Open Banking is an overengineered and terrible solution, requires middlemen and there's nothing "open" about it. Do not fall for the hype.
Basically, instead of having a URL scheme to represent a bank transfer request that your banking app could register itself for and handle, they'd rather rely on a middleman to get a broad read/write access token to your bank account so they can initiate the payment from there.
These tokens are not scoped. When you do this, you fully trust the merchant (and theoretical legal recourse you may have) to not lie and only initiate the bank transfer for the amount they claimed - but there's nothing technically preventing them from taking more, or silently also grabbing your account history in the process (no bank provides an audit trail to know which read actions were taken).
In fact, I suspect the fact you can do a read access as a byproduct "for free" and silently is a big part of why this type of payment is pushed so heavily.
In addition, "Open" banking requires either significant regulatory/licensing hurdles, or a middleman like TrueLayer who (at least at one point, not sure how it is now) will be happy to lend their license to you for a fee. On top of that, you either need a middleman or need to integrate with each bank's API separately - so generally speaking, you'll always need said middleman.
All for something that can be resolved on the client side with a simple URL scheme. But don't expect a corporatocracy like the UK to go for the simple solution if they can instead go with one that provides turf to as many middlemen and parasites as possible.
Basically, instead of having a URL scheme to represent a bank transfer request that your banking app could register itself for and handle, they'd rather rely on a middleman to get a broad read/write access token to your bank account so they can initiate the payment from there.
These tokens are not scoped. When you do this, you fully trust the merchant (and theoretical legal recourse you may have) to not lie and only initiate the bank transfer for the amount they claimed - but there's nothing technically preventing them from taking more, or silently also grabbing your account history in the process (no bank provides an audit trail to know which read actions were taken).
In fact, I suspect the fact you can do a read access as a byproduct "for free" and silently is a big part of why this type of payment is pushed so heavily.
In addition, "Open" banking requires either significant regulatory/licensing hurdles, or a middleman like TrueLayer who (at least at one point, not sure how it is now) will be happy to lend their license to you for a fee. On top of that, you either need a middleman or need to integrate with each bank's API separately - so generally speaking, you'll always need said middleman.
All for something that can be resolved on the client side with a simple URL scheme. But don't expect a corporatocracy like the UK to go for the simple solution if they can instead go with one that provides turf to as many middlemen and parasites as possible.