Brought to you by

It’s time to end re-authenticating every 90 days: Have your say

Posted 3 weeks ago in Advisors by Jon Bellamy
Posted by Jon Bellamy

In the UK, Open Banking has transformed our lives, making it easier for consumers and small businesses to share data with consent. It’s powered new apps covering a multitude of uses that have been designed to make our lives easier.

From dashboards that help you track your finances, to seamless lending experiences allowing you to apply for finance in a few clicks. 

One of the most important uses of the sharing of this bank data is through powering accounting platforms like Xero. At no other time has it been more vital for small businesses to have an up-to-date view of their cash flow position. 

Before Open Banking, Xero had a number of direct feeds with the major banks, many of which required businesses to complete paper forms and could take weeks to connect. Fast forward to today and Open Banking has enabled them to instantly connect to a multitude of banks using their internet banking credentials. This is a vast improvement.

But there is an obstacle

The implementation of Open Banking has been a huge undertaking. And in the early days, there were some growing pains, understandably so. But, performance has generally improved. 

There is however one outstanding obstacle that has been brought to us by our accounting partners and small business customers. And that’s the requirement to re-authenticate using Strong Customer Authentication (SCA) (the entering of internet banking credentials) every 90 days.

So why is this an issue?

Prior to Open Banking, bank feeds in Xero were typically ‘set and forget’. Meaning accountants could access their client’s Xero account and see an updated view of their financial position. Since Open Banking feeds came into play, feeds stop working after 90 days unless they are re-authenticated by the business. 

We believe that this has become an unnecessary measure. Accountants are now wasting valuable time chasing clients to refresh their bank feeds at least 4 times a year, sometimes more if their client has more than one business, or uses multiple banks. 

Open Banking was introduced to bring more competition and innovation to financial services. By doing this, the aim is to improve the ways we interact with our banking data, in our home lives, and when working. The requirement to re-authenticate in this way every 90 days goes against this vision. Rather than driving innovation forward, we believe it’s a step back, and will be detrimental to customer experience and our thriving financial services industry in the UK. 

What needs to happen

Last summer, we ran a survey to 500 of our accounting partners and a resounding 97.9% responded that the requirement for clients to re-authenticate their bank feeds every 90 days caused problems.

With this insight, and alongside the Financial Data and Technology Association (FDATA), as well as other technology providers, we have been calling for the relevant authorities, including the Financial Conduct Authority (FCA), HM Treasury, the Department for Business, Energy and Industrial Strategy and the Open Banking Implementation Entity. 

This has resulted in the FCA releasing a Consultation Paper recommending change. But more needs to be done. 

The response

This paper proposes that after a customer initially connects their bank account using SCA they will no longer need to do this every 90 days. Instead consent is updated in Xero by the customer to keep the bank feed connected. This removes the need to re-enter banking credentials.

While still being safe, we believe the move from revalidating security credentials to confirming consent has the following benefits: 

  • Businesses are not struggling to reapply their banking credentials 
  • Accountants are not wasting time supporting clients through this process 
  • There will be uninterrupted access to live data to aid important cash flow decisions
  • Risk is reduced, by businesses not needing to regularly enter secure banking credentials

Have your say

This proposal is part of an FCA consultation paper (section 3.6-3.15 and Question 1) and we urge you to have your say by responding directly to this question here

We believe that with your support this change will be implemented and will help make life easier for both small businesses and their accountants.

One comment

Grace Mock
March 26, 2021 at 8.59 pm

This is a great campaign. There needs to be a better balance between keeping data safe and keeping businesses running easily. I’m in favour of reducing the interval to annual rather than every 90 days.

Leave a reply

Your email address will not be published. Required fields are marked *