‘The world has moved on’: Screen scraping regulation looms

Assistant Treasurer Stephen Jones cannot see a “big future” for fintechs and other businesses that continue to rely on screen scraping, declaring that the “world has moved on” as the government seeks to regulate the controversial practice.

Mr Jones made the comments on Wednesday at the Intersekt Conference, where he announced an eight-week consultation that could inform a future ban on the use of screen scraping in some sectors.

Last year’s Statutory Review of the Consumer Data Right recommended banning the practice in the “near future” in sectors “where the CDR is a viable alternative”, but that this would rely on improvements to data quality.

Tech circuit board privacy

Screen scraping (also known as “digital data capture”) involves customers giving up their bank account log-in details and passwords to service providers, usually a fintech firm, which then uses the data access to provide their services.

Major banks and consumer groups have long argued that the practice, which is commonly used in the lending application process and for financial management applications, is unsafe as it is largely unregulated.

As data breaches become increasingly common, there is also a risk that banking logins and passwords may be disclosed, despite some providers of screen scaping services touting banking-level cybersecurity measures.

According to the new discussion paper, stakeholders have expressed strong support for both continuing to use screen scraping in parallel with the CDR and ditching it, particularly in financial services, due to the risk to consumers.

Mr Jones on Wednesday acknowledged the issue are complex, saying the consultation will be used to understand how screen scraping is used, why it is favoured over other forms of data sharing, and the risks involved.

“We don’t want to force CDR into uses it isn’t suitable for, or where it isn’t yet mature enough to be effective. We also know that screen scraping is often seen as the least bad option, and that many people and businesses only use it due to a perceived lack of alternatives,” he said.

“But let me say this: I really don’t think that asking people to hand over their online banking passwords to lenders, mortgage brokers, and others is the best we can do. The world has moved on.”

Mr Jones went as far as to say that it is “hard to see a big future for any business model that relies on people sending through their log-in details”, noting CDR’s potential as an alternative for data sharing.

“The practice of screen scraping … cuts against the work we as a government and many parts of the fintech industry are trying to do to use data more safely, and to store it more safely,” Mr Jones added.

The federal government has been developing the CDR since 2017 to be a more advanced way of sharing data using APIs. It now covers nearly 100 per cent of deposits and is now expanding to the energy sector.

In May, the government paused an expansion of the scheme to the superannuation, insurance, and telecommunications sectors to ensure CDR is “working as effectively as possible” in banking and energy.

Mr Jones said the pause is an attempt to “deepen CDR’s place where it already exists, let the system mature, and create spaces for use cases to grow”, ensuring that the reforms introduced under the scheme are lasting.

“The work we have done, both in the Budget and since, has been aimed at giving CDR the best chance to turn its potential into reality. It is about driving real world, day to day, practical benefits for consumers,” he said.

The consultation will close on 25 October 2023. The discussion paper can be found here.

Do you know more? Contact James Riley via Email.

Leave a Comment

Related stories