By Peter Ramsey
18 Jun 20
Open Banking is a phrase that means very little to most consumers, but has the potential to dramatically change the way we bank.
The concept is that—with the user’s consent—banks can share data with other companies, and more recently, allow companies to initiate payments.
The ability for companies to access your banking data has paved the way for a whole ecosystem of money-management tools and data aggregators.
But what’s the experience of using Open Banking actually like?
Summary: Although the challenger banks were considerably faster, all of the banks could improve the experience of using Open Banking.
The 5 second rule.
Why you should always show the brand name.
The power of personalised payment references.
Preparing for the worst case scenario.
The 90 day rule.
The world of Open Banking is complex, so for simplicity, I’ll be focusing on what I believe are the two most important applications.
1: Account information sharing
Sharing access to your banking data. e.g., a money management tool that imports transactions from multiple bank accounts.
2: Payment authorisation
Allowing a third party to initiate a payment. e.g., paying for a service online without entering card info, but instead authorising a one-off bank transfer.
These two applications actually have different user journeys, as you’ll see in the case studies.
Firstly, how quickly could I go through these two flows with each bank?
Seconds to complete account information sharing journey [🧾]
Seconds to complete payment authorisation journey [💸]
What’s interesting here is both the speed of the challenger banks, and the consistency between both flows. For the incumbent banks, making a payment was a considerably longer journey.
It took nearly 4x longer to authorise an Open Banking payment with Lloyds than it did with Starling.
But how are the challenger banks so much faster than the incumbents? Have they reduced unnecessary input? The answer is no, not really.
Number of clicks to complete both flows [🧾] + [💸]
Number of clicks
Largely, the banks all completed the journey within a few clicks. So how were the challenger banks so much faster?
This highlights an area we’ve seldom addressed in this study. Here, the speed advantage is almost entirely at an infrastructure level. Or rather: the challenger bank’s apps load faster.
How could the banks improve the experience of using Open Banking more generally? That’s what the rest of this chapter explores.
There's a theory that 5 seconds is somewhat of a magic number in software. Interactions, like elements loading, which take less than 1 second are fast enough for users to feel that they are interacting with it freely—or rather, they’re unencumbered by it.
Anything more than a second, and people’s attention will begin to waver. It’s a sliding scale up to 5 seconds, after which where they’re likely to have lost interest. I’ve perhaps over-simplified it, but that’s broadly the concept.
So, I measured how long it took for the app to load, including redirecting to the correct screen. For clarity, this includes authenticating with FaceID, so mimics a fairly realistic scenario.
Seconds to load app and redirect to auth screen [🧾]
Loading time (seconds)
And this is just the initial load—you’ll have another ‘waiting’ page at the end of the process, and possibly in the middle.
All 3 challenger banks loaded twice as fast as any of the incumbent banks. Monzo loaded 5x faster than Santander.
Let’s say I was starting a money-management app called “PokéMoney”, that used Open Banking to analyse a user’s transactions.
It wouldn’t be unusual for my company’s legal name—and therefore what the FCA recognise—to be different to my recognised brand name.
Easily recognisable brand name.
Cash Money Management Limited
The legal company name is far less recognisable.
Now imagine somebody was going through the Open Banking authentication flow and it said: “You’re about to share your data with Cash Money Management Limited”—that’d be confusing, right?
Clearly it’s a better experience if you’re shown the far more recognisable brand name instead. So, which of the banks do this?
Shows the ‘brand’ name:
Shows the legal entity name:
There’s a complicated infrastructure problem here, but the solution is fairly simple, and it’s technically available to every bank.
There’s an Open Banking directory, which allows banks to pull in up-to-date information, like ‘brand’ name and logo.
Plus, using this directory means that if a company was to rebrand, the bank wouldn’t have to manually update their databases.
When making a traditional online bank transfer, you have the option to leave a payment reference. This has a number of benefits, one being that you can identify and reconcile payments later.
However, you don’t get this option when spending money using your card—and for good reason; it’d be terribly time-consuming and a logistical nightmare.
But authorising a payment through Open Banking is basically a mixture between the two. It’s as quick as typing card details, and you could have control over ancillary information, like the payment reference.
So which of the banks let you attach a custom reference?
Can add a personalised reference:
Can not add one:
Why don’t more banks do this? I’m not sure. Perhaps it’s an oversight.
Let me describe a nightmare scenario: you’re casually scrolling through your bank’s app, you find yourself on the ‘Open Banking Connections’ section and notice that you’re currently sharing data with a company you’ve never heard of.
You’re been sharing data with CASHMEMONEY FIVE LTD for 62 days.
No disrespect to banking security, but this will happen one day. There will be a new type of scam where people are mislead into sharing their data, and these scammers will find a way to monetise it.
And when this does happen, it will be an intense moment of panic. Simply removing access is not enough, you’ll have a number of burning questions.
How did this happen?
When did I give them access?
How bad is it?
Did they have access to make payments? Did they make any payments?
What actions should I take now?
Should I change my online banking password?
Will it be safe now?
Has the access been removed forever? Will they be able to get it back?
The good news is that there’s an easy UX win in this scenario—have a link saying “I don’t recognise this”, which addresses the above concerns really clearly, and helps them complete the next steps.
None of the banks offered anything even close to this. They’ve all failed to prepare for this rare—but inevitable—event.
So what are the banks actually doing? Well, here’s Monzo—you can see how light it is on any kind of help. It’s built as a function, not as an experience.
There’s another issue with not having this kind of functionality, which will probably happen far more often: people will panic about legitimate authorisations that they’ve forgotten about.
Without this kind of information—and combined with my point about using legal names—a lot of people will revoke connections that they actually use, or maybe their accountants use.
But, there is something tethering the world of Open Banking more than any of the above, and it has got nothing to do with the banks themselves: permission to view your banking data only lasts 90 days.
After which, you need to re-authorise the connection.
If Apple forced you to re-download every app on your phone every 90 days, you’d quickly realise that you only wanted a handful of apps. The rest you’d just never download again.
The mass exodus of apps wouldn’t reflect your long term interests, but rather if you can be bothered to re-authenticate it now. Or perhaps you’re on holiday, or sick, or maybe you’ve lost your phone.
This churn of users is crippling the growth of Open Banking companies, and ruining the experience of Open Banking for many consumers.
It punishes passive and infrequently used apps
You might only want to hear from your accounting software once a year—well, tough luck. Companies are being forced to engage with users more frequently than they’d like to.
It’ll silently break apps
If you go travelling without your phone for a few weeks—over the 90 day threshold—you’ll come home and none of your apps will work any more. Even the worry that this might happen will be enough for some people to not bother in the first place.
The rule itself implies risk
Being asked “are you sure you want to do this?” so frequently subtly implies that it’s risky, and that you should be careful. Can you name another industry where you have to constantly, and proactively, keep opting in?
My friends who run Open Banking companies often describe this as the biggest user-facing problem they have. And frustratingly, it’s nothing that they can fix.
I’m a big advocate of Open Banking, and have been for many years. In fact, I founded an Open Banking company, which I exited in 2018—probably one of the first Open Banking acquisitions made.
In many ways, it’s improved considerably in the last few years. But it still suffers from some of the major UX obstacles that it did 2 years ago.
I want people to trust Open Banking, but that will require something greater than deadlines and legislation—it’ll take banks who obsess over making it work.
I believe we’ll get there. Open Banking will continue to improve, until it’s so simple you don’t even know you’re using it.