Is open banking safe?

2 min


Open banking and how it works

Open banking is a concept that enables the secure sharing of financial information, such as consumer banking transactions and other financial data, to third-party service providers. Open banking data can be accessed through PSD2-compliant APIs only with the consent of customers.

APIs, or application program interfaces, are used as a secure method of communication between third-party service providers and online banking systems (Finextra, 2019). Using an open banking login, APIs allow for a way of giving access to a variety of financial information, such as balances, account information, cashflow, and transactions to fintechs (Finextra, 2019). Banks, on the other hand, can use the same APIs to combine the digital services offered by other companies with their own platforms (Finextra, 2019).


Why screen scraping is dangerous

Before PSD2 was implemented, and still to this day, some financial service providers use password sharing and screen scraping to provide their customers with the financial tools that open banking enables (OpenWrks, n.d.).

Screen scraping involves the kind of password and login credentials sharing where customers are required, by third party providers, to forfeit their usernames and passwords directly to the service. The third party then can log into their account and access the data whenever they want to. This method of accessing data leaves customers vulnerable.

Password sharing means that these service providers are given unlimited access to customer data - there's no built-in tool for regulating access duration. The only way to certainly withdraw access for the company is to change the account password and other security details (Global Banking & Finance Review, n.d.). The biggest danger is that screen scraping may compromise customer protection when it comes to fraud (GoCardless, 2017).


How open banking is kept safe

Security is the most important aspect of open banking. Not only is it important at the API management level, but banks also take extra precautionary steps to ensure that the data remains in safe hands. Features like Strong Customer Authentication (SCA) and Consent Management are essential. Consented access gives control to bank customers and means no data is accessed without their knowledge. SCA means that two-step authentication is available that doesn't impede the user experience. Many banks also have fraud detection mechanisms to identify fraudulent transactions. 

Luckily, for financial product and service providers, it's not as easy as just asking for a customer's online banking credentials. Third-party financial service providers are obligated to demonstrate necessary data security for banks to even be able to exchange data with them in the first place.

In Europe Nordigen uses official PSD2-regulated APIs to connect with banks. In turn, Nordigen's API serves fintech companies and developers in 31 European countries, including the UK. APIs mean financial data is securely shared, and personal data, such as access details, is encrypted. 

In general, all providers must comply with data protection rules. The provider is responsible for telling customers how the data will be used, for how long, and what they will do with it - all before customers give their consent (Noble, 2020). This means that open banking APIs provide  transparency and control to customers regarding their financial data. This control enables them to better understand their data and how it is shared. Within regulated open banking infrastructure, customer data is guaranteed to be secure.



Global Banking & Finance Review. (n.d.). IS OPEN BANKING REALLY SAFE? Global Banking & Finance Review.

GoCardless. (2017, July 19). Screen scraping 101: Who, What, Where, When? The Open Banking Hub.

OpenWrks. (n.d.). How secure is Open Banking? OpenWrks.
Noble, J. (2020, December 31). Open Banking explained. MoneySavingExpert.

Siat, S. (2020, June 3). 7 Statements on Open Banking - and Why They are Myths. Retrieved from SIX:

Zingo, C. (2018, July 19). Open Banking Myths Debunked. Retrieved from ABA Banking Journal:

share on facebook share on linked

Article by

...Laura Aasheim
Recommended articles
API docs

This document explains how to integrate with Nordigen API to connect to your users’ bank account and access account information from bank PSD2 APIs.

API docs
Contact sales
Join our Newsletter

We frequently share industry news and Nordigen product updates to our closest friends, fintech innovators and industry experts. Sign up to our newsletter to hear more from us.

By providing your email, you accept
Nordigen's Privacy Policy.