PSD2: What you need to know about Screen Scraping and APIs

A PSD2 deadline is fast-approaching - and while it’s focused on making payments more safe and secure throughout Europe - it has raised questions on data access and the impact it has on consumers and businesses. Here we explain the background and different approaches to data access.

1. Why do companies want to access my bank data?

Banks are trusted holders of personal customer information. So as more service providers are entering the market, they require access to bank data to provide the most affordable, efficient and bespoke financial products and services.

Consumers and businesses use these services everyday, often via smartphone apps, to allow access to bank data in return to make their lives easier. Some examples of this are:

  • Payments — one-click shopping experiences, splitting bills with friends;
  • Money management — spending tracker, round ups, automated invoicing;
  • Loan advice — calculate real-time affordability, mortgage decisions

2. How do third party providers access my bank data?

You give permission for a third party to access your data - often through an app or website. They let you select your bank and after a few steps, the provider will access your data using one of two approaches - Screen Scraping or Open Banking APIs.

3. What is the difference between Screen Scraping and API’s?

Screen Scraping is a data-access method that logs into your bank account using your personal banking username and password as “if they were you”.

An Application Programming Interface (API) is your bank’s own dedicated interface that allows you to share data without sharing your bank credentials and, most importantly, allows you to control what data is shared and for how long.

4. How do I know if I’m giving permission to a Screen Scraper or an API-enabled provider?

This can be understood through how you are asked for bank data permission.

To enable data access via Screen Scraping, service providers will direct you to a screen that looks like your bank (but the domain name is different) and asks you to share your bank login details.

To enable data access via the bank’s dedicated API, services need your “informed consent”. You are informed about the level of data requested before you are transferred to your banks website and provide permission. An API directs you through a secure journey, using your Bank’s website, and you are NOT asked to share your bank credentials with anyone.

5. How much control do I have over these access methods?

Screen Scraping has unlimited access to your bank account. Using your login details, providers are able to access your data as often as they need to. Screen scraping can read and share information without the user knowing, meaning the user has a lack of visibility into which companies have access to their data permissions.

Using APIs provides a much safer and transparent way of accessing data. Your bank ensures service providers can access only the information you decide and only for a time period you set. You will be able to discontinue or cancel permission via the bank app or website. You and your bank can control the identities of services that access your data.

The European Commission mandates the banks to create API’s and prohibits the use of the Screen Scraping

6. What about data security?

Unfortunately screen scraping isn’t a secure method for accessing data. In the event of a data breach, the only action is to change your password. In the unfortunate event that this happens, use a strong password suggested by Google Password Generator.

However using an API, your consent allows service providers to receive an access token. In case of a breach, you, your bank or your provider can revoke access and the token is instantly invalidated.

7. Are these data access methods regulated?

Screen Scraping is not a regulated solution, meaning anyone can launch this type of application to capture sensitive information. Accessing bank account information or initiating payments via an API are regulated activities so the third party provider will be vetted and confirmed as a legitimate company.

8. What triggered the data access debate?

There were concerns around data privacy, particularly to sensitive information. The European Commission mandates the banks to create dedicated interfaces (APIs) and prohibits the use of the Screen Scraping technique. This is seconded by the FCA - the UK regulator - who believe that data sharing must happen over dedicated bank APIs and therefore should not require Screen Scraping by service providers.

Additionally, the General Data Protection Regulation (GDPR) states that sensitive data should be managed in a certain way but once a consumer gives away bank credentials, the screen scraper has unlimited access to all banking data.

The goal for PSD2 is about empowering innovation, in a secure way, to make financial services better and cheaper for everyone. We look forward to seeing positive steps towards a safer digital world!


Image description

Deepa Bhat

3rd September 2018

8 min read

A Service Provider’s Guide to Open Banking

By now, even people just remotely interested in financial services technology must have come across numerous news posts, social media hashtags (#openbanking #fintech #psd2) to very thought-provoking but jargon-filled white papers about Open Banking & Payment Services Directive 2 (“PSD2"), and the magnitude of disruption to the banking ecosystem as we know it. All sounds well and great, but most articles focus on What and When of Open Banking and idealistic changes.

Image description


18th December 2019

13 min read

What is Open Banking?

You’ve heard about it. You might’ve even used it. But do you know what open banking really is, the products and services it powers, and how it works? And did you know that it actually refers to two separate things?

Open Finance is transforming financial services and spreading across further financial products and services. We explore some of the immediate use cases where open finance could make a difference right now.
Financial services

Joe Terry

19th June 2020

5 min read

3 examples of what Open Finance can do right now

Build personalised financial experiences for your customers with Yapily. One platform. Limitless possibilities.

Get In Touch