What is Open Banking?
Open Banking involves sharing information and access. For starters, banks share details about their products and services in the form of standard programming codes known as “application programming interfaces” (APIs).
Third-party developers use these APIs to build apps that help make banking easier by comparing different banks' products and services, or details such as branch locations.
In the future, websites and apps will use APIs in much the same way as a travel website. However, instead of comparing and book flights or hotel rooms, you could compare credit cards or loans from different banks. Sometimes you'll be able to purchase these products directly on the comparison site, and other times you'll be redirected to the bank site to make the final purchase.
For now though, HSBC only offers APIs that compare our different products and branch offerings, and allow apps to redirect you back to our official site. We are not currently working with any third-party developers of apps that will log on to your account for you, or manage your various accounts and products. Only our official HSBC apps can do that.
Is Open Banking safe?
While apps and websites try to make things convenient for you, some of them demand a lot of information in exchange. This might be as simple as needing your location, but some will require detailed account information. You should be especially cautious when using these apps.
You can be sure that we will never use Open API to share your personal details or your account information unless you specifically ask us to.
How to use Open Banking safely
However, be careful even when dealing with trusted apps. Even though you're using them to do banking functions, it's not the same as doing them directly with the bank.
It's just like using a travel website to book your hotel room: it's not the hotel that is handling all your credit card and personal data, it's the travel website. The same goes for third-party banking apps, whether they are using APIs provided by the bank or a different technology. They might not have the same privacy standards or store your information and data as securely as a registered bank would.
If you choose to use a third-party app, be aware of what type of permissions the app asks for.
Giving them access to your accounts and log on name and password gives rise to different risks. It could allow them to make high-risk transactions (like transferring funds to a non-registered payee) on your behalf, exposing you to increased data security risks. In these situations, we would not be liable for the consequences.
We recommend you only enter your online banking credentials (including one-time passwords) on official HSBC channels, and not on any other app or web page.
If you must disclose your banking details to a third-party app, you should make sure you first understand the scope of permission you are giving and the associated risks (such as fraud or data leakage). Carefully consider whether you trust the app or service because you would bear the risk if something goes wrong.
To find out more about how to keep your information safe, check out our Cybersecurity page. We've got all kinds of tips that can help make your online banking experience a safe one.
You may also refer to the following video from the Hong Kong Monetary Authority (Chinese version only) on how to identify Trusted Third-party Service Provider: Video