Is Open Banking Safe?

Australia's open banking system is delivered through the Consumer Data Right. The CDR is designed with consent, privacy safeguards, and information security requirements built in.

That does not mean every digital service is risk-free. It does mean CDR bank data sharing has a regulated structure that is different from casually handing account information to an app.

Consent is the starting point

The OAIC says consent is the foundation of the Consumer Data Right. CDR is opt-in, and a business may only collect, use, and disclose CDR data with express consent.

The CDR website says providers must make it clear what data you have agreed to share, how it will be used, who will have access, how long access lasts, and how you can manage or withdraw consent.

Privacy safeguards apply

The OAIC states that there are 13 legally binding CDR privacy safeguards. These safeguards set privacy rights for consumers and obligations for businesses collecting and handling CDR data.

The official CDR website also states that Consumer Data Right follows strict regulations to protect data and privacy.

Accredited providers must meet requirements

The OAIC says accredited businesses must meet requirements for data collection, use and storage, information security, protecting privacy, and obtaining consent.

The CDR website provides a current provider section where people can find providers accredited to offer services under CDR and see CDR representative arrangements.

How Cove Money handles bank data

Cove Money operates as a CDR Representative of Fiskil Pty Ltd. Fiskil is the Accredited Data Recipient that collects and discloses CDR Data on behalf of Cove Money.

Cove Money receives bank data on a read-only basis. Cove Money does not receive or store bank login credentials. Cove Money cannot move money, make payments, or change anything in your bank.

Core application and financial data for Cove Money are hosted in Australia. Cove Money's CDR Policy states that Fiskil's CDR Policy says CDR Data handled by Fiskil resides in Australia.

What you should still check

Before connecting any app to your financial data, read the provider's privacy policy, CDR policy, terms, and consent screens. Check what data is requested, why it is needed, how long access lasts, and how to withdraw consent.

If something looks unclear, pause before authorising access.

---

This article is general information only and does not constitute personal financial advice. Consider seeking advice from a licensed adviser before acting.