Open Banking Explained: How Your Financial Data is Changing Hands (Securely)

Most people haven’t thought about it. You log in, grant access, and…it just works. But the financial industry is shifting to something better: open banking. It affects your privacy, security, and what’s possible with your money.

Here’s what’s changing and why it matters.

How Financial Software Connects to Banks Today

For years, personal finance software has had to work around a fundamental challenge: banks didn’t provide official ways to share customer data with third-party tools.

So the industry developed workarounds. The most common method is called “credential-based access”. You share your bank login with a data aggregator (like Yodlee or Plaid), and they retrieve your transaction data on your behalf.

This method:

• ✅ Made personal finance software possible
• ✅ Works with thousands of institutions 
• ❌ Requires sharing bank passwords
• ❌ Can break when banks change login pages
• ❌ Gives you limited control over what’s accessed

It works, but it’s not ideal, which is why the industry is evolving.

The Evolution: Open Banking

Open banking fundamentally reimagines how financial data flows between banks and software.

Instead of working around banks, banks build official, secure connections specifically designed for customer-authorized data sharing.

How Open Banking Works

Step 1: You Request Access

You tell your bank: “I want to share my transaction data with this software”

Step 2: Bank Authenticates You

The bank asks you to log in directly on their secure website (not through the third-party software)

Step 3: You Grant Specific Permissions

The bank shows exactly what the software is requesting:

• View account balances? ✅
• See transaction history? ✅
• Initiate payments? ❌

Step 4: Bank Issues Secure Token

Instead of your password, the bank gives the software a unique, temporary “token” that only works for approved permissions

Step 5: Data Flows Securely

The software uses this token to request read-only data through the bank’s interface (API). No password ever shared. No money can be moved or transferred with read-only access.

Step 6: You Maintain Control

Through your bank’s website, you can see which software has access, review what they’re accessing, and revoke access with one click.

The Key Difference

Credential-Based Access:

• You share your bank password 
• Access is all-or-nothing
• Can break when banks update their systems
• Requires periodic re-authentication (Two-factor authentication codes or 2FA)

Open Banking:

• Your password stays private
• You grant specific read-only permissions
• More stable connections (bank-supported)
• No 2FA prompts to keep connections fresh
• Revoke access instantly through your bank

Why Open Banking Matters

1. True Data Ownership

Your data is legally yours. You decide who sees it, for how long, and for what purpose.

2. Enhanced Security

Apps never see your password. Access is tokenized and can be instantly revoked. Banks can detect and shut down suspicious API usage.

3. More Reliable Connections

This is a big one: No more entering 2FA codes to keep your data fresh. Connections stay stable without constant re-authentication.

4. Granular Permissions

Grant specific access: read transactions but not account numbers, see balances but not make payments, access checking but not savings.

5. Transparency 

Banks provide dashboards showing which software has access, what data they’ve requested, when they last accessed your account, and one-click revoke buttons.

6. True Competition

Data portability creates genuine competition. Third-party software must compete on features, not lock-in.

“Your customers’ financial data belongs to them, not to Chase. When you make it harder for customers to use tools they’ve chosen to manage their money, you’re prioritizing your business interests over their financial well-being.”
  — Peter Polson, CEO of Tiller

Peter’s Open Letter to JPMorgan Chase to keep banking open

Tiller and Open Banking: Where We Stand

Tiller has been advocating for open banking since Day 1. In 2020, we became Yodlee’s first open banking deployment in the United States. This wasn’t just a technical decision; it was mission-aligned. We believe customers should control their financial data, and open banking infrastructure makes that possible.

The Current State

As of Q1 2026, about 22% of the financial institutions supported by our aggregators use open banking connections. These tend to be the largest banks, covering approximately 80% of Tiller customer volume. The rest still use credential-based access.

What Tiller Does:

• Encrypt and securely store your transactions on our servers
• Our team does not have access to view your individual transactions (our security processes prevent this)
• Fill data to YOUR spreadsheet (Google Sheets or Excel) 

What Tiller Never Does:

• Aggregate your data with others for analysis
• Sell your data to third parties
• Access your bank login credentials
• See full account numbers (only last 4 digits)
• Initiate payments or transfers

Your Control Options:

• Open banking connections: Revoke access directly through your bank
• All connections: Remove accounts anytime through your Tiller Console
• Your spreadsheet: Always remains yours, even after removing Tiller access

What’s Next: Advocacy and Uncertainty

Recent regulatory uncertainty around the CFPB’s Section 1033 rules means open banking progress could slow. But we’ll keep pushing.

Open banking should be a consideration when choosing a bank, and customers deserve transparency about which institutions support it. Until there’s a comprehensive public list (which the CFPB should provide), we’ll continue advocating for broader adoption and clearer standards. 

Looking for a new bank? Ask if they support open banking. It’s a sign they’re committed to giving you control over your financial data.

Your Data, Your Choice

Open banking represents a fundamental shift in power dynamics. 

For years, some financial institutions have been treating your transaction data as their proprietary asset. Open banking says: No. This is the customer’s data. They decide who accesses it, for what purpose, and for how long.

This isn’t just about software like Tiller working better; it’s about who owns and controls financial information in the 21st century.

At Tiller, we’ve always believed your financial data should be private, portable, and under your control. As the industry transitions from credential-based to open connections, we’re able to deliver on that promise with greater security and reliability than ever before.

The direction is clear. As more banks adopt open banking standards, the entire financial ecosystem becomes more transparent, more competitive, and more consumer-friendly.

And that’s the future we’re building toward: one where your money data is truly, finally, yours.

Further Reading

• Europe Led (2018): The EU’s PSD2 regulation required all banks to provide secure APIs for customer data access, sparking an explosion of fintech innovation. Learn More.
  
• UK Accelerated (2018-2020): The UK mandated specific API standards and created shared infrastructure, becoming the global leader in adoption. Learn More.
  
• U.S. Catches Up (Present): The Consumer Financial Protection Bureau (CFPB) finalized Section 1033 rules requiring financial institutions to make consumer data available through secure, standardized interfaces. Full implementation expected by 2026-2027. Learn More.

Want to see why open banking advocacy matters? Our CEO Peter Polson recently wrote an open letter to JPMorgan Chase calling on them to keep banking open and customer-centric.

Read Tiller CEO, Peter Polson’s Letter to JPMorgan to Keep Banking Open.

If you are excited about open banking and haven’t yet joined Tiller Money, visit our site and get started with a 30-day free at Tiller.com.