Many online lenders, like Moula, will typically request access to your online bank accounts. This is because we make lending decisions based on your business data, by looking at things like cash flow and transaction volumes. But just how safe is this permissioning for viewing bank account data?
Online bank account permissioning is usually done through the online application process. Here you will be asked to enter your username and password (your Credentials) in the same way that you would access your online bank accounts. This might seem uncomfortable, but our processes are robust, and security measures are strong. Let’s dig a bit deeper:
Why does Moula want access in the first place?
The reason we request access boils down to one thing – it saves you time. Once upon a time, getting a business loan meant spending 6 to 8 weeks filling in forms and then waiting around for banks to approve you. At Moula, we’ve built our business on delivering a fast and painless solution, so you don’t have to spend weeks drowning in paperwork in order to apply. When you give us access to your bank data, we’re able to take a quick snapshot of all the information we need, so that you don’t have to fill out a stack of long, messy forms.
To put things in perspective, allowing Moula into a bank transaction feed takes less than 15 seconds to complete, which is light years faster than you scanning bank statements or downloading PDF documents from your online banking portal. In addition, our system is set up to read and analyse electronic bank transactions in a matter of seconds, helping us make a lending decision in a matter of minutes. Alternatively, when we are provided with PDFs of bank statements, the machine’s efficiency is substituted for human eyeballs and the decision process slows down drastically. Permissioning into electronic bank information allows us to give you a much faster response and lets you get back to the business of running your business.
What does Moula actually see when I put in my credentials?
Here’s a short summary of what we can and cannot see or do:
- Moula will never be able to see bank login or passwords, nor do we store any login credentials. This is why you have to re-permission us into your data to top-up or when you apply for additional loans.
- Moula can only access bank transaction information (and typically only about 6 months worth of transactions)
- Moula can see transaction details for all the accounts that are normally visible to the Borrower via their internet banking profile.
- Moula cannot make any transactions on behalf of a borrower’s account.
So Moula can’t transact on my account?
No, nor do we want to. We are a lender, so our aim is to put money in your account rather than the reverse! The systems and processes are set out so that we can only ever access a ‘view-only’ version of the transactions across an account; we do not have the facilities or capability to make any transfers, to anyone, ever.
What service provider does Moula use to achieve this?
Moula partners with an Australian company called Proviso, a long-standing provider of online security services in Australia which is also used by many of the big banks. And just like Moula, Proviso never sees banking credentials and cannot transact the business’s bank account.
So how does all this encryption actually work?
In it’s simplest form, encryption is the process by which data is translated into code, which to most users would appear as a meaningless mess. Data that has been encrypted is given an ‘encryption key’, and only those that have the corresponding encryption key can see or open encrypted data.
Every encryption key is unique and corresponds to a unique set of encrypted data. Encryption is the most effective way to achieve data security with many websites using some form of encryption (if it says HTTPS in the URL) to ensure a high level of confidentiality.
The permissioning security works on a double-encryption process whereby neither Moula nor Proviso ever has access to both “keys” needed to log in to the customer’s bank account. When a customer enters their credentials:
- Moula automatically encrypts their details and sends them securely to Proviso.
- Proviso never sees or stores the Credentials, instead, they only see an encrypted file.
- Proviso then adds another level of encryption and sends the double-encrypted key back to Moula who uses it to access to a ‘view only’ version of the customer’s online bank account.
The only process run by Proviso once logged in is to access bank transaction listings for up to the past 12 months. Any accounts that are visible to the borrower via their internet banking profile will be visible to Moula in the data files accessed.
Check out our more detailed blog post about online data security if you want to learn more. You can also check out Proviso’s website for some more info. If you have any questions, feel free to give us a call on 1300 88 58 93 and we’ll be happy to chat.