Industry leaders have said artificial intelligence is reshaping how financial data moves, warning existing channels are no longer safe without an expanded Consumer Data Right framework.
FinTech Australia CEO Rehan D’Almeida and Australian Competition and Consumer Commission commissioner Ian Oppermann have urged policymakers to accelerate CDR reforms, saying that widespread use of open banking could repel AI-driven fraud risks.
Speaking at a discussion panel on open banking at the Fintech Data Horizons Summit, attended by The Adviser, D’Almeida said AI had fundamentally changed the risk profile of the three main “pipes” that carry consumer financial data.
He outlined that the arrival of AI in all three meant the industry needed to rethink long‑held assumptions about control and security.
“Through the manual pipe, the user feels in control, but the process is slow and it always leaves room for manipulation, fraudulent manipulation of documents by bad actors or phishing, social engineering, fake landing pages by scammers,” he said.
“AI makes all of this cheaper, faster and more convincing. Control without speed is no longer protection.”
He then turned to screen scraping, which he characterised as giving AI near-unimpeded reach into consumers’ financial decisions.
“Through the screen scraping pipe, AI gets effectively unconstrained access to whatever sits behind a password, far more data than any single decision actually requires,” D’Almeida explained.
“The purpose is invisible. The data is unbounded, and the consequences for consumers and for data holders are unforeseeable.”
By contrast, he said that the CDR channel offered a consent‑based, machine‑to‑machine connection where access was tied to a specific use.
“Through the CDR pipe, something genuinely new becomes possible. Consent based intelligence flows give AI a structured, traceable purpose, bound view of consumer data, faster credit decisions, smarter household financial guidance, real time fraud detection and prevention,” he said.
Regulator questions screen scraping’s future
Oppermann echoed those concerns from a regulatory standpoint and questioned why some large companies still favoured screen scraping over CDR.
“I had a conversation around data sharing with a number of large companies in a different part of the economy, and the suggestion was that we should do screen scraping to get access. I thought, what a terrible suggestion,” Oppermann said.
“If you are a person whose screen is being scraped, not only can you foil that sort of activity, but the small update in your web page means that whatever the screen scraping processes needs to adapt to that.
“That’s actually an expensive, inefficient and error prone process, and yet it’s still in some cases easier to do than following the rules of CDR.”
He stressed that part of the challenge was better articulating the benefits of regulated data sharing to both data holders and technology providers.
“Part of what we need to do is really focus on the value of high quality data and the value of data which is shared in a way which is safe and appropriate and controlled, and really sell the benefits of identifying the value proposition,” he said.
Oppermann also pointed to fraud as an area where poor‑quality or uncontrolled data flows could create vulnerabilities and where CDR could close some of those gaps.
“There have been some really interesting issues around fraud information, and this is an example where, if we identify where opportunities of fraud can creep into the system, they are areas that we can really focus on the benefits of high quality, appropriately controlled data sharing and trying to do our very, best to remove opportunities for downside risk,” he said.
AI risk puts pressure on insecure data channels
Both speakers linked the rise of AI directly to the policy question of how quickly Australia could transition away from insecure data‑sharing methods to a CDR-predominant landscape.
For Oppermann, the growing sophistication of automated attacks meant that the cost of clinging onto legacy practices was rapidly rising.
“AI really does give challenges for non-secure data sharing methods, and that’s only going to intensify if we get CDR optimisation right, if it is scaled enough,” he said.
“If it is communicated enough, if we have enough people inside the network, if we have the right data assets inside the network, then that becomes, in itself an answer to insecure data sharing and the threats posed by AI.”
He framed the issue as a balancing act between security and economic activity, sayinf that robust CDR infrastructure could satisfy both camps if it reached sufficient scale.
“So really, it’s a two-sided policy challenge of, how do we keep Australians safe, but how do we provide together a safe way for financial transactions and other transactions still to be executed inside our economy,” Oppermann said.
[Related: Calls mount to use ATO data in open banking to reduce fraud risk]
Want to see more stories from trusted news sources?
Make The Adviser a preferred news source on Google.
Click here to add The Adviser as a preferred news source.
