Oct 21, 2020
Consumer Data Right — Right or Wrong?
Australia is pacing towards Open Banking which is the next best buzz word we will hear in Banking and Finance Industry and partnering technology companies. What will happen once customer data are exposed? Will it breach customers’ privacy? Will it make Australians life easier?
First of all, let’s understand what type of data will be exposed.
1.Customer Detail API
This will be the most used API in the future. When we call this API we will get customer information like Full Name, Address, Phone Number, Occupation code, etc.
Below are the example request and response sample.
Request Parameters
Code samples
GET https://data.holder.com.au/cds-au/v1/common/customer HTTP/1.1
Host: data.holder.com.au
Accept: application/json
x-v: string
x-min-v: string
x-fapi-interaction-id: string
x-fapi-auth-date: string
x-fapi-customer-ip-address: string
x-cds-client-headers: stringResponse Code 200 Success
{
"data": {
"customerUType": "person",
"person": {
"lastUpdateTime": "string",
"firstName": "string",
"lastName": "string",
"middleNames": [
"string"
],
"prefix": "string",
"suffix": "string",
"occupationCode": "string",
"occupationCodeVersion": "ANZSCO_1220.0_2013_V1.2",
"phoneNumbers": [
{
"isPreferred": true,
"purpose": "MOBILE",
"countryCode": "string",
"areaCode": "string",
"number": "string",
"extension": "string",
"fullNumber": "string"
}
],
"emailAddresses": [
{
"isPreferred": true,
"purpose": "WORK",
"address": "string"
}
],
"physicalAddresses": [
{
"addressUType": "simple",
"simple": {
"mailingName": "string",
"addressLine1": "string",
"addressLine2": "string",
"addressLine3": "string",
"postcode": "string",
"city": "string",
"state": "string",
"country": "AUS"
},
"paf": {
"dpid": "string",
"thoroughfareNumber1": 0,
"thoroughfareNumber1Suffix": "string",
"thoroughfareNumber2": 0,
"thoroughfareNumber2Suffix": "string",
"flatUnitType": "string",
"flatUnitNumber": "string",
"floorLevelType": "string",
"floorLevelNumber": "string",
"lotNumber": "string",
"buildingName1": "string",
"buildingName2": "string",
"streetName": "string",
"streetType": "string",
"streetSuffix": "string",
"postalDeliveryType": "string",
"postalDeliveryNumber": 0,
"postalDeliveryNumberPrefix": "string",
"postalDeliveryNumberSuffix": "string",
"localityName": "string",
"postcode": "string",
"state": "string"
},
"purpose": "MAIL"
}
]
},
"organisation": {
"lastUpdateTime": "string",
"agentFirstName": "string",
"agentLastName": "string",
"agentRole": "string",
"businessName": "string",
"legalName": "string",
"shortName": "string",
"abn": "string",
"acn": "string",
"isACNCRegistered": true,
"industryCode": "string",
"industryCodeVersion": "ANZSIC_1292.0_2006_V2.0",
"organisationType": "COMPANY",
"registeredCountry": "string",
"establishmentDate": "string",
"physicalAddresses": [
{
"addressUType": "simple",
"simple": {
"mailingName": "string",
"addressLine1": "string",
"addressLine2": "string",
"addressLine3": "string",
"postcode": "string",
"city": "string",
"state": "string",
"country": "AUS"
},
"paf": {
"dpid": "string",
"thoroughfareNumber1": 0,
"thoroughfareNumber1Suffix": "string",
"thoroughfareNumber2": 0,
"thoroughfareNumber2Suffix": "string",
"flatUnitType": "string",
"flatUnitNumber": "string",
"floorLevelType": "string",
"floorLevelNumber": "string",
"lotNumber": "string",
"buildingName1": "string",
"buildingName2": "string",
"streetName": "string",
"streetType": "string",
"streetSuffix": "string",
"postalDeliveryType": "string",
"postalDeliveryNumber": 0,
"postalDeliveryNumberPrefix": "string",
"postalDeliveryNumberSuffix": "string",
"localityName": "string",
"postcode": "string",
"state": "string"
},
"purpose": "MAIL"
}
]
}
},
"links": {
"self": "string"
},
"meta": {}
}Will the above information when exposed will make Australians life easier or will it breach someone’s privacy?
My perspective on this as long as the data that is being shared is regulated by a regulatory authority then it should not be very challenging exposing your phone numbers or addresses. Think this way in your chrome browser you are already storing your addresses in autofill settings where wherever you fill the address it automatically fills it for you with your phone number.
Advantage — Faster Onboarding
The advantage is if we have the right customer information available, service providers can Onboard you faster as the system already knows your Name, DOB, Address, and Phone number.
2. Get Transaction Detail
Next best API that will breakthrough the competition between 2 service providers will be Transaction Detail API . With this API we can identify types of transactions Where the transactions are made, Why the transactions are made, Which bank’s CC has been used, What type of transaction it is e.g Lifestyle, grocery, B pay, etc. This means service providers can now target customers and come up with better offerings. Which will lead to Australians life being easier and cheaper.
GET /banking/accounts/{accountId}/transactions/{transactionId}
REQUEST PARAMETERS
Code samplesGET https://data.holder.com.au/cds-au/v1/banking/accounts/{accountId}/transactions HTTP/1.1
Host: data.holder.com.au
Accept: application/json
x-v: string
x-min-v: string
x-fapi-interaction-id: string
x-fapi-auth-date: string
x-fapi-customer-ip-address: string
x-cds-client-headers: string
RESPONSE 200 SUCCESS
{
"data": {
"transactions": [
{
"accountId": "string",
"transactionId": "string",
"isDetailAvailable": true,
"type": "DIRECT_DEBIT",
"status": "PENDING",
"description": "string",
"postingDateTime": "string",
"valueDateTime": "string",
"executionDateTime": "string",
"amount": "string",
"currency": "string",
"reference": "string",
"merchantName": "string",
"merchantCategoryCode": "string",
"billerCode": "string",
"billerName": "string",
"crn": "string",
"apcaNumber": "string"
}
]
},
"links": {
"self": "string",
"first": "string",
"prev": "string",
"next": "string",
"last": "string"
},
"meta": {
"totalRecords": 0,
"totalPages": 0
}
}Big Question now the companies knows what is your spending pattern, will this breach your privacy?
Again my perspective, if a company knows what I am spending on and offers me a better product at a cheaper price, why not? I am not exposing my card pin or my 3/4 digit security code. So no issues there. May be banks can bring an extra SMS OTP based security for any Credit/Debit Card transactions a customer does, which will enhance the security. But as long as you are not sharing your security code, by knowing your transactions there will be no harm from my perspective.
There is a whole bunch of other APIs that will be available which I will analyze and report at a later stage. But what I think is as we have consumer data rights enforced as solid pillars, there will be no harm or breach if we are careful about what we are using data for.
Please reach out to me to discuss more on open banking or consumer data rights.
