The chief executive of the Commonwealth Bank of Australia, Matt Comyn, has publicly hit back against calls by sections of the fintech sector to legitimise the controversial practice of screen scraping, saying the activation of open banking should make it redundant.
The head of Australia’s largest bank on Monday stoked the unsightly industry bin fire, telling iTnews that while CBA was “we're very supportive of consumer data right [CDR] and open banking” the safety of customers came first.
Comyn said that after the CDR goes live mid this year “we'd like to think that after that point in time, screen scraping technologies would no longer be necessary.”
“It seems important to us to not try and go against decades and advice to customers to not share their security credentials with a third party,” Comyn said.
Comyn’s statements indicate there is essentially no chance of the CBA walking back from its position of alerting customers who provide their account and security credentials to third parties to warn them that such disclosures are against the banks security rules and make customers liable for fraud.
The comments echo those of Australia’s former cyber tsar, Alastair MacGibbon, who said legitimisation would send “precisely the wrong message”.
The CBA’s use of the warnings to customers, which are triggered when the bank detects account access that is not by the account holder, has incensed some payments technology firms who claim the CBA is trying to frighten customers into not using competitors.
Some of the accusations, most of them contained in submissions to the government’s Fintech and Regtech Inquiry, go as far as to accuse the bank of seeking to hobble competition in the sector to protect its own market share.
Complicating matters, none of the Big Four banks’ submissions to the Fintech and Regtech Inquiry set out an explicit position on the use of screen scrapers or sharing of credentials with third parties, making Mr Comyn’s comments the first publicly clear line in the sand.
Some of CBA’s big bank rivals also have to contend with their various venture funds using screen scrapers as a fudge to onboard customers before Open Banking goes live.
At a basic level, screen scrapers work by getting account holders to hand over their details to another service that then accesses their customer information at a bank or service to allow porting or another service to use their customer data.
The solution is essentially a quick workaround to avoid creating more complex APIs with security overheads to extract the same data, with some fintechs arguing banning screen scrapers would make their businesses unviable.
But there are prominent calls to have them banned, not least from consumer and financial law advocates who cite a litany of abuses and predatory behaviour from the underbelly of the unsecured lending market (payday and other high interest loan providers).
Consumer advocates say predatory lenders are attempting to recast themselves as fintechs and create a ‘halo’ of innovation to hide under.
The CBA has good cause to be concerned over the potential proliferation of screen scraping spivs given its size ropes in more customers from a lower income demographic where high interest lenders ply their trade.
Like other banks, CBA is also wary of the so-called buy-now, pay later sector as unsecured consumer credit migrates away from credit cards that have revolving balance limits to running a credit book to more structured repayment instalments that are approved per purchase.
CBA last week tripled its investment in Swedish online shopping and consumer credit darling Klarna to US$300 million for a stake of 5.5 percent, a move aimed at capturing a slice of credit card averse (or ineligible) young shoppers.