Amex spotlights bank hypocrisy in screen scraping liability row

Credit card behemoth American Express has put the boot into Australia’s Big Four banks over their objections to fintechs using screen scrapers to onboard customers switching services, saying banks themselves use the technology for regtech purposes.

In a stinging submission the Senate Select Committee on Financial Technology and Regulatory Technology, the upmarket payments giant argues that whilst the Consumer Data Right (CDR) “may render screen scraping services obsolete in time…there is still likely to be a significant period where CDR and screen scraping co-exist.”

The use of screen scrapers – which usually require customers to hand over username and password credentials to third parties – has become a major battleground between established banks and a range of API-based services because sharing credentials exposes customers to online fraud liability.

Banks have for more than a decade indemnified consumers against online fraud losses from bank accounts, credit and debit cards under ASIC’s voluntary E-Payments Code, which bodies like FinTech Australia are pushing to have amended to allow the use of scrapers without a liability shift.

Consumer and financial customer legal advocates are vehemently opposed to allowing screen scraping to legally continue at all, and have called for it to be banned altogether because of its prolific use by shonky payday lenders and credit sharks.

The practice is already banned in the UK and Europe.

Parts of the Australian fintech industry have argued the local sector will cease to be viable if screen scraping is banned and have accused banks of an abuse of market power by propelling the liability issue to retain market share that would otherwise be challenged by new entrants.

At the moment some institutions like the Commonwealth Bank unapologetically send blunt warnings to customers about account security conditions when their accounts are accessed by screen scrapers from third party services.

But without naming names, Amex says that the fraud liability issue arising from screen scraping needs to be resolved within the E-Payments code because banks are scraping too.

“We consider it inappropriate for consumers to be held liable by their bank for using RegTech services, particularly when those RegTech services are being used by those banks to acquire new customers,” Amex said in its submission.

“We think that the opaqueness of the liability position has moderated uptake of such RegTech services in Australia both by financial service providers that would integrate with such services and by consumers who might use them. Uncertainty around the liability provision should be addressed in any updated ePayments Code.”

Amex’s jostling for clarifications comes after banks including ANZ recently dumped the issuing of so-called ‘companion cards’ after the Reserve Bank forced down interchange fees to olower card acceptance costs.

Unlike rivals Visa and MasterCard, Amex for the most part issues its own credit cards and carries its own liability rather than getting banks to do so.

All banks and card schemes are feeling the impact from a sustained movement away from credit-based products as consumers eschew credit card interest rates commonly between 18 per cent and 21 percent in favour of payments direct from accounts or buy-now pay-later services.

The shift has some regulators concerned that some buy-now pay-later services are not adhering to responsible credit and anti-money laundering regulations, with an influx of unsecured credit services and products now branding themselves as ‘fintechs’.

“The competitive effect of new entrants such as FinTechs is most evident in the payments and unsecured consumer and small business lending sectors,” the National Australia Bank (NAB) wrote in its submission to the Senate Select Committee on Financial Technology and Regulatory Technology.

The Consumer Action Law Centre puts it a different way, especially when it comes to their argument for banning screen scraping and the potential impotence of CDR accreditation regimes for those who get stuck with lenders of last resort.

“Financially vulnerable people desperate to access credit via a service that uses old and unsafe screen scraping technology will not concern themselves with the nuances of privacy protections to do so,” the Consumer Action Law Centre’s submission said.

“If that means engaging with non-CDR accredited entities like dodgy payday loan operators still using screen scraping, those financially vulnerable people will do so and end up with lower privacy protections than customers seeking loans from CDR accredited lenders.”