Founding director of The Regtech Association and Verifier CEO, Lisa Schutz, has urged for the Australian government to follow in the footsteps of the European Union (EU) and cease screen scraping.
“I believe passionately that screen scraping should be prohibited as it is in the EU,” she told the Senate Committee of Financial Technology and Regulatory Technology on Thursday.
Screen scraping is the process where customers give a third-party company, such as a fintech firm, permission to access their data before taking a “snapshot” of it and using it to deliver a service or product to the customer.
She explained that while Verifier has the option to use screen scraping, it has instead chosen to access customer data under the 12 principles of the Privacy Act so it does not impede on the privacy of consumers.
“It’s the long way to get the right outcome … [but] it comes back to what is the 2050 Australia that we want to live in,” she said.
Schutz also took the opportunity to address how the Consumer Data Right, specifically Open Banking, would enable the sharing of data in a controlled and respectable manner.
The other alternative, she proposed, was to follow in the footsteps of the EU, which “put [a] sunset on screen scraping and that was for 18 months”.
The hearing, chaired by NSW Liberal Senator Andrew Bragg, also heard from Dave Stein, head of corporate development at Melbourne-based fintech startup Airwallex, who agreed with Schutz’s call to ban screen scraping.
“Screen scraping is bad technology. It’s just aided bad technology. It’s a way around barriers that exist, but it’s not actually trying to solve the underlying problem, which is helping people communicate and do what they want with their finances, pay the way they want,” he said.
“We don’t do that, we don’t use that, but for us it’s a technology decision. We just don’t want to invest in a dated technology.”
Read more: Rules drafted on how to access data under Consumer Data Right
On the other end of the spectrum was Raiz Invest general counsel Astrid Raetze, who argued on Thursday that screen scraping will always have two camps.
“There’s the banks and their views, and then there are fintechs who are not bank affiliated. Largely, the argument centres around the banks saying, ‘it’s bad, it’s wrong you have to shut it down’, and then there’s the fintechs who say, ‘we need it’.”
For Raiz Invest, they sit in the fintech camp and currently use screen scraping, Raetze said, alongside other players such as Xero, ANZ, and Macquarie Bank.
Raetze highlighted that without screen scraping, the only other alternative tool for the company to access data would be to develop APIs under open banking.
“What that doesn’t take into consideration is the disparity of resources between the two camps,” she explained
She said, based on guesstimates, the development process would cost the company a minimum of AU$1 to AU$2 million and require 6-12 months to complete.
“If you switch on open banking and turn off screen scraping … what you will do is hamstring the fintech industry,” she said.
At the same time, Raetze said it would also mean data holders, such as the large banking institutions, would have to be prepared to enable the building of APIs.
“We’d have to persuade CBA to build an API and negotiate with CBA (Commonwealth Bank of Australia), as an example,” she said, while also describing how based on past conversations with banks like CBA that it would be difficult to do.
The committee also questioned Raiz Invest about screen scraping in association to data security, which Raetze said puts customers and their data at “no risk”.
“We have the same level security and we do not transact on your account, so there is no risk to you,” she said.
Similarly, Illion managing director Luke Howes said banning screen scraping would be “simplistic and misguided”.
“I have never seen in six years, any consumer harm because it’s safe. Banning it will cripple millions of users and businesses who rely on it. If you ban it, you’ll send an industry back five or 10 years,” he warned.
Related Coverage
Credit: Zdnet
