Open Banking

The Consumer Data Right (CDR) and Open Banking

In 2018, the Australian Competition and Consumer Commission (ACCC) announced the introduction of the Consumer Data Right (CDR). CDR has been introduced to give consumers (both individuals and small businesses) better access and control over their personal data.

Open Banking is the implementation of CDR in the banking sector. Open Banking is designed to give you greater control of the banking data that BOQ holds about you.

This enables you to share your banking data with Authorised Data Recipients (ADRs) making it easier to compare products and services and make more informed decisions about the products and services that suit you, whilst also helping streamline many processes where financial data is required.

Is Open Banking safe?

The Consumer Data Right is designed to keep your data secure and protect your privacy.

You decide if you want to share information
You control what information to share
You choose who you share your information with
You choose when you want to stop sharing your information

The Consumer Data Right is regulated by the ACCC and the OAIC. The data standards have been developed by the Data Standards Body (DSB). These regulators oversee the Consumer Data Right system's privacy and security controls.

Please note BOQ does not endorse, promote, or authorise the use of services that require you to divulge your access codes or passwords.

What is an Accredited Data Recipient?

An Accredited Data Recipient is a provider that has successfully undergone the ACCC’s accreditation process.

Accredited Data Recipients are data receivers under CDR. These are the providers who receive a consumer’s data after the consumer has given their consent.

What is a data holder?

These are the providers who currently hold consumer data such as banks. Registered Data Holders must share eligible customer data with a nominated Accredited Data Recipient when a customer directs them to.

How to share your data

Data sharing will start on an ADR website or app, where you may be asked if you wish to share your data while browsing for a service or product.

If you consent to data sharing, your identity will need to be verified by BOQ before we share any data with the ADR.
You will be directed to BOQ's Data Holder services platform and prompted to enter your CAN or mobile number. Note if your CAN is less than ten-digits, then you will need to insert zeros at the start of your CAN to make up ten-digits (e.g. 0001234567).
You will then be sent a One Time Password (OTP) the mobile number that you have registered with us. If you do not receive the OTP, please ensure that you have your current mobile number registered with BOQ.

Note: You will NEVER be asked for your internet banking or app password while using Open Banking.
When the OTP has been successfully entered and your identity verified, you will be prompted to choose the specific accounts you consent for data sharing.
Review the details and confirm you'd like to share before being linked back to the ADR site where you may begin using your shared data.

When sharing joint account data, a notification email or text (depending upon the preferred communication channel) will be sent to all joint account holders each time data sharing has started, and when data sharing has stopped for that joint account.

Account holders can log into the Customer Dashboard for more information.

Who you’re sharing data with?

Want to learn more about who you’re sharing data with, and what data you’ve shared? Here’s how:

Visit the data sharing Customer Dashboard.
Select BOQ: ‘Sharing started by you’. This will display an option to select active or inactive arrangements.
We’ll display all your active sharing arrangements and the expiry date, followed by expired sharing arrangements and the date the consent expired.
You can search for and click on the sharing arrangement to learn more about when the sharing arrangement access was granted, what accounts have been shared, the type of data that has been shared, and how long we will continue to share data.

You can also stop sharing your data. Locate the provider you want to stop sharing your data with and click “stop sharing” at the bottom of the screen. A message will display, reminding you of what happens when you stop sharing.

Eligibility

Open Banking is available to BOQ customers that meet the following criteria:

Must be an individual, non-individual or joint account holder
Must be 18 years of age or over
Must have a valid mobile phone number registered with us (this is needed to support authentication using a one-time password)
Must have active online or mobile banking
Must have at least one open account

Account eligibility

Open Banking is available to the following BOQ accounts:

Must be an open account
Must have digital access to the accounts through BOQ Internet Banking, the BOQ app, or the myBOQ app
May be an individual or joint account

If the account is a non-individual (e.g. a company account), please see the Nominated Representative section.

Common reasons why one or more of your accounts may not be available for data sharing:

For joint accounts:

You, or one of the joint account holder(s) or the account(s) do not meet the eligibility criteria above (e.g. one of the joint account holders may not have active online banking), or
You, or the other joint account holder(s), have disabled data sharing on the account.

For secondary users:

You, the secondary user or the account(s) do not meet the eligibility criteria above, or
The account holder has not enabled secondary user data sharing permissions on the account

My Customer Dashboard

What is the Customer Dashboard?

An online portal that enables customers to view and manage their data sharing consents.

Using your Open Banking credentials (mobile number or CAN, and one time SMS code), you can log in an access information such as active and expired consents, what data was shared, who it was shared with, and when.

Please note when using Open Banking we will never ask you for your pin code or passwords.

How do I access my customer dashboard?

The Customer Dashboard can be accessed here.

Troubleshooting

I am unable to create a consent using my CAN?

For BOQ you will need to use your customer CAN to create a consent. Note, if your CAN is less than ten-digits, then they will need to insert zeros at the start of your CAN to make up ten-digits (e.g. 0001234567).

For myBOQ your registered mobile number will need to be used.

If you have accounts with both BOQ and myBOQ, two separate consents will need to be created using your customer ID and mobile number.

This is because these are considered separate brands when setting up a consent.

I have created a consent, however, some of my accounts are not appearing.

When creating a consent for joint accounts, all parties must have active internet banking for these accounts to be Open Banking eligible.

Please check that all parties associated with the missing accounts are signed up for internet banking and try to create the consent again.

I have created a consent however my business accounts are not displaying?

If you are trying to create a consent for business accounts, you will need to be added as a Nominated Representative. Please see the Nominate Representative section for more information.

I’m trying to share my data with a third-party, but they are asking for my Internet banking password.

This could be because the third-party is not using Open Banking technology to retrieve your data. Contact the third-party to confirm.

Please note BOQ does not endorse, promote, or authorise the use of services that require you to divulge your codes or passwords. Please remember that if you break your obligation to us not to disclose your codes or passwords to another person, you will be liable for any EFT transactions on your account(s) made using your codes or passwords.

I want to give three different Accredited Data Recipients (ADR) access to my BOQ.

Yes. You will need to provide a consent for the requests from each ADR.

I have created a new account since setting up my data sharing consent, do I need to create a new consent to view this new account?

Yes. You must set up a new consent to share your new account.

Frequently Asked Questions

What is my CAN?

This is the unique customer identifier you use to log in to Internet Banking. Note if your CAN is less than ten-digits, then they will need to insert zeros at the start of your CAN to make up ten-digits (e.g. 0001234567).

To share data for accounts available in the myBOQ app, please login using your registered mobile number (10 digits) instead of your CAN

What is a one-time password (OTP)?

We’ll never ask for your Internet Banking password to share data with accredited providers. If you choose to share your BOQ data with accredited providers, we’ll send you a one-time password to your registered mobile. This one-time password will expire after 5 minutes.

Do I have to share my data through Open Banking?

No, sharing your data is always your choice. You’ll be in full control of what data you share, who you share it with, and for how long.

Can I stop sharing my data?

Yes, you can choose to stop sharing data with an accredited provider at any time. You can do this by using the accredited provider’s service or through the Customer Dashboard.

Are fees are charged by BOQ to use Open Banking services?

No fees are charged by BOQ for using Open Banking.

Authorised Data Recipients may charge you fees for their services. Please refer to their terms and conditions.

Can I share my closed account data?

You can share data for accounts closed less than two years ago, but you must also have a current open account with us.

Will I have to give my password to a third party?

When you use open banking, you won't be asked for your banking password. A one-time password will be sent to your phone instead.

Please note BOQ does not endorse, promote, or authorise the use of services that require you to divulge your codes or passwords.

The open banking environment is a safe and secure way to share your information and doing it this way doesn't breach BOQ's Internet Banking terms and conditions.

Joint Accounts and Secondary Users

How do I share data on a joint account?

Joint accounts are available for data sharing if they meet the eligibility criteria. You won’t need approval from other joint account holders to share data with accredited providers. All account holders must have the account registered for internet banking.

However, if you or any other account holder have disabled your joint account for data sharing it will need to be re-enabled before data can be shared.

I hold an account with my 16-year-old, can I share our account information?

All account holders who wish to use Open Banking must be over 18 years old. This criteria is set in legislation.

Who is a secondary user?

A secondary user is someone who has approved account privileges to the account, such as an authorised third party or a secondary card holder.

As an account holder, you may create a secondary user instruction that will allow the secondary user to share account-related data via Open Banking. Only if a secondary user instruction is created can the secondary user share your account data via Open Banking.

How do I enable secondary user data sharing on my account?

Data sharing permissions for secondary users must be enabled by an account owner via the Customer Dashboard.

Business Accounts

Nominated Representative

To start sharing your business account data, please complete this form to add a Nominated Representative.

Please note this does not apply to sole traders. Sole traders can use their personal CAN or Mobile to share their business accounts.

Once the form has been processed, the nominated representative will use their personal CAN/customer ID and mobile number to manage data sharing consents. Please ensure the nominated representative is eligible for data sharing, including having online access to the account(s).

For non-individual (business) data sharing:

A nominated representative must be authorised to enable data sharing on behalf of a business or non-individual entity (such as a sole trader or trust).
The nominated representative must:
- Be aged 18 or older; and
- Have access and authority to the business account they wish to share; and
- Have a registered mobile number and email with BOQ.
Multiple nominated representatives can be authorised to manage data sharing on behalf of a business if they meet the above criteria.

How do I remove a Nominated Representative for data sharing on behalf of my organisation?

To remove a Nominated Representative, please complete this form to remove a Nominated Representative.

When an authorised representative is removed, we will also revoke their nomination to share data. Note: Any arrangements to share that have been created prior to the nominated representative being revoked will continue.

Can my business or organisation have more than one Nominated Representative?

Yes, an authorised representative of the business entity may add multiple Nominated Representatives.

CDR Policy

Our policy explains how we manage data under the Consumer Data Right (CDR).

CDR Policy

Open Banking

Show me

The Consumer Data Right (CDR) and Open Banking

How to share your data

Eligibility

My Customer Dashboard

Troubleshooting

Frequently Asked Questions

Joint Accounts and Secondary Users

Business Accounts

CDR Policy

We're here to help.