this post was submitted on 26 May 2024
15 points (100.0% liked)

Aotearoa / New Zealand

1657 readers
4 users here now

Kia ora and welcome to !newzealand, a place to share and discuss anything about Aotearoa in general

Rules:

FAQ ~ NZ Community List ~ Join Matrix chatroom

 

Banner image by Bernard Spragg

Got an idea for next month's banner?

founded 1 year ago
MODERATORS
 

From 30 May, New Zealand's four major banks - ANZ, ASB, BNZ and Westpac - must offer the secure payment service - although some already have it in place.

It allows customers to give a third party (such as an online retailer) permission to connect to their banking information, meaning there is no need to enter credit or debit card details to make a purchase.

Open banking can be used both on retailers' websites and on their mobile app, if they have one

top 20 comments
sorted by: hot top controversial new old
[–] makingStuffForFun@lemmy.ml 2 points 6 months ago (2 children)

Is this going to give retailers access to account histories etc? Insurance companies?

[–] ms264556@beehaw.org 4 points 6 months ago

It sounds similar to the UK's open banking system. https://www.rnz.co.nz/news/business/517885/open-banking-how-to-opt-in-and-out-of-the-new-payment-system

I use UK open banking often. I'm always asked to approve the specific access requested, and this takes place at my bank's website or app. This could be permission to take an amount of money; or for apps which manage multiple accounts (e.g. Emma) this could be all historical transactions; or my accountant uses an open banking service provider (Armalytix) to request transactions for an explicit date range. So far, touch wood, there's always been an alternative - for example I can use open banking to send my transactions to my accountant or I can manually download a CSV statement from my bank and upload it into their portal.

[–] Dave 3 points 6 months ago (1 children)

From my understanding, the answer is yes, on an opt in basis. Any organisation (that signs up and follows the rules) can request access and you need to approve a prompt.

However, the 30 May date is just for payments. Account sharing comes later and depends on the bank.

However, if you're worried about moving into a world where this is required... You're probably right to be worried.

It's not exactly opt in if it's "share your data or we won't give you insurance".

[–] makingStuffForFun@lemmy.ml 4 points 6 months ago (1 children)

It is going to be share your data or no insurance.

Damn, these are dark times, just around the corner.

This will crush people. We think Americans have it rough. Just wait.

[–] ms264556@beehaw.org 2 points 6 months ago (1 children)

They'll already insist on whatever information they feel is useful. This just saves them from scanning in your statements.

[–] ms264556@beehaw.org 3 points 6 months ago (1 children)

And working in finance (in UK & Europe), they generally collect and keep as little data as is necessary anyhow - personal data is a pain to safely manage these days, and I'm always keen to be responsible for as little of it as possible.

[–] makingStuffForFun@lemmy.ml 3 points 6 months ago

You live in Europe. I live in Australia. I don't know about NZ, but it's the wild west here. I don't trust any of these companies.

Insurance bot: Oh look... makingStuffForFun is buying more sugary items this month. And alcohol. Up their insurance.

[–] Dave 1 points 6 months ago (1 children)

Anyone seen any retailers supporting it? Is it different to the "online EFTPOS" stuff?

It also seems Kiwibank customers will have to wait a couple of years.

[–] makingStuffForFun@lemmy.ml 2 points 6 months ago (3 children)

Surely you'd want to wait yes? Do you really want corporations scanning your spending habits?

[–] Dave 3 points 6 months ago (1 children)

There are two things here. One is online payments, the other is sharing your data. For online payments, this seems to be a better option that Polipay. And most likely more private than using a credit card.

The data sharing is a whole nother kettle of fish though.

[–] makingStuffForFun@lemmy.ml 3 points 6 months ago (1 children)

Yes, it's a slippery slope though. "Oh this is so easy" so you use it. That's step 1. Then "Give us your data for your rewards". Oh, I love rewards! $10 off my groceries a week. Then "Your insurance just doubled".

[–] ms264556@beehaw.org 1 points 6 months ago

This is the real problem. And this ship has already sailed - google and data brokers are already creepily tracking your every online and offline move and tying them together.

Your financial providers are covered by a much, much more restrictive set of regulations preventing them from screwing you over like that.

Open Banking seems generally aimed at attacking the nasty behaviour banks have been getting away with, where they gatekeep your financial data in order to prevent you from getting any useful utility out of it unless you pay them extortionate fees.

[–] absGeekNZ 2 points 6 months ago (2 children)

What is to stop you from creating an account that only has a connection to your insurance company....or is this supposed to be we get access to literally all of your accounts and spending habits?

[–] makingStuffForFun@lemmy.ml 2 points 6 months ago

Depends if the insurance company will allow that. I would say they won't. It's game over at that point.

[–] Dave 2 points 6 months ago (1 children)

They would probably require you provide the account that your salary goes into, then ask for explanations for any money leaving that they can't categorise.

This is probably similar to asking people to provide 3 months of bank statements, which happens today. I'm not usually a slippery slope kind of guy but making it easy to automatically scan your transactions may well change the industry for the worse. Would be interesting to know how this affected things in Europe, I think it's been around there a long time.

[–] ms264556@beehaw.org 3 points 6 months ago (1 children)

Europe has GDPR, so you're not legally allowed to collect data unless it's necessary for the actual service you're providing your customer, and you're not allowed to use data for anything else once you've collected it for the purpose you stated.

Having said that, your customer will always have to prove who they are, how they acquired funds, and where funds are going. This is to prevent bribery & corruption, money laundering, terrorist financing, tax evasion etc.

I was working as a software developer for an EU investment bank when the EU implemented GDPR, and the amount of paperwork required to collect and hold personal data meant we destroyed a ton of data & documentation and rewrote a lot of software. And every spreadsheet containing personal data or which was used more than once had to be recorded in an EUC register with signed commitments about GDPR compliance. Even if data wasn't strictly forbidden by GDPR we'd be very wary asking for any information which could theoretically be misused to discriminate against protected classes.

The NZ Privacy Act 2020 looks broadly similar in intent to the GDPR, so I imagine there'd be the same disinclination to collect information which can't be proven necessary to perform the requested service or satisfy regulatory requirements.

I have several NZ insurance policies and they had no interest in transaction history. Same with my mortgage. I sent bank statements, but only as proof of address.

Only my credit card application wanted to drill into my spending, which is not unexpected considering it's unsecured lending. For sure I'd rather approve the API access than try to find where I can download (& probably pay extortionate fees) for copies of historic statements

[–] Dave 2 points 6 months ago (1 children)

The NZ Privacy Act 2020 looks broadly similar in intent to the GDPR, so I imagine there’d be the same disinclination to collect information which can’t be proven necessary to perform the requested service or satisfy regulatory requirements.

It is similar. Not sure about GDPR but in NZ, you can only use data for what it's collected for but you just ask for consent at the point of collection, and state your intent as using the information to assess suitability for insurance (or whatever), then you have met the requirements.

I have several NZ insurance policies and they had no interest in transaction history. Same with my mortgage. I sent bank statements, but only as proof of address

I think the idea is in future you could get cheaper life or health insurance if you agree to let the insurance company scan your records to check how much fast food you eat or whatever. It's not feasible today as you'd have to have staff processing it which negates the cost saving, but in a future world maybe it could be a thing.

For mortgages, they definitely check your bank statements after the new rules against loan sharks came in (a couple of years ago), but if you are borrowing from a bank you're with then they aready have that info.

[–] ms264556@beehaw.org 2 points 6 months ago

I think life insurance is already pretty grabby with data, behind the scenes. We had a ton of data on some high value life policies we'd bought - down to records of all doctors visits. And even for lower value policies they can currently just ask you the important actuarial questions (e.g. are you a poor obese guy who smokes, rides a motorcycle & lives alone) and then deny the payout if you lied.

Given how disgustingly evil the US health insurance system is, my hope is that NZ resists the temptation to go there. I don't have health insurance since moving back to NZ and it's been fine. All the things I was told by the doctor "go private or the wait will be too long" turned out to have reasonable waits after all.

[–] stellargmite@lemmy.world 2 points 6 months ago (1 children)

I’d agree about waiting personally. Not to defend it of course, but isn't this already happening? Probably not at the banking side other than for their internal benefit (I presume as they're fairly regulated) , but at the retail , POS , even accounting system sides? Theres also all other data collection and harvesting sources - internet use basically, location data etc - but thats all known. This is likely to be a more consolidated competitor in that space I guess. All speculation. I’m more curious so fishing for knowledge

[–] makingStuffForFun@lemmy.ml 3 points 6 months ago

I am in some of the industries you mentioned, and no, it's not common. Not yet anyway, but some unscrupolous actors would love to get that ride going. People need to push back, or we will be so far under the thumb, we won't be able to breathe.