Unfortunately it seems that the biggest application of open banking (beyond "see all of your accounts in one app") are these type of credit risk analysis products with opaque (to the individual) algorithms responsible for informing decisions that have a potentially massive impact on a person's life. To apply for credit (such as a mortgage) you're required to connect your bank account to these services via Open Banking, allow them to extract all of your transaction data and trust that they make reasonable, unbiased and fair recommendations based on that data.
While I understand that high value lenders (e.g. mortgage providers) made similar assessments based on submitted paper bank statements, the massive proliferation of these services using Open Banking (or worse, screen scraping after requesting your account credentials) is concerning. Especially in cases where they use difficult to reason about AI/ML algorithms. The volume of data that can be gathered far exceeds the n-months bank statements typically requested by a mortgage lender, and it seems that most lenders use third parties like Credit Kudos rather than doing the same risk analysis in-house. Generally speaking, I don't trust them and their networks of partners and contractors to keep my data secure.
And it looks like it's becoming increasingly difficult to avoid these services when applying for a mortgage.
I already dislike the requirement of submitting to a credit check for services that aren't lending (and thus don't have to comply with finance-related regulations), have a fixed cost and can be trivially cut-off in case of non-payment such as internet or telephone service. Sadly, this battle has already been lost and the practice has been normalized; most people don't bat an eye and in monopolized industries they don't have a choice anyway.
Open Banking making this even easier is not a good thing as it just means more and more companies will now be doing this, with the inevitable overreaching data collection that follows.
At least with a credit check, all the information they get is identity verification and a very high-level overview of any credit accounts you have open and whether they're in good standing.
With Open Banking, they get a full account history, including detailed timestamps and locations for card purchases (if the bank supports it - modern banks do, and it's just a matter of time before legacy banks catch up). That's a lot of personal data which can be misused for discrimination, price segmentation, etc with very little oversight.
This was one of the biggest shocks for me. Other places you can pay a deposit (approx one month bill) in advance and they’ll cut you off if you go over it. No credit check required.
Last time I moved between states, I asked and was able to pay a deposit to avoid the credit check. I randomly got it refunded several years later after I'd forgotten about it.
Of course that was over a decade ago. And if this data becomes another revenue stream, of course that won't be an option.
> services that aren't lending ... such as ... telephone service
I'm in Canada, not the UK, but the last time I had a post-paid plan with a cellular ISP (~2015), they actually structured it in the contract as some type of revolving credit instrument, where your "credit limit" is the maximum outstanding invoice amount you can have before they cut your service off. Like any credit card, this actually involves the cellular company — as underwriter of the loan — locking up some of their own assets for each customer account, commensurate to said credit limit. That small amount of extra revolving credit showed up on my credit report!
My understanding is that they do this because, much like a credit card, cellular accounts can actually generate non-predictable-to-the-underwriter charges. Long-distance (esp. 900) peerage fees, instantaneous charges from SMS short-codes, and purchases through SIM Toolkit "apps", can all bill a cellular account directly; with the latter two classes of fees not being settled after the fact, but rather settled immediately (so the relevant merchant can receive their cut), with the cellular ISP temporarily footing the bill for them until you pay.
In the UK I think for at least a decade. I think I can remember submitting to a credit check for a mobile phone contract in 2012, and certainly again when I changed provider in 2015
Open banking (the actual regulated type in UK and EU) replaces (1) the need to rely solely on credit bureau data to understand someone's creditworthiness, which is often faulty or incomplete (2) the need to share paper/PDF bank statements (3) the need to share banking credentials with tech companies that do "open banking powered by screen scraping".
Because open banking is regulated, consumers now have a layer of protection that they didn't have before. And more people can prove their actual creditworthiness (as opposed to whatever credit bureaus think their creditworthiness is).
Full disclosure: I'm a cofounder of Nordigen, a freemium open banking platform. Views biased.
I'd be open to sharing banking data this way if there were strict controls at the user level. E.g. share the previous 3 months, 6 months, and so on. Also a way to ensure that it's one time only and not a continuous monitoring type situation.
If that were the case, it'd be a more convenient alternative to sharing statements as opposed to a massive violation of privacy.
Open Banking regulation has very little impact on how the collected data will then be used.
A separate regulation - the GDPR - would cover that but raising a complaint is very difficult and a complaint would involve the subject being aware of their data being misused; you can't complain about something you don't see.
My worry about Open Banking is that it makes it much easier for companies to collect a lot more data and would normalize the practice even more.
Currently there's already no reason for a credit check to be required for a lot of services such as internet or phone service (those aren't lending any money and can cut off the service in case of non-payment), but at least a credit check gives them very little personal data compared to Open Banking - I'd rather not have to give them even more data.
The best (and the only working) way of data protection is to never send the data.
...until it is no longer possible to function as a normal economically active member of your society without "consenting" to the data sharing. As others have said that might mean that you can no longer get a phone or a mortgage in some cases. Given the financial services industry doesn't exactly have a glowing reputation for either responsible handling of personal data or fair and rational decision-making processes some middle ground will need to evolve here if widespread abuse is not to be an inevitability.
That's the thing, until this Open Banking stuff, I simply shared my bank account statements where I filtered out whatever I didn't want them to know - and I was sure that only few people in a local bank branch will see it, and the papers were disposed later.
Now I'm avoiding all this stuff like the plague. I'll never hand out access to my bank account through API to anyone. No inter-banking features or cool fintech apps for me, but oh well. My bank has good enough offer and the app is nice too.
Depends what kind of subscription you have. If you take a subscription with a phone then I think it fair the phone paying plan gets marked. But if you only have a monthly sim only plan I don't think it is not needed.
> Because open banking is regulated, consumers now have a layer of protection
I'm sick of regulated solutions and generally moving toward more governmental reliance.
I wouldn't need a student loan or a mortgage if the government wouldn't cause inflation and back loans for every milestone of adulthood.
College and homes used to just be affordable. Everytime we bring in governmental assistance and regulation, we all just lose--well, not the players in the regulated and Frankensteined market, but normal people all just lose.
There's a certain irony (and ignorance) to this comment when you consider that house prices in the UK only started spiralling when councils were forbidden from building new social housing by Thatcher.
Previously 'governmental assistance' of council house building was the major house builder in the UK.
I won't deny my ignorance regarding the UK housing market. Here in the US, housing prices are clearly inflated by Fanny/Freddy and artificially low mortgage interest rates.
> Fannie Mae and Freddie Mac were created by Congress. They perform an important role in the nation’s housing finance system – to provide liquidity, stability and affordability to the mortgage market. They provide liquidity (ready access to funds on reasonable terms) to the thousands of banks, savings and loans, and mortgage companies that make loans to finance housing.
According to an economist piece from last year, both the US and UK have made it a policy of only allowing housing prices to drop when it’s essential and then only temporarily. This isn’t a sustainable method but unlike on the continent (Europe) having a house is an important cultural symbol (to Americans at least) and voters have come to see any decline as proof of poor leadership and it tends to result in bringing the opposition to power.
At some point we will have to allow housing to correct. It’s up there with social security running at a loss as problems we leaving for the next generation.
It is the responsibility of government to set the environment in which businesses can operate (since businesses are meant to operate towards maximum profitability.) I don’t understand people who don’t see a healthy role for regulations in a market economy.
I understand your concerns, but the alternative (at least in the U.S.) of credit agencies are absolutely abysmal. Despite the privacy concerns it's difficult for me to imagine more data not improving the current state.
For 10 years I had to fight one of the 3 major U.S. credit bureaus to get them to remove a bankruptcy that was showing on my report because a relative with the same name happened to have a bankruptcy in their past. Think about how incredibly stupid that is - I was 18 at the time, so according to this report I started a business at 12 and filed Chapter 11 at 16. I had a different social security number, address, and DOB that should have made things painfully obvious, yet still the burden of proof was on me to show why this report was false. Oh, and you can only challenge it by snail-mail (at least back then). If you don't get a response, there is no number to call, no address to visit, and practically speaking no way to challenge the agency short of hiring a lawyer.
Not to mention the obvious problem of credit bureas relying on length of history as a primary determinant of credit-worthiness. I don't like debt so I didn't get a credit card until 28, and did so then only because I knew I needed to build history if I ever wanted a house. If you are a responsible steward of your finances and choose to avoid debt in lieu of paying with savings, then that lack of history may preclude you from getting a loan in the future. You could have a $2mm net worth but that credit history will still be a problem with traditional lenders.
It's worse for immigrants - the U.S. credit agencies often don't interface with their home country's agencies. Imagine a responsible 60 year old adult with a pristine record in their homeland, viewed as a risky borrower by the bureas here due to lack of history. Another problem is not having a large enough number of credit accounts. I don't need more than one card, so I just use one card, but that's a negative on my report because the agencies wan't to see multiple "revolving accounts" (credit cards) holding a balance. You have to... wait for it... have more debt to show that you're good at managaging debt.
I could go on at length about how shitty the 3 main bureas are, and if this comes off as ranty it's because, if it's not obvious, I absolutely despise them and would love nothing more than to see them relegated to the graveyeard in short order.
"You have to... wait for it... have more debt to show that you're good at managaging debt."
Suddenly made sense, despite being intended as sarcasm / surrealism. Everything else in life, I get better at by practicing. Debt may be similar; getting that first credit card, regardless of age, CAN be alluring temptation to max out. Some history of on-ramped, well managed debt, makes sense would be a prime proof that "one can manage debt" :-/
> You have to... wait for it... have more debt to show that you're good at managaging debt.
It is quite a strange system to me from a non-American perspective. A US acquaintance of mine told me their parents signed them up for a credit card as a teen so they could “build credit” early on.
Yeah it is so strange to all the young Europeans - until it slaps them in the face once they need a loan and must scramble to learn about it and have to suffer the consequences of having none of it because they thought it's some weird American thing.
The US way is extreme, but credit absolutely does exist here and works the same way - you'll get much better deals for insurance and loans if you have it, and it takes years of payments without issues to build it.
It depends on the country. Some countries subscribe to the idea that all credit is bad credit.
I grew up in a system where only negative credit history was shared between banks. If you had no credit history, you had perfect credit history. Your creditworthiness depended on having regular income and paying bills in time. Based on that information, banks determined an overall limit for all your loans and other forms of debt. If you had a credit card, you would get a smaller mortgage. Large credit limits relative to your income and spending signified risk rather than creditworthiness.
Does it really work like that in practice, or are there """bonuses""" you can get if you prove your credit?
Here in Czechia, it's like you say, no history = perfect credit - but as I said, you'll get much better deals (after counting in bonuses) if you have proven your credibility - and the normal deal you get with only "perfect" credit is nearly a financial suicide. Building your credibility by having a credit card (and paying on time) is as good idea here as it is in the US because you don't pay interest until the next month so it's free.
The only difference is, in the US it's institutionalized (and thus transparent) whereas here I have to do under-the-table dealings with the bank's independent sales representative. Sucks, IMHO.
Creditworthiness is (was?) based on stable income and spending habits in Finland. Credit cards used to be niche products for foreign travel and later online purchases.
Used to be niche here as well, but nowadays it's a useful tool, especially with the modern banking apps. It also has really cool and free year-long worldwide travel insurance, something that would cost me a lot of money otherwise. And I get discounts for using it to pay for hotels and car rentals and accumulate airline miles with every purchase.
Really, we in EU get all the good features with none of the bad things that the US people suffer from. I recommend to ask your bank about their available deals.
In the banking app, I was watching my credibility directly affect the loan offers available to me in real time. I got my interest rate down to half of the usual deal (which is based on my income and expenses) after a year of paying back on time. It really pays off.
At least in the US, the Fair Lending Act imposes an explainability requirement on credit-granting decisions. If the UK has a similar act (I'd be surprised if it doesnty) I'd expect there to be some interesting challenges over this in the near future.
And it looks like it's becoming increasingly difficult to avoid these services when applying for a mortgage.
Chase is guilty of this.
I went to a Chase branch a few years ago to ask about a mortgage. The banker put my SSN into the computer, and told me the computer said no. No questions about my income, no request for financial statements or account balances, or anything. Just that the computer said not to bother continuing the process.
I asked my accountant about this, and she said it was because of the way my income was structured, and that the computer "pre-approval" process has no way of understanding most of my six-figure income because my life isn't so simple that I can use a plain old 1040-EZ.
I'm sure that some banking middle manager sees these "AI" systems as wonderful things that reduce risk, or cut expenses because human beings are no longer needed to make decisions. But they hurt real people and contribute to the ongoing housing crisis. But, hey, as long as some MBA can use his budget-trimming bonus to buy a second boat, that's all that matters.
> are these type of credit risk analysis products with opaque (to the individual) algorithms responsible for informing decisions that have a potentially massive impact on a person's life.
I once used this for a personal home rental application, and it automatically slurped in all my business incoming invoice payments and based on that was like "Yeah you can afford lots of rent!"
I'm (just) old enough to remember bank managers that managed banks (OK branch managers) and requesting loans where someone would review your history by eye and make a decision on that and a few well chosen questions.
This was also a place that opened at 0900 and closed at 1700 and was not available at 1200-1300 and also couldn't be arsed to help you out arbitrarily. You had to take time off work to visit a bank - yay! Meanwhile they made profits from your credit balance (investments) and your debit balance (interest). Go overdrawn? that'll be a letter (£25 in 1995ish) and punitive interest.
That was the past but: Banks are profit generation centres. My personal wealth has (there's always the mattress) to be lodged in a bank and they insist on making a profit out of me.
Apple have offered the best credit card experience I have had the pleasure of. I cannot recommend them enough. Being able to text support alone is enough of a draw for me. I've closed most my other accounts at this point besides my travel card.
> screen scraping after requesting your account credentials
Sounds very odd. Handing your log in credentials to anyone is against the rules not to mention common sense. Even the bank itself will never ask for that. My bank's website has warnings about this right on the front page.
While it is indeed odd companies are making fortune out of this. Plaid is a recent example which was in news for failed acquisition by Visa (shot down by DoJ no less[1]). Yodlee is another old timer company. Why do regulators not go after such companies is beyond me.
I understand, but Open Banking has been wonderful. My main German bank has a crap app, but I can use the excellent one from the Sparkasse to access my DKB account, which has made life far easier. Plus all my accounts are in the same app.
What makes you trust your current bank or credit union to keep your data secure that doesn't make you trust these open banks from keeping your data secure?
I don't particularly trust my bank, but I do try to minimise (as much as possible) the number of organisations with which I share my transaction data.
It's probably worth clarifying that there are no institutions that would be categorised as "open banks"; Open Banking [0] is an umbrella term for a set of technologies (primarily APIs), regulatory frameworks and standards which allow easier integration between businesses in the financial services industry. The bar for getting access to those APIs is high enough that it would generally exclude customers who'd like to query their own accounts from their own software, but not so high to stop the proliferation of startups keen to monetise and analyse customer transation data. For the most part, in the UK you can't just ask your bank for an API key and use it to pull transaction data from your own account but your mortgage lender can require you to share that data with a third party as a condition of extending a line of credit.
I believe this is how Experian Boost works in the UK; you can "boost" your Experian credit score by linking your bank account via open banking and allowing them to analyse your transaction history. However you would need to read (and fully understand the breadth of) their privacy policies and terms and conditions to understand how your transaction data is used (and how it may be used in the future).
One of my primary concerns is around data being shared on, and on, and on. Regulation helps a little, but I'm afraid that we'll end up in a similar situation as we have with other types of data online (analytics, advertisement targeting and telemetry) where you may opt out of certain types of data collection but find that next tab on the opt-out dialog lists hundreds of partner organisations with a "legitimate interest" in your data. And with financial services, it's even more sensitive - it would be disastrous if people were excluded from applying for a mortgage because they refused to share incredibly detailed transaction history with a third party credit risk firm. And worse still if, upon sharing that data, they were denied a mortgage because placing an occasional bet online, subscribing to an OnlyFans creator, spending thousands at the Apple store and trading some disposable income on eToro fit a pattern that a black box algorithm deemed high risk.
It would be better to have credit decisions not rely on such invasive analysis of personal data.
While I understand that high value lenders (e.g. mortgage providers) made similar assessments based on submitted paper bank statements, the massive proliferation of these services using Open Banking (or worse, screen scraping after requesting your account credentials) is concerning. Especially in cases where they use difficult to reason about AI/ML algorithms. The volume of data that can be gathered far exceeds the n-months bank statements typically requested by a mortgage lender, and it seems that most lenders use third parties like Credit Kudos rather than doing the same risk analysis in-house. Generally speaking, I don't trust them and their networks of partners and contractors to keep my data secure.
And it looks like it's becoming increasingly difficult to avoid these services when applying for a mortgage.