Former ACSC chief MacGibbon blasts calls to legitimise screen scrapers

“Precisely the wrong message”

Australia’s high profile former cybersecurity tsar Alastair MacGibbon has waded into the increasingly heated debate over the use of screen scrapers by fintech firms, warning any weakening of security controls under open banking will create an instant target list for hackers.

In a blunt assessment of the adverse consequences lowering existing data security standards would create, MacGibbon’s new cyber protection firm CyberCX cautions if a push for “less rigorous rules” gets up, “any data breaches would undermine consumer confidence and trust” in the forthcoming open banking regime.

The comments are contained in CyberCX’s submission to the Senate Select Committee on Financial Technology and Regulatory Technology and are likely to bolster a push from consumer and financial legal advocates to have screen scraping banned by the government altogether.

A fierce debate has erupted around the persistence of screen scraping technology as a customer migration tool, not least because it usually requires consumers to hand over their user names and passwords to third parties to access their accounts.

The practice is already banned in the UK and Europe.

“At a time when we should be seeking to instil in individuals a greater awareness of the importance of online security, encouraging people to reveal their passwords is precisely the wrong message,” CyberCX’s submission says.

“Our concern is that ‘screen scraping’ legitimises and gets consumers used to handing over their passwords to 3rd parties.”

The public entry of CyberCX into the debate is significant, not least because the company groups together a dozen Australian cybersecurity service providers is helmed by former Optus Business chief executive John Paitaridis.

MacGibbon, who headed the Australian Cyber Security Centre and was until last year the government’s National Cyber Security Adviser, regulator is the firm’s chief strategy officer.

A clutch of mainly smaller fintech firms are pushing the government hard to legitimise the practice of screen scraping, saying much of the nascent fintech and regtech sectors will become essentially unviable if the practice is banned because of compliance costs of between $50,000 to $100,000.

Under standards presently floated by the Australian Competition and Consumer Commission, organisations that want to participate in Open Banking will need to be accredited by the regulator and comply with a raft of data security and protection standards.

Many smaller fintechs feel the compliance bar has been set too high for the Consumer Data Right and have argued cashed-up large incumbents will exploit strict standards to shut out smaller and more innovative competitors.