Open Banking 2018: building trust in end users

Mirta Rotondo, VP of Brand and Design
3 Dec 2018
Background Image


Building end user trust: Compliance is not enough. UX and tone of voice are the key differentiators to increase open banking adoption.

CMA9 bank UX: Some banks need to redesign their flows and use better 2FA to stay competitive

Challenger bank UX: Challenger banks are leading the market with frictionless authentication flows

Data analysis: A qualitative comparison between the user journeys shows how each bank is performing

Information: Educational campaigns addressed to end-users are needed to demystify wrong perceptions about data usage and empower new financial services.

Creating trust for end users

PSD2 precipitated the urgency of developing a unified ecosystem for all the EU financial products.

Open Banking — the new UK initiative implemented by the CMA9 banks aimed at empowering consumers and businesses over their banking data — is a great start to deliver some of the benefits of PSD2. But the regulation itself is not enough to win end-users’ trust.

It’s as simple as this:

  • If users can easily use your service, they will be loyal to your offering.

  • If they cannot, they will start looking for other options.

That said, it’s important for all the players involved (high street banks, challenger banks, fintech platforms, and financial applications) to understand that user experience and transparency are the key differentiators that will gain consumer loyalty.

The Open Banking Implementation Entity (OBIE) took this challenge seriously. In December 2017 they started producing a series of guidelines for participants in the Open Banking ecosystem.

Specifically, their Customer Experience Guidelines provides insights and recommendations based on extensive user research to help both banks and applications delivering a “consistent and ubiquitous experience which will be familiar and trusted by customers”.

CMA9s, Challengers, infrastructure platforms, and applications approached UX in very different ways in order to win end-users’ trust, to encourage them to connect their bank accounts.

For our UX team at TrueLayer, 2018 was a great opportunity to learn about different business use cases in the industry, their user journeys, and end-user behaviour.

Here is what we learned.

One goal, different journeys

Accessing users’ identity information, balance, and transactions in real-time allows companies to build account aggregation functionalities, perform fast and accurate bank account verification, and helps them make better credit decisions.

Consequently, market players — lenders, marketplaces, credit bureaus, personal financial management applications, accounting firms, but also payment processors, insurance, rental and retail companies — understood the importance of redesigning their products to provide a better, seamless, and more reliable service to their users.

Today, almost all the high streets banks — AIB, Bank of Ireland, Barclays, Lloyds, Nationwide, Danske, Royal Bank of Scotland, and Santander — published their APIs in the Open Banking directory. Each of them created a unique user interface that tried to be consistent with their own brand and their own visual language. But while some of them were able to release fairly usable journeys, for others, there’s still a long way to go to keep their users loyal and survive the competition of other CMA9s.

Additionally, challenger retail banks such as Monzo, Starling, and Revolut are trying to disrupt the complexities of traditional banking. A relevant part of their business strategy is to provide simplified user experiences, and most of them, you’ll find, use a reassuring tone of voice and transparency. And, given their fast and increasingly large portfolio of users, we’d say it’s definitely working.

Let’s take a look at both CMA9s and Challengers’ authentication flows.

CMA9 flows

Lloyds, Natwest, HSBC and Barclays

The visual hierarchy and the scalability of information of some of the flows make the end-user journey more complex and convoluted than necessary. Some interfaces look cluttered and extremely verbose. Consequently, the end-user journey becomes tedious and un-engaging.

We think that to leverage the attention-information gap and succeed in the so-called Distraction Economy, the rule of thumb is to understand that what end-users want are focus and clarity. Especially when dealing with sensitive data.

Challenger bank flows

Starling and Monzo

Challenger bank customers can forget about the verbose and cluttered interfaces and leave the “remember username and password” struggle behind. The connection between their challenger bank account and applications is very likely just a QR code or a magic link away. Hopefully, CMA9s will take these simple and delightful flows into consideration when revising their current solutions.

If you want to play with the Open Banking, Challenger Banks, and Credentials Sharing flows yourself, you can do it now by using our Data API demo application: Piggy Bank.

“Worst User Journey 2018” Awards

There’s not enough quantitative data available yet to analyse Open Banking conversions and current usage. Still, we are constantly monitoring its uptake and collecting data based on what’s available through our customers, their users, and across the industry.

At TrueLayer, we identify negative friction that causes the end-user to not complete some authentication journeys. To better understand their behaviours, we decided to analyse some UI features of certain CMA9 and Challenger banks’ flows:

  • Avg completion time — How many minutes are needed to complete the journey?

  • # steps — How many steps are needed to complete the journey?

  • # inputs — How many input fields need to be filled by the user?

  • Avg # words — How many words are contained in each step of the process?

  • 2FA enabled — Is two-factor authentication needed to authorise access?

  • Page length — Are actionable items going below the fold?


According to the data collected, HSBC, Barclays, and Lloyds’ UIs are the most cluttered because of the number of words used. Lloyds, NatWest, and Barclays are the slowest. Lloyds, NatWest and HSBC are the most complex in terms of usability.

Needless to say, challenger banks just nail it. They also demonstrate how 2FA can be used without creating additional friction.

Ideally, the number of steps should be as few as possible in order to reduce the average time of the whole journey and prevent the end-user from leaving the flow prematurely.

In terms of readability, our suggestion for some banks is to re-approach copywriting and visual hierarchy. It is well known that complex and verbose sentences are harder to read than simpler ones.

Banks that have two-factor authentication steps have more friction than the ones not using it. 2FA, though, will be enforced for all banks starting in September 2019 as part of PSD2 RTS.

Consequently, banks should think about integrating better 2FA methods such as the ones used by challenger banks — QR codes and magic links — but also biometric, fingerprint or face scans. This concept is also advocated in the latest version of OBIE customer experience guidelines. Approaching decoupled redirect and deep-linking in the right way, can definitely reduce friction and help increasing adoption.

Last, but not least: page scrolling. It is true that people scroll vertically more than they used to, but new eye-tracking data shows that 80% of users’ viewing time is spent above the fold. (Nielsen Norman Group)

Some of the banks’ open banking pages are incredibly long and show input fields at the end of the page, rather than at the beginning. End-users’ laziness and inattentiveness should lead to very specific UI decisions, such as designing the content to be fully contained above the fold or — at least — showing input fields on top.

What end users want

With the open banking flows being released just 10 months ago, more time is needed to see relevant adoption in order to analyse hard data, and monitor how end-users’ interaction changes over time.

Demographic targeting into user testing sessions may be helpful in the process of establishing more about differences in users’ behaviours. Demographic variables such as age, income, and education — specifically for financial products — can be predictable indicators of the user interaction with the interface.

According to our data, for example, end-user behaviours are different depending on our client use case.

On the other hand, the great majority of usability experts agree that UX metrics are more accurate when measuring the prior experience or knowledge about an industry a user has, rather than looking into demographic details.

We’ve assumed that open banking flows may be perceived as more credible by end-users because of their shared traits with their own bank’s UI. Still, credibility is not enough to ensure that end-users find value in what has been provided to them. The complexity of the information, along with the slow, demanding experience, causes frustration which leads to failure in completing the authorisation process.


According to Peter Morville — author of Architecture for the World Wide Web and acclaimed IA and UX keynote speaker — a balance of usability, desirability, accessibility, credibility, usefulness, and availability are mandatory in order to create a meaningful and valuable user experience. The content should be original and fulfil a need. It should also be easy to use and accessible to people with disabilities. It should evoke emotions and appreciation. Finally, it should be able to create trust and lead the user to believe what the interface is telling them.

Educating end users

High-street banks encouraged users via misleading ‘educational’ campaigns not to use their bank credentials in third party applications, except for their official bank website and app. Despite the understandable security reasons, this created scepticism and misconceptions about banking data usage.


Now with GDPR ensuring data protection and privacy for all individuals within the European Union, end-users are informed about the security aspects of sharing their data and can be assured of the resultant benefits they will derive from giving explicit consent and access of their data to applications.

In early 2018 when PSD2 came into force, the UK regulator, the Financial Conduct Authority (“FCA”) asked banks to update their Terms and Conditions (“T&Cs”):

Your banking terms and conditions should not prevent you from sharing your credentials with regulated AIS or PIS providers. Your bank cannot hold you responsible for unauthorised transactions just because you have shared your credentials with regulated AIS and PIS providers.

What’s next?

It is our belief that the OBIE’s Open Banking standards and PSD2 requirements provide substantial guidance to help both banks, platforms and applications deliver great experiences. Yet, they are definitely not imputable for creating additional obstacles in the end-user journey.

We think that banks need to keep iterating on their authentication flows; they need to raise the UX bar, higher. We consistently attend workshops organised by the CMA9s to review their flows and provide feedback with one common goal: providing a smooth, frictionless experience for end-users.

In parallel, applications need to continuously monitor their user behaviour, learn from the data collected, and thus, improve their interfaces and journeys.

At TrueLayer we firmly believe that clear, transparent and honest communication is needed to demystify wrong perceptions about data usage and empower new financial services. Educating end-users is one of the most effective ways to make the future of banking data more reliable, accessible, and useful.

Whether you are a high street bank, challenger bank, or application — we can collaborate to make this happen.

Let’s grow the open banking economy.

Together! 💪

20 May 2024

How to successfully reverse chargebacks

13 May 2024

Charting Europe’s path to payments leadership

hand folding a debit back with a X in the background
10 May 2024

Chargeback prevention: 7 ways to reduce chargebacks

Categories to explore