January 15th 2018
This weekend saw two separate significant developments in the world of finance that could have cause security issues for thousands of internet users in the UK. Please read this news item to find out what these changes are and their potential negative consequences.
Open Banking is a new and somewhat controversial reform introduced in response to a demand by The Competition and Markets Authority (CMA), the UK’s competition watchdog. From Saturday January 13th, all banks regulated in the UK have to let you share your financial data including bank and credit card accounts, utilities bills, regular payments and spending habits, with other banks or authorised app providers. The aim is to bring more competition to the financial services market, in turn leading to better products and wider choices. An app from one of these authorised providers – which are regulated by the Financial Conduct Authority – could recommend new financial products based on an analysis of your data.
Firstly, we should emphasise that you have to provide your express permission to the new provider in order to access your accounts and there is no obligation to do so, in other words you can continue to bank exactly the way you do now.
The reason you are reading about Open Banking on Get Safe Online is that it is widely agreed by experts that there are a number of security risks resulting from the new system:
– Most of the new app providers are small ‘fintech’ (financial technology) start-ups, and not internet giants such as Google, Amazon and Apple (although we are certain that they will have their own offerings before long). If these companies’ security systems are not strong enough to withstand the rash of hacking attacks that will undoubtedly take place – or there is an ‘inside job’ – your information and your money could be at risk. This is quite feasible when you consider the hacks on massive corporates with equally massive IT budgets. If these start-ups are not capitalised sufficiently to cover the claims which will result when the banks apportion the blame to them, the loss will be to you, the customer. We understand that the providers are taking out substantial insurance contracts to cover such losses.
– The next issue – and one that has been raised by NatWest – is that of copycat websites, designed to closely mimic those of the 3rd-party providers but set up purely to fraudulently harvest all of the confidential financial details which you innocently provide. These will look virtually identical to the real thing and have a web address which is almost indiscernible from the original.
– Thirdly, it is actually possible to use a legitimate 3rd-party provider that is not regulated by the FCA. This is definitely not advised: if you chose to do so and lose money as a result, your bank will not be obliged to reimburse you.
Credit Card Surcharges
Also brought in on Saturday was a ban on companies charging their customers a surcharge for paying by credit card.
Traditionally, organisations from small local businesses to government agencies like the DVLA have passed on – or made extra profit on – their bank charges for accepting credit card payments. Some surcharges have been as much as 20%. It is estimated that consumers in the UK pay £166 million annually in such charges. People pay by credit card for several reasons: to manage cashflow, because they don’t have the money to pay by other means, or because of the additional security afforded by credit card payments.
On the face of it, the ban on surcharges should be a welcome development, reducing customer costs. However, there are negatives:
– Because companies are still charged by their banks for credit card payments and are unwilling (or unable) to take the hit, many have already increased their prices to cover the shortfall … Just Eat is just one example, having introduced a 50p ‘service charge’. We recommend that you scrutinise prices, consider whether they are excessive and decide whether it is worth paying the extra. Of course, many prices will simply be quietly increased to cover the shortfall.
– A second, more sinister consequence is that fraudsters posing as legitimate companies like travel agencies will tell their unsuspecting customers that they no longer accept credit card payments, and instead need payment by bank transfer. Some bank transfer payment requests, of course, are perfectly legitimate, but they are also a favourite way for fraudsters to trick money out of their victims.