MFA and the End of Screen Scraping: What Consumer Finance Apps Need to Know

For years, consumer finance apps have relied on screen scraping to connect to customers’ bank accounts.

It was never perfect, but it worked.

Now, that’s changing - fast.

What is Screen Scraping?

Screen scraping, also known as bank feeds, aggregator feeds, or credential-based connections, is a method of accessing a customer’s bank data by:

Asking the user to enter their internet banking credentials
Logging in on their behalf (in the background)
"Scraping" the information from their online banking portal, essentially copying and pasting the data

This method has been around for years. For many fintechs, it was the only way to access banking data before Open Banking became available in Australia through the Consumer Data Right.

Even today, many consumer finance platforms still rely on it either directly or through third-party data aggregators.

But here’s the thing: screen scraping was never built to last.

Why Screen Scraping is Starting to Fail

In late March 2025, Commonwealth Bank of Australia (Commbank) introduced mandatory multi-factor authentication (MFA) for all internet banking logins.

That means customers must verify each login using a one-time code or mobile app approval, something only the customer can do manually.

For screen scraping, that’s a deal-breaker.

When your system tries to log in using stored credentials, it now hits a wall:

The MFA prompt blocks access
There’s no way to complete the second verification step
Logins fail silently or break entirely

And Commbank isn’t alone, other banks are likely to follow with similar security upgrades.

This means screen scraping is no longer a reliable or scalable method of accessing banking data in Australia.

Why This Matters for Consumer Finance Apps

You might not think of your app as “using screen scraping” - especially if the integration is handled by an aggregator or backend provider. But if you’re noticing:

Users reporting account connection errors
Missing or delayed transaction data
Rising support tickets about bank feeds not updating

…it’s likely you’re being impacted by this change.

This isn’t just a technical issue, it’s a business continuity risk:

Your product’s core features may stop working
Customer trust and satisfaction can erode
Compliance and data privacy concerns may arise

The Better Path: Open Banking (CDR)

Australia’s Consumer Data Right (CDR) and Open Banking framework was designed to solve these very problems.

Instead of credential sharing, Open Banking enables customer-permissioned, secure, API-based access to financial data—no scraping, no guesswork.

With Open Banking:

Users give explicit consent to share data from their bank
The connection happens via secure APIs, built and maintained by the banks
Data is structured, up-to-date, and fully compliant

How Fiskil Can Help

At Fiskil, we help consumer finance apps make the switch to Open Banking, without having to rebuild from scratch.

Our solution is:

✅ Plug-and-play: Integrate quickly with your existing stack
✅ Zero maintenance: We handle the infrastructure, updates, and compliance
✅ Built for fintech: Spend tracking, credit scoring, lending - we’ve got you covered
✅ Loved by developers: Clear documentation, fast support, real-time data

If screen scraping (or your current aggregator) is holding you back, we’ll help you move forward with a future-proof solution that works now and scales with you.

Don’t Wait for More Breakage

Commbank’s move is the first real crack in the wall and it won’t be the last. If your product relies on screen scraping, now is the time to act.

Let us help you replace fragile connections with something built to last.

👉 Talk to our team

TL;DR

🔍
What happened?	Commbank rolled out MFA, blocking screen scraping
Who’s affected?	Any app relying on bank feeds or login-based data connections
Why it matters	Broken data access, bad UX, rising support overhead
What to do	Switch to Open Banking with a trusted partner like Fiskil