Consumer groups and fintech firms at loggerheads over screen scraping

European consumer interest group BEUC has waded into the screen-scraping debate, urging banking authorities to ban the practice in favour of the creation of a harmonised interface for customer data sharing.

  8 7 comments

Consumer groups and fintech firms at loggerheads over screen scraping

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The consumer lobby has come down firmly in favour of the European Banking Authority's rebuke of the EU Commission's proposed amendment to the Regulatory Technical Standards for PSD2 aimed at overturning a policy proposal to ban screen scraping in favour of the use of bank APIs.

Fintech firms have reacted angrily to the EBA's riposte to the Commission, accusing it of displaying unfair bias by protecting the interests of banks.

Ralf Ohlhausen, business development director PPRO Group and a member of the 69-strong Future of European Fintech Alliance, says: “The EBA’s approach would disable existing, well-working payment initiation as well as account information services, which are very popular and widely used amongst consumers. It would undermine the most used business model of the European fintech industry, one of the world’s biggest growth industries and one of the few areas in which EU tech companies have a lead over their Silicon Valley competitors.“

BEUC counters that the continuation of screen scraping would raise security concerns by providing third parties with access to data which may not be needed for the services provided.

The organisation is nonetheless sympathetic to the plight of fintech firms.

"We recognise that the proposal as it stands could create technological chaos," states BEUC. "If screen scraping is forbidden and every bank in the EU is free to develop its own interface for fintechs, it could be potentially lead to thousands of different interfaces. This would be unmanageable to fintechs and would unfairly favour the incumbent banks."

Instead BEUC is calling on the EBA to redraft the rules to mandate the development of a unique, harmonised API to which all banks and fintech firms should adhere.

"This would allow fintechs to enter the market and increase competition in the field of payments which consumers warmly welcome," the statement concludes.

BEUC's position was made clear at a presentation to the European Parliament on Tuesday morning. It was joined by banking lobby group's in opposing the EU amendment.

In a joint statement, the European Association of Co-operative Bank and the European Banking Federation, derided the Commission's fall back proposition, arguing that it “increases cost, fragmentation compromising the development of APIs, provides a competitive disadvantage to new entrants, a lack of improved technical reliability,
incompatibility with PSD2’s security requirements, supervisory constraints, and unclear consumer understanding and consent”.

Sponsored [New Impact Study] Catering to a new generation through unified card programmes

Comments: (7)

A Finextra member 

Sounds like a fairly sensible approach to me. I'd everyone was required to adhere to a common interface standard wouldn't that give the Fintech's the certainty and access to the customer data held by the banks that they so need? As a consumer I wouldn't be happy disclosing my bank access passwords to any 3rd party. 

Russell Bell

Russell Bell Director at Fastbase Ltd

It's no surprise the BEUC supports the EBA, they always do.  On banking issues they're a banking industry lobby not a consumer lobby.

As a consumer you're not forced to give your bank access passwords to a third party, but if you want to do so why shouldn't you ?  Only the banks benefit by making it illegal.

A Finextra member 

@Russell. Errr. Wouldn't disclosing my bank access passwords to a third party put me in breach of the bank T&C's and leave me open to chargeback in the event of fraud taking place in the same way that I'd be liable if I shared my pin number? 

What's wrong with BEUC advocating the use of a common interface that protects consumers from such accusations while at the same time ensuring Fintech's have the access they need? OK it'll take a bit longer and changes will be required, but in the long term isn't that the best outcome? Screenscrapping really shouldn't be necessary (or the norm) in the future. 

Russell Bell

Russell Bell Director at Fastbase Ltd

Disclosing credentials is a risk many people seem to be willing to take; present-day banking is all about who you choose to trust.  Breaching T&Cs is academic unless a dispute arises.  If a common API is well-designed and well-implemented the third parties will adopt it in droves as it's reputation for marvellousness spreads, as it proves it's natural superiority to screen-scraping.

The BEUC isn't "advocating" the use of a common interface: pushing for compulsory adoption isn't "advocating." Compulsion is only necessary if you want to force the third-parties to do something that is not in their interest.  In other words everybody knows the APIs will be rubbish.

Roberto Garavaglia

Roberto Garavaglia Independent Advisor at Innovative Payments & blockchain Strategic Advisor

@Russel Bell

Hereafter a not (yet …) exhaustive list of Open API / Framework initiative in EU zone:

- UK Open Banking: the bank-funded entity mandated by the Competition and Markets Authority to provide new ways for customers to share their financial data with non-bank providers;

- Berlin Group: Berlin Group NextGenPSD2 Taskforce has recently announced the creation of an open, common and harmonised European API standard to enable TPPs to access bank accounts under the PSD2;

- Open Bank Project: Open Bank Project’s open source API technology and surrounding ecosystem of tools – together with a vibrant Fintech developer community - helps banks rapidly engage with the next generation innovators safely and securely;

- CAPS (Convenient Access to PSD2/Payment-related Services): CAPS market initiative is a large multi-stakeholder coalition-of-the-willing that aims to make PSD2 work safely, in practice and at scale for all. It is an open forum that proposes solutions to the technical, business and operational issues faced by potential PSD2 stakeholders across Europe.

Are all “rubbish” initiatives for you …?

 

Russell Bell

Russell Bell Director at Fastbase Ltd

These are all proposals, announcements.  Worthy intentions are not the same thing as results.  The first sentence on theodi.org reads "If implemented effectively, open banking will unlock innovation that will transform and improve the customer banking experience."

If.

Why would the proponents of these initiatives push for compulsory adoption ?  Only if they believe the projects will fail.  Technical complexity is the IT equivalent of the "fog of war" allowing the banks to blame the eventual failure on the fintechs.

Ralf Ohlhausen

Ralf Ohlhausen Executive Advisor at Pay Practice

@Russel: many thanks for all your comments, which I fully agree with.

@everyone else: unfortunately, none of the listed API initiatives would enable existing TPP services to continue, because they:

1) degrade the user experience, by requiring registrations and/or forcing them to navigate between different websites and screens

2) do not support real-time PIS, by neither providing payment confirmations nor the data needed to mitigate the non-execution risk of payment initiations

3) do not support comprehensive AIS, by not providing access to non-payment accounts

TPPs will be VERY happy when the BEUC dream of a single EU-wide API, which supports all that, becomes reality. In the meantime, we need user-permitted direct access (via the user interface) and automated navigation (screen scraping) to continue providing the services customers want.

[Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming MandatesFinextra Promoted[Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming Mandates