back to article Funny story, this.'s 'open banking app revolution'. Security experts not a fan of it

UK banking industry regulators are pushing banks to offer customers access to their data through shared smartphone apps. The new rules from the Competition and Markets Authority are designed to promote transparency and clarity while providing an incentive for customers to switch providers. The model is taken from the UK's …

  1. Anonymous Coward
    Anonymous Coward

    The collapse of nearly every empire or dynasty was characterized by an over-dependence on financialization, over real industrial output.

  2. Anonymous Coward
    Anonymous Coward

    So, get ready

    for the end of "free" banking.

    If i could ditch my bank account altogether, i would, in a heartbeat. But my employer insists they pay my wages into a bank account, in fact its in my contract FFS.

    Get ready for an exponential increase in fraud claims. Most will be genuine, a lot will be opportunistic scallys dipping their toes in the water to see what they can get away with.

    Its a fucking enormous con. Viz top tip of the day? DONT use a banking app....

  3. Anonymous Coward

    Breaking news

    Firm peddling "app security" to security concious app market says "oi, don't all go and use the same app you bastards!" shock!

    Film at 11

  4. Will Godfrey Silver badge
    Thumb Down


    So how do I go about formally demanding that my account accepts No mobile access?

    1. Sir Runcible Spoon

      Re: Security?

      I suspect in the same way that you ensure your account doesn't accept contact-less payments - don't set it up in the first place.

      1. Anonymous Coward
        Anonymous Coward

        Re: Security?

        You dont get that option in many banks. it is either use our card or dont.

      2. F0rdPrefect

        Re: Security?

        Which requires you to be very, very firm with your bank, or punch the appropriate hole in your cards.

    2. BebopWeBop

      Re: Security?

      Well I find it useful to be able to look at the contents of my current account (being in the middle of nowhere and occasionally wishing to do so out of working hours), but that is all I want. I made a polite request to Virgin that the only access I wanted to allow to the account was read only - after their security checks. Everything else would require a visit to the bank or a telephone conversation. And lo and behold they just did it. Cant even change contact details over the internet.

      1. AMBxx Silver badge
        Thumb Up

        Re: Security?

        First Direct get the balance about right for their account access on both mobile and web - any new payee or anything sensitive needs 2 factor. All the day to day stuff is just simple login.

        That said, I have Windows Phone, so not much chance of this app ever being available for me!

  5. Headley_Grange Silver badge

    Open Banking

    "Open" in the sense that access to my bank account will be via an Android phone that hasn't had a security update in 2 years.

    1. Anonymous Coward

      Re: Open Banking

      Well, that's your fault! You know you are supposed to replace your "ageing" device every 18months...

  6. monty75

    Competition and Markets Authority

    Promoting competition in the market for your stolen personal data.

    1. TRT Silver badge

      Re: Competition and Markets Authority

      Promotes customer choice. But not if you want to choose a bank that doesn't have all the online crap.

  7. Anonymous Coward


    ...Mrs Old Mrs Miggings will not only loose everything in her Current account, but also her savings account and her ISA

  8. Anonymous Coward
    Anonymous Coward

    Missing the point

    Perhaps if the C&MA knew quite how much of banking was still running on unsupported Win2K3 they might change their tune...

    1. Chris Harden

      Re: Missing the point

      Hahahahaha, win2k3?

      That's the _NEW_ PC right?

      Most of the banks still run on AS400s

      1. Anonymous Coward
        Anonymous Coward

        Re: Missing the point

        there's a lot of z Series kit out there too ...

      2. Anonymous Blowhard

        Re: Missing the point

        "Most of the banks still run on AS400s"

        Good! At least the script kiddies will have to work to get into one of those.

        1. Anonymous Coward
          Anonymous Coward

          Re: Missing the point

          They will get very confused about the version of iOS :)

        2. Pen-y-gors

          Re: Missing the point

          But that makes you think. Script kiddies confused, but a consortium of ageing Reg commentards with evil intentions could probably get obscenely rich in a very short time.

  9. Scott Broukell

    Debt and Data - the brave new currency

    <see above>

  10. I_am_Chris

    I'm all for online banking...

    ...but ubiquitous banking apps on mobile phones is a disaster in waiting.

    Plus, I doubt it'll do anything that the CMA claims it will.

    Maybe people aren't switching because, on the whole, UK banking is very good? I've only ever moved to take advantage of deals not because of bad service.

    1. Doctor Syntax Silver badge

      Re: I'm all for online banking...

      "Maybe people aren't switching because, on the whole, UK banking is very good? I've only ever moved to take advantage of deals not because of bad service."

      Really? More likely people aren't switching because they're uniformly crap having dead-heated in their race to the bottom. I've only ever moved because of bad service and am running out of places to go.

      1. TRT Silver badge

        Re: I'm all for online banking...

        I have limited experience, but my UK bank account stood head and shoulders above my Canadian one. Apart from the Canadian cheque book, that was very pretty indeed. So artistic I didn't want to write any cheques, in fact, as I'd then not have the full set of bird paintings worthy of an 18th century naturalist.

        1. Neil Barnes Silver badge

          Re: I'm all for online banking...

          I'm still waiting for them to explain how changing banks - where I've been for over forty years - will save me money. Given that I don't borrow money from the bank, don't run overdrafts, or take any other paid service.

          I give them money once a month, they give it back to me a bit at a time. On rare occasions they may even add a few pennies to the account, but that's about all I expect.

          There will be a letter written to the bank shortly, saying basically, don't do it with my account.

          1. Synonymous Howard

            Re: I'm all for online banking...

            You can make EASY MONEY by switching and taking advantage of savings offers (bank tarting).


            First Direct pay £100 to switch (and they are very chatty in the customer service department and their mobile app on iOS can use TouchID).

            Co-op pay £150 to switch (I've had an account with them for 20+ years)

            Halifax pay £100 to switch

            M&S pay '£100 M&S gift card' to switch (if you need a new suit, shirts, ties, ladies underwear)

            If you don't want to switch then why not open a new account somewhere put a couple of direct debits on it and then after a month or so switch that account to one of the above and make some money .. rinse and repeat.

            Also works for credit cards .. cash back on purchases and 0% interest for over a year (hint: put the money you would have used to pay off the credit card each month in to a regular savings account and earn up to 6% [firstdirect], 5% [nationwide])

            TSB pay 5% on up to £100/month in transactions using contactless or apple pay .. money for old rope ... you even get 5% on up to £2000 when in balance .. just pay in £500 per month (standing order it around from another bank and then back again).

            Remember money makes money but only if you make it work for you and not for the Banks.

  11. lasuit


    Congratulations. A link to your story has made it on the Google Finance page.

    1. Chris Harden

      Re: Mainstream

      'ere you young whippersnapper - I was reading The Register when Google was the weird new search engine trying to cut into Altavista's territory.

      Google should be proud El Reg was mentioned on their little page! :D

  12. Pen-y-gors


    There may be times when competition is a good thing. But personally I don't want to have to compete with the Russian mafia for control of my money.

  13. Alister

    I saw this on BBC News the other day, and at the time thought that an all-in-one banking app was a bad idea.

    Their stated aim is to "promote transparency and clarity while providing an incentive for customers to switch providers" but I cannot see that one-app-to-rule-them-all is in any way likely to promote transparency and clarity.

    Enforcing extra competition for the sake of it seems to be something this government have tried to do for a number of sectors, and it just doesn't work. I don't understand why they feel someone switching banks every six months is something to encourage?

    As someone posted earlier, maybe people don't switch banking providers because they are generally happy with the service they get - or, more likely, there is not enough difference between the services provided by any single bank which would justify switching.

  14. Commswonk

    How long before...

    ...anything resembling a normal life becomes impossible without a smartphone? I don't have one and by any rational assessment I don't need one. Apart from anything else I would begrudge the amount of money it would cost me to run one given that my current needs can be met from a PAYG "cheapie" that costs me something like £30 - 40 per annum to own and operate.

    I - and doubtless many, many others - am perfectly capable of running my life without being enslaved to a piece of portable electronics, but I worry that the day is fast approaching when it simply becomes impossible because all other methods of communication with the organisations with which routine contact is necessary cease to exist.

    "The Only Way is Smartphone". <Shudder>

    1. Anonymous Coward
      Anonymous Coward

      Re: How long before...

      £30-£40 a year on your PAYG phone? I manage with about £15 -- and have great pleasure letting salespersons from BT run on about their mobile plans -- for as long as possible -- before telling them that.

      1. BebopWeBop

        Re: How long before...

        Well, in the UK for about 7 months a year, and still have a contract with 3 for unlimited data, 5000 minutes and 5000 texts a month and international roaming (doesn't cover Oz though)

  15. Chris Harden

    It's already happening, all the CMA are doing is making the tech more robust.

    There are already companies offering this service for customers but with the transfer of online banking details and screen scraping, and while their security is top notch (we use one of them at work and their security guy is one incredible chap,) an API to access would make the whole process much more robust for us and our customers.

    As a customer of a bank I could allow access to my data with granularity and tightly control who got what, I could allow my smart phone access to my balance and transaction alerts, I could allow my family access to our balance buy not our spend (got to hide the pub spend somehow!) and restrict what third parties could see and access.

    That is, if people get behind this and do it well. If they don't we will end up with another MiData.

    1. Doctor Syntax Silver badge

      "their security guy is one incredible chap"

      I'd prefer credibility in a security guy.

  16. Locky

    This will never happen

    Mainly becasue;

    a - It makes a massive target for ID fraud - Hack on DB to get all of a person's financal data

    b - It is against FCA rules for a bank or you to disclose your account login details

    But it's a good soundbite, so thats okay

    1. Chris Harden

      Re: This will never happen

      No, no there really isn't.

      As the FCA publish everything online fancy pointing us to these rules?

      But you raise a good point - with an API you can use token based authentication instead of passing online banking credentials to a third party which IS HOW EVERYONE DOES IT AT THE MOMENT.

      Which is what makes this awesome.

      1. Zakhar

        Re: This will never happen


        Plus when you do a "risky" operation, such as a money transfer to external account, you require the user to add some credential that can range from fingerprint (easy but not that secure) to out of band authentication (not easy, requires another "device"). The strength of this second factor should depend on the risk incurred.

  17. Anonymous Coward
    Anonymous Coward

    but but but ..

    the Competition and Markets Authority is a government body, therefore responsible and grown-up about these things. They wouldn't have suggested this without having thought it through, done a detailed feasibility study and also having set aside sufficient funds to cover unlimited claims for losses following their stupid idea, would they?

    nurse ....!!

    1. Rich 11

      Re: but but but ..

      The CMA is doing its level best to distract everyone from the fact that it doesn't have the balls to do anything truly constructive with the retail banking market. The banks have spent the last two years lobbying against any changes to their business model being imposed upon them. This is the result.

      It's all smoke and mirrors.

  18. Anonymous Coward


    As soon as I saw this, I thought WTF?! Is the guy who came up with this idea naive or just plain feckin' stupid?

    Ever day we hear of new ways in which your device can be compromised by ne'er-do-wells. Lump all your accounts together in one place to be cleaned out. Yeah, great feckin' idea. Not.

  19. Nick Kew

    Am I the only one?

    Am I the only one to think that, compared to what the Energy Market folks are proposing, this is a thoroughly Good Thing?

    Energy market: we WILL circulate all your details to lots of spammers. You need to jump through hoops if you want to opt out.

    Banking Market: it's all in a smartphone app. So the opt-out is obvious.

    1. Sir Runcible Spoon

      Re: Am I the only one?

      "You need to jump through hoops if you want to opt out."

      Do you consider a phone call to opt-out of a smart meter to be 'jumping through hoops' ?

      I will say that the letter I got informing me that they were coming to change the meter over didn't give any indication that it wasn't mandatory - quite the opposite (without explicitly saying you *had* to have it).

      When I phoned up to say I didn't want it, ever, they asked for a reason. I just said 'security' and that was that - account updated with note to say not to install smart meter. Took about 5 minutes, Annoying, yes, but hardly what I would consider multiple hoops at height.

      1. Pen-y-gors

        Re: Am I the only one?

        I had a more effective way. Guy came to fit smart meter, I stood and watched, saying nothing bar chitchat about the weather. Waited for him to finish and test it at which point he discovered complete absence of phone signal, from anyone. I could have told him that! Half an hour later meter has gone and been replaced with nice shiny new oldstyle kit. I log in to their website every three months and give them a reading.

        Works for me!

      2. Nick Kew

        Re: Am I the only one?

        Who said anything about smart meters? I was referring to the energy regulator's proposals to circulate your details to every spammer and his dog if you decline to play their game and stick with a single provider for three years!

        Thou shalt be a whore or face the consequences!

        1. Sir Runcible Spoon

          Re: Am I the only one?

          @Nick, apologies for the assumption, but it seemed to fit.

          That's me that is -------->

  20. Richard Tobin


    API does not stand for "application protocol interface".

    1. Sir Runcible Spoon

      Re: API

      Gives you a warm fuzzy feeling to know that they are experts eh? :)

    2. TRT Silver badge

      Re: API

      The BBC report on it had me crying into my iPhone. They worded it like it was something new, almost unique to the banking industry and designed for price comparison websites.

    3. Snivelling Wretch

      Re: API

      Another Pathetic Intervention?

      1. Sir Runcible Spoon

        Re: API

        maybe it means

        Accidental Priority Incursion

  21. taxythingy

    Now why would I want that?

    They've got the right concept, but completely backwards focus. This open app rubbish is to make it easy to switch apps, but doesn't help bank mobility much, which is the problem needing a solution. Make it easy for people to switch banks (opening and closing accounts) and improve the back-end service capabilities (e.g. 24hr inter-bank transactions), toughen up on anticompetitive behaviour, and the banks will start competing or lose business.

    I'm just happy that the banks round here are competitive. You know: where they improve service, tech and options, waive fees, cut mortgage rates. In other words, the exact opposite of the British system.

    1. TRT Silver badge

      Re: Now why would I want that?

      Now stand in the middle of the town square and shout the following...

      All you bankers! I'm after the best banker. So who banks the highest?

      With your fingers in the corners of your mouth, pulling.

    2. Anonymous Coward

      Re: Now why would I want that?

      > Make it easy for people to switch banks (opening and closing accounts)

      Exactly. We recently spent two hours opening a new account to switch banks. The reason we switched was that the old bank closed the local branch. They said it was because everyone is now using mobile apps for banking. We have not yet found out how people deposit cash using a mobile app. The old bank closed the account, and started the letter informing local customers with "improving local service is important to us" or words to that effect. With the closure, the nearest branch would have been a 90 mile round trip away.

      Three months after switching, the new bank closed its branch.

      Remind me how a toothless regulator-mandated tech-gasm is going to improve retail banking again?

      1. TRT Silver badge

        Re: Now why would I want that?

        Ah well, you see this is all a drive to help the ailing high street. Instead of going into your local town or village to deposit cash in the bank, you can use it to buy goods and services from outlets in the same area instead. When you put it into the bank, it's immediately lost to the local area economy.

  22. Cuddles


    "The new rules from the Competition and Markets Authority are designed to promote transparency"

    To be fair, if transparency is one of the main goals this is actually a great idea. You can't get much more transparent than letting the whole world have access to everyone's financial information via insecure phone apps.

  23. Nano nano

    Jellybean counters ...

    Pretty useless anyway - Banking app (and eg. Barclaycard app) developers only seem to support the latest software version(s) in phones anyway, even though the base functionalities should not change over versions.

    So - my phone uses Gingerbread - why withdraw the app that supports that, when to display numbers and text, even Doughnut would do !

  24. Anonymous Coward
    Black Helicopters

    Just one icon.

    And no comment. Deduce the meaning yourselves.

  25. Roj Blake Silver badge

    The Real Problem with Switching Banks...

    ...Isn't that it's difficult to move direct debits etc over to a new account. The problem is all the regulations put in place by the government requiring 9,000 pieces of ID when setting everything up.

  26. kraftdinner

    Oh, those security experts

    Hmm, and how have our "security experts" been doing so far?

  27. Anonymous Coward
    Anonymous Coward

    Play it again

    The CMA is proving to be a bit of a one trick pony; share all your data so we can bombard you with stuff you don't want, and wag a reproving finger at you for not playing the game by our rules.

    It's as likely to work or prove popular with banking as it will with energy - they really should make at least a token effort to keep up with the prevailing public sentiment rather than engage in wishful thinking.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like