Share this post
Jack Wilson, Head of Policy & Regulatory affairs at TrueLayer
Total open banking volumes are increasing: for the first time in February of 2021 alone, more than one million open banking payments were processed – compared to 300,000 for the whole of 2019.
At the same time, card fraud is proliferating. According to data from the European Central Bank, card fraud is highest in the UK, with €10,414 lost per 1,000 people. This is impacting confidence in cards as a payment method, with 55% of consumers saying they worry frequently about fraud when buying something online.
As open banking payments become more ubiquitous in the UK, and more merchants offer it at the checkout, it’s important to understand: how secure are open banking payments, and what protections do they offer when something goes wrong? Let’s take these questions in turn.
How secure are open banking payments?
Open banking payments are inherently secure and built for online:
- Every payment is strongly authenticated
When a customer confirms their purchase and chooses open banking payments at checkout, they are sent to their bank’s app to strongly authenticate, usually with biometrics. This means their bank checks that the customer owns the phone or computer they are paying from, and uses fingerprint recognition or face ID before the payment is authorised. Open banking payment providers have been required to use strong customer authentication (SCA) since March 2018. Card issuers in the UK are not required to use SCA until September 2021.
- No card details are shared with the merchant
With open banking payments, the only details transmitted are payment instructions, which are sent securely to the customer’s bank, rather than the merchant. With card payments, in contrast, the customer shares their long card details with a merchant and these details are all that is needed for an unscrupulous merchant, or hacker, to process unauthorised transactions. This has led to over 2 million cases of card fraud in 2020, valued at £574m (according to UK Finance).
- Payment details are pre-populated
When customers choose to pay a merchant using open banking, the payee details are pre-populated by the open banking payment provider, who has a contract with the merchant. This eliminates the possibility that funds could go to the wrong place, or that the customer could be tricked into paying a fraudster.
What are the protections for consumers when something goes wrong?
Open banking payments are safe by design, but no online purchase is 100% risk-free. In the event that something does go wrong with a payment, are you protected?
The short answer is yes. There are two types of protections which cover you when you buy something online:
- protections when a payment goes wrong – eg the bank makes a mistake in where it sends the payment
- protections when a purchase goes wrong – eg you ordered plates from an online shop but receive spoons
This is always the case – no matter what payment method you choose.
Let’s look at these protections in more detail and how they apply specifically to open banking.
When something goes wrong with a payment:
The Payment Services Regulations in the UK provide strong legal protections for customers using open banking payments.
When the customer makes a payment this way:
- If their money is taken without their authorisation, they’re entitled to a refund from their bank.
- If the payment does not reach the recipient they instructed the provider to pay (i.e. if it is “wrongly executed”), they’re entitled to a refund from their bank.
In addition, open banking providers must have complaints procedures in place in case a customer is not happy with how their payment has been handled. If the customer is not satisfied with how the complaint is handled, they have the right to escalate to the Ombudsman who can award compensation.
When something goes wrong with a purchase aka ‘buyer protection’:
The protections here kick in after you authorise a payment to a merchant, when what you paid for does not arrive, or is not as described.
Whatever payment option you use, you have legal protections under the Consumer Rights Act 2015. This entitles you to:
- Goods that are of satisfactory quality, as described, fit for purpose, and last a reasonable length of time
- return goods within 30 days and receive a full refund from the merchant
- where a merchant does not give a refund that you believe you’re owed, you can dispute this in the small claims court
Fast open banking refunds
A huge benefit of TrueLayer’s open banking solution PayDirect, is the speed at which customers can receive a refund if there is a problem with a purchase. Unlike card refunds which can take between 2-7 days to process, once a merchant has agreed to refund a customer, using PayDirect they can send the funds back instantly.
What about ‘chargeback’?
When using a card, there is an additional option for customers in the event of a purchase dispute. If you use a card and the merchant refuses to refund, you can ask your bank (the card issuer) for a refund, known as a ‘chargeback’.
Why is there no chargeback for bank transfers?
Bank transfers have been developed along different lines to card payments. When a customer makes a bank transfer, they give instructions to their bank (eg send money to X sort code, y account number), which their bank is obliged to act on. Once the bank has correctly executed the instruction, they have no further involvement, or liability, for the transaction. However, if the bank makes a mistake, the consumer is eligible for a refund.
What about bank transfers made via open banking?
Because open banking providers instruct bank transfers on behalf of the customer, there is no built-in chargeback mechanism. However, chargeback has always been a last resort for consumers: something to call on when the communication between a customer and a merchant has broken down.
A crucial difference between card payments and open banking payments, which ensures good outcomes for customers without chargebacks, is that open banking payment providers have direct relationships with the merchants that accept open banking payments. This is different to card payments, where a card issuer has no direct relationship with the merchant, and has to rely on the card scheme to onboard the merchant.
This means that in addition to existing consumer protections discussed above, open banking providers have more control and can take additional steps to prevent the likelihood of purchase disputes and assist when things go wrong:
- Rigorous onboarding of merchants – ensuring that merchants who offer open banking payments have a track record of processing refunds and dealing with purchase disputes.
- Contractual agreements with merchants – setting out the expectations regarding customer purchase disputes.
- Processes to handle customer queries – open banking providers and merchants’ customer care teams can work together to quickly deal with purchase issues.
Lowering the costs of retail
UK and EU authorities have supported the emergence of open banking payments in order to inject competition into the payments market. Open banking payments offer a secure, convenient and low cost option for merchants accepting payments. Not only will customers be able to shop with confidence using open banking payments, but, in the longer term, they should benefit from lower prices as a result.