowed screen scraping were two or more times more likely to experience fraud, a “statistically significant result”.
“We do not question the intent or practices of most FinTechs who are operating in this manner. However, it remains our firm belief that sharing usernames and passwords is a fundamentally unsafe practice, both in the signals it sends about the importance of these credentials, as well as the storage of these credentials outside the bank’s ecosystem,” CBA general manager of government, industry and sustainability Euan Robertson said in the submission.
“While the study does not attribute cause for the statistical relationship, it does demonstrate a probable correlation between the unsafe banking practice of customers who share log-ons and passwords credentials with third parties and increase fraud. Behaviours that place customers at greater risk should not be encouraged.”
But FinTechs have hit back at the claims, saying it is another attempt by a major bank to try to squeeze out competition from FinTechs.
FinTech Australia general manager Rebecca Schot-Guppy said the committee should be focusing on open banking, with an effective scheme making screen scraping a moot point.
“We’re disappointed that again the discussion has thrust back towards screen scraping despite all of the other major issues up for discussion,” Ms Schot-Guppy said.
“There’s no data or proof out there that proves CBA’s claims around screen scraping. This claim hasn’t been surfaced to us in our myriad of discussions with the bank attempting to reconcile their position on this practice. The FinTech industry can only survive by putting customers first.”
If the open banking scheme is improved, FinTechs would organically stop requesting screen scraping from their users, she said.
“The FinTech industry can only survive by putting customers first. FinTechs would not conduct screen scraping practices if they felt it put any of their customers at risk,” Ms Schot-Guppy said.
“As we have consistently stated, screen scraping practices will disappear under a fair CDR regime. Rather than debate the activity, we should turn our attention towards the rollout of open banking and the broader opportunity FinTech presents for Australia.”
In an earlier submission to the committee, the Financial Rights Legal Centre and Consumer Action Law Centre pushed for screen scraping to be banned, saying it promotes unsafe online practices, breaches banking terms and conditions and is prone to errors.
“For the government’s Consumer Data Right to succeed and build high levels of consumer confidence and trust in a safe and secure FinTech sector, the outmoded and dangerous practice of screen scraping must be prohibited,” the joint submission said.
“Without a ban on screen scraping, there is very little incentive for businesses such as payday lenders and debt management firms to use CDR accredited software over screen scraping technology.”