Screen Scraping : Better is not good enough

WidasConcepts: Banks and third parties benefit from EBA’s decision

Wimsheim, 25. July 2017              The possible recall of the screen scraping announced by the EBA from 2018 is controversially discussed. Particularly, Fintechs see their interests and business plans buried down. Thomas Widmann, CEO of WidasConcepts, recognizes opportunities for third-party providers and banks in the new directive.

Screen Scraping has been for some years now, an established technology, with which Fintech and other third party providers – access the account data of their customers. However, the method involves safety risks. Customers place security-relevant data with the provider who performs screen scraping. They run great risks in doing so.

WidasConcepts_Thomas_WidmannSecure interfaces are an investment for the future
The fears and complaints of the Third Parties are indeed understandable at first sight, especially with regards to investment protection. Likewise, it is to be acknowledged that the EBA -with PSD2 and other measures, creates the basis, by which a clearly improved concept can be implemented through secured interfaces with explicit consent from customers and secure accesses.

The interfaces designed according to the new guidelines are essentially more stable than screen scraping can ever be. The issue of investment protection is also to be differentially seen: the software maintenance costs are lower for a lasting interface also for Fintechs than for screen scraping. Here adjustments have to be constantly undertaken in order to read the account data of the users – for example, when banks redesign their websites which then are built completely different.

Securer is better: Fintechs should help shape standards
The experience with modern customer identity management solutions shows that this is by far a more advanced and secure alternative to protecting customer information. The long-term stored customer numbers and PINs can not keep up anymore. The supposed investment protection of the Third Parties are faced now with the topics of Security and PSD2. It quickly becomes clear: Better is not good enough. Customer identity management solutions such as cidaas offer as the standard technical procedures for authorization OAuth2 and OpenID: Uniform standards that should be used by all banks. Bank APIs should also be convergent for all banks. Up to now, the EBA has not yet defined a standard, de facto standards can be established at this point. A real opportunity for third-party providers and fintechs: They have the know-how and the possibilities to contribute to this de-facto standard. After all, Third Parties will have a strong say when it comes to customer satisfaction and customer experience. With a transitional period of 6 to 9 months in case of a ban on screen scraping, it would certainly be possible for all parties involved to adapt to the new guidelines and standards and to profit from them.