Login or request a free trial

CDR 'not a viable alternative' to screen scraping

While the financial services industry waits for Treasury to complete its review of screen scraping, a lender has weighed into the debate saying consumer data available through the Consumer Data Right are not yet a viable alternative. Lender and lending platform technology company Tiimely (formerly Tic:Toc) has released its submission to the Treasury review, arguing that the CDR still has problems with data consistency and coverage, the consumer experience is “non-functional” and there is a lack of clarity in several other areas.  Screen scraping, or digital data capture, relies on consumers giving banking and log-in details to third parties that can harvest their data to provide services. Its users include lenders, mortgage brokers, accountants, and financial planners. The Treasury discussion paper, Screen Scraping – Policy and Regulatory Implications, says: “Fighting scams and fraud is one of the government’s priorities. Asking consumers to engage in any practice in which they disclose log-in and password information to third parties runs counter to IT security practices, advice provided by the Australian government, banks’ terms and conditions and MyGov’s terms of use.” The paper says that in addition to being inconsistent with best practice cyber security advice, screen scraping increases the number of parties that hold log-in details, creating opportunities for malicious activity. And under screen scraping arrangements, the third party may have ongoing access to the consumer’s account information. Policy options outlined in the paper, which was released last August, include tighter Privacy Act provisions, mandating the ePayments Code and changes to the CDR rules to encourage greater take-up. CDR is considered safer because it does not require consumers to share log-in details. The CDR rules also offer protections around how data is collected, used and disclosed – and for how long. Tiimely’s submissions says: “Policy decisions should be based on a real-world comparison of the present viability of the CDR vs screen scraping for sector participants. “Tiimeley has been using screen scraping to support digital home loan origination since 2017 and has not experienced any instances of unauthorised access to or misuse of customer credentials. Tiimely is also not aware of any issues having occurred within the fintech industry more generally.” It accepts that CDR has potential advantages, such as enhanced privacy and security. On data quality it says: “Tiimely does not consider there to be wholesale issues with CDR data quality but rather discrete issues with data consistency and coverage that require rectification to be comparable with screen scraping. “For example, there are a number of financial institutions that still have data sharing exemptions in place. In addition, a particular advantage of screen scraping is that the scraped data is the same data that customers see in their online banking portals. Financial institutions go to great lengths to ensure this data is highly accurate.” Tiimely says the CDR “consent flow” needs to be simplified to provide customers with an experience that meet their expectations for digital services. It is also critical of what it calls “prescriptive regulation” of the disclosure and use of CDR data, which it says does not easily accommodate existing use cases

I'm a returning subscriber

Password reset
Login

Request a free trial

  • Emailing you the news at 7am.
  • Covering core lending and funding issues, strategy, payments, regulation, risk management, IT, marketing and more.
  • Original news and summaries of major stories from other media – ditch your newspaper subscriptions.
  • Focused on banking and finance, saving you the time spent wading through newspapers and other services.
  • With reporting from former editors and senior writers from the AFR and The Australian.
  • Configured for your phone, laptop and PC.
Free trial Banking Day