Consumer Data Right — Right or Wrong?

Australia is pacing towards Open Banking which is the next best buzz word we will hear in Banking and Finance Industry and partnering technology companies. What will happen once customer data are exposed? Will it breach customers’ privacy? Will it make Australians life easier?

First of all, let’s understand what type of data will be exposed.

1.Customer Detail API

This will be the most used API in the future. When we call this API we will get customer information like Full Name, Address, Phone Number, Occupation code, etc.

Below are the example request and response sample.

GET /common/customer/detail

Request Parameters

Code samples
GET https://data.holder.com.au/cds-au/v1/common/customer HTTP/1.1
Host: data.holder.com.au
Accept: application/json
x-v: string
x-min-v: string
x-fapi-interaction-id: string
x-fapi-auth-date: string
x-fapi-customer-ip-address: string
x-cds-client-headers: string

Response Code 200 Success

{
"data": {
"customerUType": "person",
"person": {
"lastUpdateTime": "string",
"firstName": "string",
"lastName": "string",
"middleNames": [
"string"
],
"prefix": "string",
"suffix": "string",
"occupationCode": "string",
"occupationCodeVersion": "ANZSCO_1220.0_2013_V1.2",
"phoneNumbers": [
{
"isPreferred": true,
"purpose": "MOBILE",
"countryCode": "string",
"areaCode": "string",
"number": "string",
"extension": "string",
"fullNumber": "string"
}
],
"emailAddresses": [
{
"isPreferred": true,
"purpose": "WORK",
"address": "string"
}
],
"physicalAddresses": [
{
"addressUType": "simple",
"simple": {
"mailingName": "string",
"addressLine1": "string",
"addressLine2": "string",
"addressLine3": "string",
"postcode": "string",
"city": "string",
"state": "string",
"country": "AUS"
},
"paf": {
"dpid": "string",
"thoroughfareNumber1": 0,
"thoroughfareNumber1Suffix": "string",
"thoroughfareNumber2": 0,
"thoroughfareNumber2Suffix": "string",
"flatUnitType": "string",
"flatUnitNumber": "string",
"floorLevelType": "string",
"floorLevelNumber": "string",
"lotNumber": "string",
"buildingName1": "string",
"buildingName2": "string",
"streetName": "string",
"streetType": "string",
"streetSuffix": "string",
"postalDeliveryType": "string",
"postalDeliveryNumber": 0,
"postalDeliveryNumberPrefix": "string",
"postalDeliveryNumberSuffix": "string",
"localityName": "string",
"postcode": "string",
"state": "string"
},
"purpose": "MAIL"
}
]
},
"organisation": {
"lastUpdateTime": "string",
"agentFirstName": "string",
"agentLastName": "string",
"agentRole": "string",
"businessName": "string",
"legalName": "string",
"shortName": "string",
"abn": "string",
"acn": "string",
"isACNCRegistered": true,
"industryCode": "string",
"industryCodeVersion": "ANZSIC_1292.0_2006_V2.0",
"organisationType": "COMPANY",
"registeredCountry": "string",
"establishmentDate": "string",
"physicalAddresses": [
{
"addressUType": "simple",
"simple": {
"mailingName": "string",
"addressLine1": "string",
"addressLine2": "string",
"addressLine3": "string",
"postcode": "string",
"city": "string",
"state": "string",
"country": "AUS"
},
"paf": {
"dpid": "string",
"thoroughfareNumber1": 0,
"thoroughfareNumber1Suffix": "string",
"thoroughfareNumber2": 0,
"thoroughfareNumber2Suffix": "string",
"flatUnitType": "string",
"flatUnitNumber": "string",
"floorLevelType": "string",
"floorLevelNumber": "string",
"lotNumber": "string",
"buildingName1": "string",
"buildingName2": "string",
"streetName": "string",
"streetType": "string",
"streetSuffix": "string",
"postalDeliveryType": "string",
"postalDeliveryNumber": 0,
"postalDeliveryNumberPrefix": "string",
"postalDeliveryNumberSuffix": "string",
"localityName": "string",
"postcode": "string",
"state": "string"
},
"purpose": "MAIL"
}
]
}
},
"links": {
"self": "string"
},
"meta": {}
}

Will the above information when exposed will make Australians life easier or will it breach someone’s privacy?

My perspective on this as long as the data that is being shared is regulated by a regulatory authority then it should not be very challenging exposing your phone numbers or addresses. Think this way in your chrome browser you are already storing your addresses in autofill settings where wherever you fill the address it automatically fills it for you with your phone number.

Advantage — Faster Onboarding

The advantage is if we have the right customer information available, service providers can Onboard you faster as the system already knows your Name, DOB, Address, and Phone number.

2. Get Transaction Detail

Next best API that will breakthrough the competition between 2 service providers will be Transaction Detail API . With this API we can identify types of transactions Where the transactions are made, Why the transactions are made, Which bank’s CC has been used, What type of transaction it is e.g Lifestyle, grocery, B pay, etc. This means service providers can now target customers and come up with better offerings. Which will lead to Australians life being easier and cheaper.

GET /banking/accounts/{accountId}/transactions/{transactionId}

REQUEST PARAMETERS

Code samplesGET https://data.holder.com.au/cds-au/v1/banking/accounts/{accountId}/transactions HTTP/1.1
Host: data.holder.com.au
Accept: application/json
x-v: string
x-min-v: string
x-fapi-interaction-id: string
x-fapi-auth-date: string
x-fapi-customer-ip-address: string
x-cds-client-headers: string

RESPONSE 200 SUCCESS

{
"data": {
"transactions": [
{
"accountId": "string",
"transactionId": "string",
"isDetailAvailable": true,
"type": "DIRECT_DEBIT",
"status": "PENDING",
"description": "string",
"postingDateTime": "string",
"valueDateTime": "string",
"executionDateTime": "string",
"amount": "string",
"currency": "string",
"reference": "string",
"merchantName": "string",
"merchantCategoryCode": "string",
"billerCode": "string",
"billerName": "string",
"crn": "string",
"apcaNumber": "string"
}
]
},
"links": {
"self": "string",
"first": "string",
"prev": "string",
"next": "string",
"last": "string"
},
"meta": {
"totalRecords": 0,
"totalPages": 0
}
}

Big Question now the companies knows what is your spending pattern, will this breach your privacy?

Again my perspective, if a company knows what I am spending on and offers me a better product at a cheaper price, why not? I am not exposing my card pin or my 3/4 digit security code. So no issues there. May be banks can bring an extra SMS OTP based security for any Credit/Debit Card transactions a customer does, which will enhance the security. But as long as you are not sharing your security code, by knowing your transactions there will be no harm from my perspective.

There is a whole bunch of other APIs that will be available which I will analyze and report at a later stage. But what I think is as we have consumer data rights enforced as solid pillars, there will be no harm or breach if we are careful about what we are using data for.

Please reach out to me to discuss more on open banking or consumer data rights.

--

--

--

I am a Lead Consultant as well as a Lead Business Analyst at Appscore Digital.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Hacking JWT Tokens: x5c Claim Misuse

Dynamic Programming : Part-2

InvArch weekly update

Learning the Rust Language

From Reactor to Coroutines

Method/Function Names

Basic user cases from git, Github repo, to Github page

CS371p Fall 2021 Week 4: Andrew Li

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Anikesh Sasmal

Anikesh Sasmal

I am a Lead Consultant as well as a Lead Business Analyst at Appscore Digital.

More from Medium

Analytics Guide | Neha Modi on the role of Notifications in CRM at Lenskart

How Freda, a data quality platform can make your job easier?

Why MDM on Cloud is Better than Line-of-Business Operational Data Stores

The non-AI approach to restaurant data insights

Data insights for restaurants — Timbl