9 Consumer Dilemmas: How Open Banking in Australia Affects You and Me

  • By David Hymers
  • |
  • 5 Oct, 2018

While Australia celebrates the Consumer Data Right (CDR) and the power it gives consumers, there is a fair chance you may have concerns about this movement. There is an even better chance you don't know what it all really means. After all, a recent survey by Accenture showed that more than 8 out of 10 respondents from Australia were unaware of or unsure about open banking.

Limited knowledge is a dangerous thing. That's why we put together this FAQ to help answer what we think are the most pressing questions about open banking. This should help you to understand the scope of the CDR and open banking, the players involved in the open banking system, the role you play as a consumer, and how this initiative creates better services you can benefit from over a long period.

1. What is the CDR and why should I care?

The CDR is a regulation that gives YOU the right to direct that your data be shared with third parties you trust. This improves your choice of products and services, allows you to compare and switch between them, and encourages competition between service providers.

Your information can be shared with any third-party organization of your choice that is accredited by the Australian Competition and Consumer Commission (ACCC) to receive data on behalf of Australian consumers. The accreditation process, which is governed by the ACCC, aims to help customers determine with greater ease which data recipients meet the standards, and, as a result, be considered trustworthy. It will also provide customer protection from malicious third parties.

2. What is the relationship between the CDR and open banking?

The financial services sector is the first to implement the CDR. The Australian government has announced that a phased implementation of open banking will begin on July 1, 2019. From this date, Australia’s Big 4 Banks (National Australia Bank, Commonwealth Bank of Australia, ANZ, and Westpac) will make certain data, including credit card, debit card, and transaction account data, available at your request. Mortgage data will become available from February 1, 2020. The non-major banks will be operating on a timeline 12 months behind this.

Following open banking, the CDR will be rolled out to the energy and telecommunications sectors.

3. How do banks ensure that only accredited third parties have access to my data?

It is mandatory for all banks and authorized deposit-taking institutions (ADIs) to validate a data-receiving organization’s accreditation tier prior to giving it access to the system that allows data sharing upon consumer instructions. The ACCC will closely monitor this to prevent unauthorized access to customer data.

4. Who owns the data?

This is the best part! Since the whole purpose of the CDR is to put customers in control of their data, you own it. This means you call the shots. You have the right to exercise explicit consent over which data is shared, at what time, and with whom.

5. Which data will be shared?

If you bank with Australia’s Big 4 Banks, you can access information on credit and debit card, deposit and transaction accounts by July 1, 2019. Data on mortgages will be shared by February 1, 2020. Data on the products recommended by the Farrell Review (see below) will be shared by July 1, 2020.

Deposit Products Lending Products
Savings accounts Mortgages
Call accounts Business finance
Term deposits Personal loans
Current accounts Lines of credit (personal)
Cheque accounts Lines of credit (business)
Debit card accounts Overdrafts (personal)
Transaction accounts Overdrafts (business)
Personal basic account Consumer leases
GST and tax accounts Credit and charge cards (personal)
Cash management accounts Credit and charge cards (business)
Farm management deposits Asset finance (and leases)
Pensioner deeming accounts  
Mortgage offset accounts  
Trust accounts  
Retirement savings accounts  
Foreign currency accounts  

If you bank with any of the other banks, you can access the data exactly 12 months after the timelines of the Big 4 Banks.

6. How do I manage my consents?

  • When and how will it be shared?

    This can happen in two ways. When you want a third party to access your financial data currently held at the bank, your third-party application should redirect you to your bank in order for you to instruct your bank to share your data with the said application. In order to ensure that this instruction is, in fact, coming from you, your bank will first prompt you to log in with your user credentials. Once your identity has been established, the bank will provide a comprehensive consent page where you can select which data should be shared and for what duration.

    Some banks will also provide this same facility through the bank’s internet banking portal; it’s better to bank with one that does. In this case, you can log into the bank’s portal, navigate to the open banking consent section, and provide instructions to the bank to specify which data should be shared for what duration and with whom. You will be able to select the data recipients from a list of accredited parties that have integrated with the bank for open banking purposes.

  • How can I track which data is shared over time?

    You absolutely should be able to check whether your bank’s open banking facility provides a way for you to manage the instructions you have provided. Some banks will provide a portal where you can view the data-sharing consents you have provided in the past. This will detail which data is shared with whom and for what period.

  • Can I stop data from being shared on a later date?

    Your bank's consent management page (described above) should let you revoke consents that you have previously given or modify consents in a way where you either extend or shorten the time period or change the sets of data that you have shared. Remember, these changes will take effect prospectively and not retrospectively. By using this facility, you should be able to start, stop, restart, and modify your consents as you please. Choose a bank that offers you this flexibility.

7. What will they do with my data?

You control how your data will be used. Your third-party application should let you provide instructions or pick from a list of options regarding how your data will be used. Financial data aggregation, data analysis to provide your investment advice, or custom offers are some examples.

8. Will there be unauthorized access to my data?

The open banking standard has been designed to prevent unauthorized access to your data. For starters, your bank can share your data only according to your instructions. This ensures that your data is accessed only by the organizations you have authorized, as well as accredited by the ACCC on their competence to handle your data.

You may or may not have heard about "man in the middle attacks" This means when two parties are communicating with each other (e.g. your bank and your preferred data receiver) an attacker can secretly intercept the conversation and manipulate the data. The open banking regime avoids this by ensuring the communication channel be safeguarded by a mechanism called "encryption", which makes it impossible for an attacker to intercept the communication channel.

9. Who can I report to if I’m uncomfortable?

A central Consumer Data Contact Point will be created; this will be a virtual point of contact, such as a single telephone number and webpage, that connects complainants to complaint handlers. The Office of the Australian Information Commissioner (OAIC) will retain enforcement powers to privacy.

It might seem like a lot to take in, but the CDR is designed with your best interests at heart. It’s always important to know the role you play within the ecosystem. This better equips you to be prepared for the CDR and open banking by helping you understand how to protect your data, manage content and use this ecosystem to create products and services that are uniquely customized to your needs.

If you have any more questions or would like to know more about how open banking affects you, feel free to contact us at [email protected].

For more information on WSO2 Open Banking visit https://wso2.com/solutions/financial/open-banking/australia/.


About Author

  • David Hymers
  • Regional Lead Account Manager Australia & New Zealand
  • WSO2