Canada’s banking sector is legendarily stable. However, this stability comes at the cost of innovation. Canada lags behind peers such as the EU, UK, US, and Australia in an area I care a lot about: open banking.
The premise of open banking is that consumers should be free to share their financial data with the third parties of their choosing, such as a budgeting app.. I have been following open banking in Canada for years now, ever since I started closing tracking my own finances. For a long time, I have been looking for a better way to export transactions than logging into my bank’s website and manually downloading a CSV file representing a certain time range.
Over the years, people have tried to solve this problem by writing third-party packages to retrieve data from specific banks. However, these packages were fragile and prone to breaking, and they usually relied on you providing your full account credentials, granting them to ability to impersonate a login to your account. Shockingly, this is actually the default security model for Canadian fintech companies: even a humble budget app must be given your username, password, and (implicitly) the ability to take any action on your behalf. Needless to say, this is at best a grey zone for liability, since you are willingly handing over the keys to the kingdom to a third party.
The Canadian government’s open banking page explains the problems with this so-called “screen scraping” access model:
Fintech apps that use screen scraping require you to provide your online banking username and password to access your financial data. They use this information to automatically log into your bank account as if they were you. They then transfer your data to an external database that supports their products and services. […] Say you provide your online banking username and password to another party like a fintech app. You may lose the protection your bank offers against unauthorized transactions.
However, until open banking is implemented, there are very few alternatives to handing over full control of your bank accounts to any app you want to have automatic access to your financial data. Banks do not offer APIs to access your financial data. But if all goes to plan, that should change this year. I look forward to a time when I can update my budget tracker with a simple pull from a read-only API endpoint.