Consumer protections: how do open banking payments compare?
We examine the security and protections provided by open banking when buying online.
Total open banking volumes are increasing: for the first time in alone, more than one million open banking payments were processed – compared to 300,000 for the whole of 2019. At the same time, card fraud is proliferating. According to data from the , card fraud is highest in the UK, with €10,414 lost per 1,000 people. This is impacting confidence in cards as a payment method, with saying they worry frequently about fraud when buying something online. As open banking payments become more ubiquitous in the UK, and more merchants offer it at the checkout, it’s important to understand: how secure are open banking payments, and what protections do they offer when something goes wrong? Let’s take these questions in turn.
How secure are open banking payments?Open banking payments are inherently secure and built for online:Every payment is strongly authenticated When a customer confirms their purchase and chooses open banking payments at checkout, they are sent to their bank’s app to strongly authenticate, usually with biometrics. This means their bank checks that the customer owns the phone or computer they are paying from, and uses fingerprint recognition or face ID before the payment is authorised. Open banking payment providers have been required to use strong customer authentication (SCA) since March 2018. Card issuers in the UK are not required to use SCA until No card details are shared with the merchant With open banking payments, the only details transmitted are payment instructions, which are sent securely to the customer’s bank, rather than the merchant. With card payments, in contrast, the customer shares their long card details with a merchant and these details are all that is needed for an unscrupulous merchant, or hacker, to process unauthorised transactions. This has led to over 2 million cases of card fraud in 2020, valued at £574m (according to ). Payment details are pre-populated When customers choose to pay a merchant using open banking, the payee details are pre-populated by the open banking payment provider, who has a contract with the merchant. This eliminates the possibility that funds could go to the wrong place, or that the customer could be tricked into paying a fraudster.
What are the protections for consumers when something goes wrong?Open banking payments are safe by design, but no online purchase is 100% risk-free. In the event that something does go wrong with a payment, are you protected? The short answer is yes. There are two types of protections which cover you when you buy something online:
- protections when a payment goes wrong - eg the bank makes a mistake in where it sends the payment
- protections when a purchase goes wrong - eg you ordered plates from an online shop but receive spoons
- If their money is taken without their authorisation, they’re entitled to a refund from their bank.
- If the payment does not reach the recipient they instructed the provider to pay (i.e. if it is “wrongly executed”), they’re entitled to a refund from their bank.
- Goods that are of satisfactory quality, as described, fit for purpose, and last a reasonable length of time
- return goods within 30 days and receive a full refund from the merchant
- where a merchant does not give a refund that you believe you’re owed, you can dispute this in the small claims court
Fast open banking refundsA huge benefit of TrueLayer’s open banking solution , is the speed at which customers can receive a refund if there is a problem with a purchase. Unlike card refunds which can take between 2-7 days to process, once a merchant has agreed to refund a customer, using PayDirect they can send the funds back instantly.
What about ‘chargeback’?When using a card, there is an additional option for customers in the event of a purchase dispute. If you use a card and the merchant refuses to refund, you can ask your bank (the card issuer) for a refund, known as a ‘chargeback’.
Why is there no chargeback for bank transfers?Bank transfers have been developed along different lines to card payments. When a customer makes a bank transfer, they give instructions to their bank (eg send money to X sort code, y account number), which their bank is obliged to act on. Once the bank has correctly executed the instruction, they have no further involvement, or liability, for the transaction. However, if the bank makes a mistake, the consumer is eligible for a refund.
What about bank transfers made via open banking?Because open banking providers instruct bank transfers on behalf of the customer, there is no built-in chargeback mechanism. However, chargeback has always been a last resort for consumers: something to call on when the communication between a customer and a merchant has broken down. A crucial difference between card payments and open banking payments, which ensures good outcomes for customers without chargebacks, is that open banking payment providers have direct relationships with the merchants that accept open banking payments. This is different to card payments, where a card issuer has no direct relationship with the merchant, and has to rely on the card scheme to onboard the merchant. This means that in addition to existing consumer protections discussed above, open banking providers have more control and can take additional steps to prevent the likelihood of purchase disputes and assist when things go wrong:
- Rigorous onboarding of merchants – ensuring that merchants who offer open banking payments have a track record of processing refunds and dealing with purchase disputes.
- Contractual agreements with merchants – setting out the expectations regarding customer purchase disputes.
- Processes to handle customer queries – open banking providers and merchants’ customer care teams can work together to quickly deal with purchase issues.