iTnews

Screen scraper ban touted to weed out data predators

By Julian Bajkowski on Jan 15, 2020 1:13PM
Screen scraper ban touted to weed out data predators

Demands for crackdown on FinTech underbelly.

Two of Australia’s most prominent consumer protection advocates have warned policymakers that a failure to ban the endemic practice of commercial screen scraping under new consumer data laws will allow predators to flourish and infest Australia’s fintech sector.

As Australia’s banks and utilities sectors brace for new account portability laws to hit this year, the Financial Rights Legal Centre and the Consumer Action Law Centre have cautioned a major clean-up of data regulations is urgently needed to stop a new generation of shonks coming along for the ride.

The call to ban screen scraping is a major headache for some banks and financial services providers hoping to continue using the technology as a fudge to get around stubborn legacy systems that are costly to modify for open banking.

The main problem is the workaround, which increasingly fuels APIs, breaks a heap of basic data security practices banks have demanded from customers since they went online.

“The basic procedural premise of screen scraping is it requires a consumer to hand over their password and username details in order to access and analyse their data,” a joint submission to Senate Select Committee on Financial Technology and Regulatory Technology’s inquiry from the two advocacy groups says.

“This is an inherently unsafe online practice and is exactly the opposite to every other piece of online safety and security advice provided to Australians by both the online industry and in government advisories.”

Screen scraping has already been banned in the UK and Europe under Strong Customer Authentication rules, with third party providers there granted a transition period until March this year to wean themselves off the vulnerable technology.

With consumer legal advocates now persuasively arguing the same kind of scraping bans need to be imposed in Australia, key groups like FinTech Australia which have vehemently opposed such bans could soon have their lofty ambitions checked.

“Stopping data aggregators who utilise scraping techniques would kill the current fintech industry,” FinTech Australia wrote in its submission on Open Banking inquiry in 2017.

“It also provides a lower cost alternative for smaller banks, fintechs and institutions to innovate faster and meet their compliance obligations under any new regime, and means they may move to full API integration within a timeframe that suits them.”

One of the biggest problems with screen scraping outlined by the Financial Rights Legal Centre and the Consumer Action Law Centre is that the practice literally flies in the face of established consumer electronic security norms demanded by banks and overseen by the Australian Securities and Investments Commission.

A major sticking point is ASIC's E-Payments Code which determines consumer and institutional liability for issues like account compromises, fraud, misdirected payments and other problems.

Despite investing heavily in the fintech sector, banks have for more than a decade demanded consumers adhere to security and credential confidentiality protocols in return for wearing fraud liability, especially around identity theft, online fraud and skimming.

Importantly, the two consumer legal groups argue that modifying the E-Payments Code to cover consumers for fraud losses incurred by ASIC accredited fintechs as a result of screen scraping is “is nonsensical”.

The consumer legal groups claim such a move would “develop a parallel system to serve the interests of a small number of legacy FinTechs who are unwilling to change their business model to meet the higher standards and security requirements of the CDR regime.”

“Encouraging people to hand over passwords and usernames runs counter to all other security advice provide by the Australian government as outlined above. Even if it was safe to hand over log-in details in the Fin Tech context – which it is isn’t – it would undermine safe practices in all other online contexts,” the Financial Rights Legal Centre and the Consumer Action Law Centre said.

Having a lend

Some of the companies heavily reliant on screen scraping are nothing more than rapacious and ethically bereft payday lenders looking for a slick image change using fintech chic, if the case studies of consumer harm in the consumer legal advocates’ submission are anything to go by.

And the data they use is conveniently flaky too, especially when it comes to responsible lending.

In one example cited, a man dubbed “Gavin” who was hooked by payday lenders for $4000 had a loan approved on aggregated data that Financial Rights Legal Centre said was “riddled with errors – including categorising his café payments for coffee as rent.”

In another case a man dubbed "Edward" who went around shopping for a loan found himself signed up before he could blink when he provided details ostensibly to determine an interest rate.

“Edward responded and provided information to begin a process he believed would lead to him being provided with an offer. As a part of this process Edward was required to provide his details to his bank account and to obtain his credit report in order for him obtain his “tailored interest rate,” the Financial Rights Legal Centre case study said.

“Before he knew it Edward had been approved for a $15,000 loan with the money deposited into his account. Edward had only been shopping around and had not expected to be provided with the money - merely an offer.

“The lender refused to rescind the contract until they had been told that he had contacted Financial Rights. In the meantime Edward had in fact found a better deal and wanted to go with this other lender,” the case study said.

That really is an offer that’s hard to refuse.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
apiscloudconsumer action law centrefinancefinanceitfinancial rights legal centrefintechfintech australiascreen scrapersecuritysoftware

Partner Content

Vast majority of surveyed firms still rely on password authentication
Promoted Content Vast majority of surveyed firms still rely on password authentication
Teaching tech teams every step of implementing a machine learning project
Promoted Content Teaching tech teams every step of implementing a machine learning project
The case for postponing mainframe migration has eroded
Partner Content The case for postponing mainframe migration has eroded
DoT Victoria turns to Oracle to implement unified cloud-based platform
Promoted Content DoT Victoria turns to Oracle to implement unified cloud-based platform

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

  • iTnews Benchmark Awards 2022 - Finalist Showcase
  • 11th Annual Fraud Prevention Summit 2022
  • IoT Impact Conference
  • Cyber Security for Government Summit
By Julian Bajkowski
Jan 15 2020
1:13PM
0 Comments

Related Articles

  • Westpac taps 10x Banking to power new institutional platform
  • MyState drives 'significant' technology and digital uplift
  • NAB to revisit its technology strategy
  • Top 5 Benefits of Managed IT Services
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Kmart Australia stands up consent-as-a-service platform

Kmart Australia stands up consent-as-a-service platform

NSW digital driver's licences 'easily forgeable'

NSW digital driver's licences 'easily forgeable'

Kmart Australia re-platforms ecommerce site to AWS

Kmart Australia re-platforms ecommerce site to AWS

Westpac promotes its head of technology to mortgage role

Westpac promotes its head of technology to mortgage role

Digital Nation

Metaverse hype will transition into new business models by mid decade: Gartner
Metaverse hype will transition into new business models by mid decade: Gartner
The other ‘CTO’: The emerging role of the chief transformation officer
The other ‘CTO’: The emerging role of the chief transformation officer
Case Study: PlayHQ leverages graph technologies for sports administration
Case Study: PlayHQ leverages graph technologies for sports administration
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
As NFTs gain traction, businesses start taking early bets
As NFTs gain traction, businesses start taking early bets
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.