Giving consent
I hold accounts with more than one BOQ brand. Do I need to complete a consent to share data for each brand?
Yes. You will need to provide a consent for each brand.
I want to give three banks access to my BOQ Data. Does this require three separate consents?
Yes. You will need to provide a consent for each Accredited Data Recipient (ADR).
How do I share information on a new account?
You must provide consent to share data per account, including for any newly created accounts.
Where can I find more details on any ‘terms and conditions’ for data sharing?
This responsibility largely sits with the Accredited Data Recipient (ADR), who is required to provide a clear declaration of data usage. Please contact the relevant ADR for further information on this.
Note that the BOQ Specialist Customer Dashboard has been designed to meet Data Holder obligations of Open Banking.
What is my Customer ID? Is it the same for each brand?
The customer ID is the generic name given to the unique customer identifier you use to log into internet banking. The Customer ID is different for each brand, and are as follows:
- BOQ: If accessing your account(s) via BOQ Internet Banking: Customer Access Number (CAN)
- BOQS: Client number
- VMA: If accessing your account(s) via VMA Mobile App: Mobile Number
- DDHG: User Name
One Time Password (OTP)
I have been blocked due to too many failed login attempts. Can I be unblocked so that I can access the dashboard?
There is no ability to unblock a client before the 24 hour period. If you have failed the maximum login attempts to access your dashboard and are been blocked, you will need to wait 24 hours until the block is removed before you can try again.
Is there an autofill feature for the One Time Password (OTP) for mobile phones?
This feature is not available in our Data Holder solution.
Can the One Time Password (OTP) be emailed?
The OTP will be sent via SMS to customers who have a valid mobile number registered with BOQ. The OTP will only be sent via email in the instance that BOQ does not have a valid mobile number registered for a customer.
Refusing consent
In what circumstances can BOQ Specialist (the Data Holder) refuse to share customer data in response to a request from an Accredited Data Recipient (ADR)?
Your bank (the Data Holder) may refuse to disclose required customer data in response to a request in the following instances:
- if BOQ Specialist (the Data Holder) considers this to be necessary to prevent physical or financial harm or abuse; or
- in relation to an account that is blocked or suspended; or
- in circumstances set out in the data standard
BOQ Specialist (the Data Holder) is required to inform any customer of such a refusal in accordance with the data standards.
Managing consent
Under what circumstances would BOQ Specialist (the Data Holder) manage consents on behalf of a customer?
Under the Consumer Data Right (CDR) rules:
- Customers can request that a Data Holder revoke a consent e.g. via a call centre. This may be as the customer is unable to do it themselves. A Data Holder has an obligation to revoke consents for customers who have requested the Data Holder to do so
- A Data Holder has an obligation to revoke consents for customers who are not eligible anymore e.g. no longer a customer
- An authorised staff member can suspend (i.e. temporarily block) a specific account from consent. e.g. for the prevention of harm and abuse
- In the event that a customer is deceased
- In the event that fraudulent activity has been detected
How immediately will changes to my data sharing consent(s) be reflected in the Customer Dashboard?
Updates to data sharing consents that are made via the Customer Dashboard will be reflected immediately.
How immediately will any data corrections / updates be reflected in the Customer Dashboard?
Please allow up to 24 – 48 hours for data corrections / updates to be reflected in your dashboard.
Revoking consent
How long after revoking a consent will my data sharing stop?
Changes due to revoking consent are managed ‘real time’ and will be reflected immediately.
If I had revoked a consent but have now changed my mind, can this consent be reinstated?
No, you are unable to reinstate a revoked consent, as revoking a consent stops the sharing of data. You will need to grant a new consent via the Accredited Data Recipient (ADR).
Can I revoke a ‘pending’ consent?
Yes. You can revoke a pending consent.
Inactive and expired consents
How long can I view inactive consents under ‘Consent History’?
The Customer Dashboard will show 2 years of history, however BOQ will retain consent information for an additional 5 years.
What happens to data that I have shared with an Accredited Data Recipient (ADR) once the consented time period is over?
The data is either de-identified or deleted according to your preferences as captured at the time of granting consent.