Open banking: sharing your financial data

We explain what open banking offers, the risks and how to share your data safely.
Chiara CavaglieriSenior researcher & writer

What is open banking?

Wouldn't it be handy to log into one website, or open one app on your phone, and see all of your accounts – all of your current accounts, credit cards and savings – in one place?

Thanks to an initiative called 'open banking', that is now possible. Developers of mobile and web applications can 'plug in' to your current account data in a secure and standardised way, if you give them permission to do so.

Since 2018 the biggest banks have been required to open up their data, including Allied Irish Bank, Bank of Ireland, Barclays, Danske, HSBC (including First Direct), Lloyds Banking Group (including Halifax and Bank of Scotland), Nationwide, NatWest Group (including RBS and Ulster Bank) and Santander.

Here we explain the benefits of open banking, how to make the most of it, and how to keep your data safe.

Be more money savvy

free newsletter

Get a firmer grip on your finances with the expert tips in our Money newsletter – it's free weekly.

This newsletter delivers free money-related content, along with other information about Which? Group products and services. Unsubscribe whenever you want. Your data will be processed in accordance with our Privacy policy

How can banks share my current account data through open banking?

Banks can share customer data by publishing what's known as 'open APIs' or application programming interfaces.

This technology is already used by many well-known companies to provide integrated digital services.

For example, Uber overlaps with Google Maps so that customers can request a ride without having to switch to the Uber app, while travel app Citymapper connects to Transport for London data.

What are the benefits of open banking?

The aim is to encourage innovation and improve competition, by making it easier for you to pay companies directly and manage multiple financial products. 

For example, HMRC has partnered with Ecospend to let taxpayers pay their bills directly from their bank account using open banking technology and there are budgeting apps that let you bring all of your financial accounts together. 

Ultimately, open banking could allow you to manage all of your financial accounts and household bills through a single digital platform, with the option of allowing apps to 'plug in' and offer more personalised and intuitive services.

An app might help you avoid charges or boost your savings by automatically moving money between various accounts. Open banking could also spur action in other markets, by encouraging you to look at your energy or phone bills.

How do I use open banking?

Once you've given consent to a third party using open banking, you'll be redirected to your online banking login page where you'll enter your security details directly – crucially, these details won't be shared with the third party when you do this.

You should see a list of any firms you've given consent to via online banking, and you can stop sharing data at any time.

Do I have to share my banking data?

No, if you don't want to share your data, you don't have to. Third-party providers will need your explicit permission before they access your data through open APIs.

That means you don't have to opt-out – if you do nothing, your data will not be shared without your consent.

How do I check a firm is authorised to offer open banking services?

Banks and third-party providers can only 'talk' to each other via the 'Open Banking Directory'.

This is the IT platform which makes it possible for them to exchange information securely via open APIs. To be enrolled on the directory, banks and providers must be appropriately regulated.

There is an online directory of regulated firms enrolled in open banking and you can search for financial products using the open banking system at the official Open Banking App Store. It's worth noting that banks may explicitly state in their terms and conditions that you are responsible for checking that any third-party provider you want to use is authorised, not the bank.

The Financial Services Register will also tell you if a third-party provider is registered and authorised to carry out one or both of these two activities:

  • Account information sharing services such as budgeting apps and price comparison sites that let you view accounts from multiple providers in one place.
  • Payment initiation services that allow you to instruct payments to be made directly out of your bank account, as an alternative to using a third party such as a Visa debit card or PayPal.

How do I complain about an open banking provider?

If you have a complaint about a provider, you will still have access to:

If you decide you no longer want a third-party provider to have access to your data, you should be able to easily revoke consent.

The nine participating banks and building societies should provide an 'authorisation dashboard' where you can see a list of providers with permission to access your account data. You can withdraw permissions whenever you wish to, at the press of a button.

Third-party providers are also being encouraged to offer a dashboard that lets customers easily review and revoke their consent.

Who is liable for fraud in open banking?

If you notice a payment that you didn't authorise, you can make a claim from your bank, even if that payment has been initiated through a third-party provider.

Your bank must refund you immediately, unless they have grounds to suspect fraud or negligence. If the third-party was at fault, the bank can recover the funds from them.

It may be more difficult to get reimbursed by your bank if you share your data with a firm that isn't regulated, or if you fall victim to an authorised push payment (APP) scam – where fraudsters trick you into making a payment into an account under the control. 

Every fraud case should be assessed individually so take your complaint to the Financial Ombudsman Service (FOS) if your bank refuses to reimburse you. 

Will my open banking data be safe?

Regulated firms aren't immune from cyberattacks and bank account transactions can include highly sensitive personal data about spending habits, political affiliations, medical care, family and friends.

And with a complicated chain of providers sharing access to your data, multiple parties could be potentially liable for loss of a personal customer's data though error, attack, or fraud.

The issue of 'consent' needs to be looked at carefully, so that consumers understand exactly what they are agreeing to when they share their data.

This is particularly important when apps or services combine open banking with other methods of data sharing. For example, if an app uses the open banking API to access current account data, but has to rely on screen-scraping to access data for other products such as mortgages and credit cards, it's vital that the distinction between the two is made clear.

Which? will be watching closely to make sure financial and data regulators work hard to safeguard consumers in this context, and build trust in these new services.


What should I do if my data is leaked?

Any regulated third-party providers you share data with is responsible for ensuring any personal data they process, store or transfer is appropriately and securely protected.

You can directly complain to the third-party provider you shared your data with in the first instance, and if they don't resolve the issue, you can lodge a complaint with the FOS. You can also lodge a complaint with the Information Commissioners Office.


What is the future of open banking?

The big banks wouldn't let you share your data if they weren't being forced to, but some (publically at least) have embraced these changes.

The big high-street banks will be keeping a close eye on tech giants such as Google, Facebook, Apple and Amazon, all of which have the status to transform the payments and banking industry using banking customer data.

In the future, it could be the tech firms that manage every aspect of your finances, and banks could be relegated to holding your salary and nothing else.

That said, it's still too early to say whether many consumers will take advantage of open banking. It's worth remembering that Midata - the government's previous attempt to encourage switching by opening up banking data - failed to have any meaningful impact.