In the banking world, screen scraping has been around for over 25 years; it’s how many fintechs got their start. But a continued push towards open banking in Europe and the latest regulatory moves in North America (such as the U.S. CFPB’s final open banking rule) aim to do away with the practice.
Latest updates: Section 1033 of the Dodd-Frank Act became law in January 2025, but recent CFPB actions to rewrite the rule under the current administration have led to some uncertainty over its future. Get the facts here.
Beyond the compliance aspect of governing data sharing practices, forward-thinking financial institutions are already engaged in their next evolution, moving away from screen-scraping to further integrate financial services into a broader digital ecosystem.
Let’s look at how screen-scraping works, why it can be problematic and even risky, and how open banking is the secure solution needed to move beyond screen scraping and seize new opportunities.
What is screen scraping?
Screen scraping (also known as web scraping) copies information displayed on a screen so another application can reuse it. The screen scraping meaning in banking is specific. A third party copies the account information a customer sees on a banking site. That includes spending and account balances. It then uses that data for another purpose: financial aggregation, budgeting, or loan applications.
To put it simply, web scraping is driven by bots/web crawlers. They work in the same manner as search engines do: Fetch and Copy. But web scraping focuses on retrieving particular data from a website, whereas search engines frequently scrape the majority of webpages on the internet.
In the early days, companies used web scraping to take advantage of their competition. If you wanted to keep tabs on a competitor’s product pricing, steal their leads, hijack their marketing campaigns, divert APIs, or just blatantly rip off their content and data… web scraping was the way to go.
Once you have access to the raw data, you can reuse it to create your own page (or pages) with your own colors, brand, structure, and so on. The possibilities are endless.
How screen scraping works
The technique of screen scraping is especially useful for data aggregation. For example, a company that wants to consolidate points and status for an individual across all the person’s airline mileage accounts could offer a point-tracking portal.
When used ethically, customers agree to share their credentials in this manner with a third party, let’s say a fintech. The third-party app logs in using the consumer’s login credentials.
You’re likely familiar with Mint, the personal financial management website and mobile app: it has its roots in the technique, and now uses a third-party solution that employs screen scraping and other means to aggregate bank accounts, credit cards, investments, and bills all in one place.
The third party now can access the customer’s data, and the customer now has access to new financial applications. The third party is happy as they have a new customer, and the bank is blissfully unaware. All good, right?
The problem with screen scraping
This fragile balance (between customers/scrapers and data-holders/owners) is one driver of Open Banking regulations (such as PSD3 or Dodd-Frank Section 1033) which try to answer the question of who the data belongs to.
Even when it’s used ethically and with users’ consent, there are some cracks in screen scraping, which has downsides for all parties concerned: the customer, the third party, and the bank or credit union.
The impact of screen scraping on banking customers
For customers, the user experience may not be consistent.
- The third party accessing the customer’s data is at the mercy of the bank’s HTML: ultimately, screen-scraping is a hack, a workaround. If the website changes even a little, the data may not be found until the screen scraper adapts. It’s a constant battle where the customer loses.
- It’s slow because a lot of data must be downloaded and processed just to get at a few necessary bits. To stay up to date in case there are changes, that data must be downloaded frequently.
- It stops working because it’s an us-vs-them situation, and the impacted companies are working to prevent this from happening. When those companies are successful, it stops working for the customers.
Screen scraping can also pose security risks: there are no set standards, and the passwords customers share are stored in plain text, making them more vulnerable to hacker attacks.
That is a risk to the consumer and the financial institution, because credentials for accounts they own are stored on someone else’s infrastructure.
The impact of screen scraping on third party providers
Screen scraping also causes a major inconvenience for the third party every time a bank changes their login page or interface. It’s estimated that these types of transactions fail at least 30% of the time, resulting in unhappy customers and headaches for the third party.
The impact of screen scraping on financial institutions
Finally, the bank is impacted as they now need to handle the rise in calls to their backend servers.
- Screen scrapers are “hitting the website” as if they were a logged-in user. However, they are not human, so they can hit the website much more frequently. And they hit it more frequently to stay up to date.
- Also, they download a lot more information than they need (they need the whole page, including HTML/CSS, and everything present on the page, even if they just want a line item) because that’s all they have access to: pages of data (instead of specific data fields).
- Systems designed for a single human user must now handle a steep increase in non-human based calls to their systems.
See also: 6 things you need to know about screen scraping in banking and financial services
Screen scraping vs. open banking
In the open banking vs screen scraping comparison, the difference comes down to data access. Screen scraping logs in as the user and copies whatever is shown on the page. Open banking shares specific, permissioned data through secure APIs with the customer’s consent. That consent-first model lets banks eliminate screen scraping without losing the convenience of sharing data with a third party.
Open banking offers a common, open API standard to communicate and exchange data, with all the built-in security protocols such as FAPI and OIDC, allowing for efficient and secure data exchange.
Here’s an example of how that consent flow works in Open Banking:
Watch a full demo of Amplify Open Banking here.
Between market-driven innovation and consumer demand, there’s a growing call to move away from screen scraping.
Over the past decade, the escalating demand for innovative services and consistent digital experiences has pushed banks to evolve rapidly. This transformation is not just about technology but also involves adapting to new consumer behaviors and expectations.
Nearly half (45%) of customers of US national banks profess to already use or be interested in the concept of open banking, according to a 2023 Mastercard survey.
Today, the regulatory environment governing data sharing practices has become increasingly stringent and forward-thinking.
The Dodd-Frank Act in the US, including specific sections like 1033, is shaping how data must be handled securely and transparently. In Canada, the Financial Consumer Agency warns that screen scraping is not open banking. It notes consumers have no secure data-sharing system today. Regulators in both countries treat screen scraping banking access as a transitional practice to retire.
By enabling fast, secure access to quality data through APIs, these regulations aim to curb screen scraping and misuse of financial information while also reducing bias and reliance on credit scores. The next evolution will further integrate financial services into a broader digital ecosystem.
See also: Axway’s Role in Shaping North American Open Banking Standards
Screen scraping vs open banking at a glance
The screen scraping vs open banking comparison comes down to six practical differences.
| Dimension | Screen scraping | Open banking |
|---|---|---|
| Credentials | Customer shares username and password with a third party | No credential sharing; access is token-based |
| Consent | Broad and implicit, hard to revoke | Granular, explicit, and revocable through consent dashboards |
| Data scope | Entire pages, including data the app does not need | Specific, permissioned data fields only |
| Reliability | Breaks when the bank changes its website | Stable API contracts with versioning |
| Security | Credentials often stored in plain text | FAPI and OIDC security protocols |
| Standards | None | FDX in North America, PSD2 and PSD3 in Europe |
Open banking wins on every dimension except reach. Screen scraping still connects to institutions that have not yet published APIs. That reach gap is why the transition is gradual rather than immediate.
What this means for banks and financial institutions
The market is resolutely marching toward adoption of open financial APIs, with FDX emerging as a front-runner standard in North America.
In this new landscape, closed data silos are unable to respond to the modern speed of business. Moreover, a decentralized system built upon a common, open standard prevents the emergence of a single dominant player, one of the fundamental goals stated by the CFPB.
To evolve beyond screen-scraping, financial institutions (FIs) will need to implement two key capabilities around the APIfication of their IT systems:
- Consent management: instituting a sophisticated consent management system is crucial to maintain consumer trust and regulatory compliance. It allows FIs to participate in BaaS and Platform Banking, forming partnerships with the fintech ecosystem.
- Consent dashboarding: for better transparency and end-user control over data shared.
While there is undoubtedly a cost to compliance, such as technological upgrades and system integrations, more and more FIs recognize the core benefit of open banking: the ability to reach and capture new customers they wouldn’t have access to otherwise.
- 74% of banks see collaborative business models as crucial to succeed with their future business strategy, according to Sopra Steria’s latest Digital Banking Experience Report.
- Almost half (48%) aim to invest in improved APIs to connect more effectively with partners.
- Per Axway’s 2024 State of Enterprise API Maturity report, financial services enterprises are one of the industries that most use direct API monetization to build their external ecosystem.
Through Banking-as-a-Service (BaaS) and other platform banking trends, forward-thinking FIs are redefining how banking products and services are consumed.
Embracing an Open Finance ecosystem
To fully participate in this expanding financial ecosystem, an open banking solution with a federated API management component is an essential tool to help support a bank’s digital business strategy, governance, and security for API products.
Amplify Open Banking addresses the complexities of open banking regulations for financial institutions and effectively integrates their services into digital ecosystems. It helps banks comply with laws like Dodd-Frank 1033, manages consents meticulously, and supports fintech collaborations. That reduces overheads and accelerates innovation. For a deeper look at a compliant rollout, this guide to open banking compliance and beyond walks through the steps.
Beyond just providing a more secure and reliable alternative to screen scraping, Amplify Open Banking can help FIs shake up the world of finance by offering their customers more ways to save money, move money, and improve financial well-being.
Screen scraping FAQs
What is screen scraping? Screen scraping is the automated copying of data shown on a screen so a third party can reuse it. It is often written as one word, screenscraping, and sometimes misspelled as screen scrapping. In banking, a third-party app logs in with the customer’s credentials and copies account data.
What is screen scraping in banking? In banking, screen scraping lets a budgeting app, lender, or aggregator read a customer’s balances and transactions. The app does this by logging into the bank’s website on the customer’s behalf.
What are the uses of screen scraping? The main uses of screen scraping are account aggregation, personal financial management, loan application verification, and rewards tracking across institutions.
Is open banking safer than screen scraping? Yes. Open banking removes credential sharing entirely. Data flows through APIs secured with FAPI and OIDC, and the customer can see and revoke each permission. That gap is why regulators favor the move away from scraping (a shift often searched as screen scraping open banking).
How can banks eliminate screen scraping? Banks eliminate screen scraping by publishing FDX-aligned open banking APIs, adding consent management, and moving aggregators from credentials to tokens.