How to Free Banks and Consumers From the Risks of Old Data

Mit Shah is the Co-Founder and COO of Method Financial, the financial connectivity platform that gives access to consumer permissioned liability data and embedded payments through a single API. He is a frequent commentator on open banking regulation and real-time data access for and is actively engaged with members of Congress on CFPB reform and Section 1033 policy.

Consider the cases of two different consumers.  

One goes to Chase and applies for a credit card. They go to American Express and apply for another. Maybe they head over to one of the many new fintechs offering revolving credit, too. The activity happens in parallel, but the bank underwriting each credit line using 30-day old credit bureau data has no line of sight into the other applications. The banks approve the applications and the consumer goes about accruing debt at a rapid pace.

The other consumer has been preparing for a mortgage application and paid down their revolving debt after their last statement. These payments put them underneath the standard 45% threshold for debt-to-income ratio lenders require. But the 30-day old picture on their credit bureau file doesn’t reflect their latest payments and they’re declined for a mortgage. 

Both consumers are getting the wrong underwriting decision from different financial institutions.

This problem was supposed to be solved by The CFPB’s Section 1033 rule, which enabled borrowers to share real-time data with lenders. But the industry-accepted technical protocol for doing so is too clunky to be practical.  

Why? Authentication. 

The CFPB’s Section 1033 rule formalized an outmoded practice that puts the responsibility for account authentication exclusively in the hands of banks. Today, banks only enable the same password-based authentication for all use cases. They don’t allow for shared, identity-based authentication. This leaves consumers to connect all of their bank accounts to a lender one-by-one in a manually intensive process. Given the number of different services the average consumer uses, this creates a huge amount of friction that lenders want no part of.  

This high friction solution is no solution at all. Lenders don’t want consumers dropping out of their application funnel en masse and are relying on the same stale data they always have.  

The Big Problem of Old Data 

This is not a niche issue. If you put all consumers on a spectrum, with consumers whose risk is being understated by credit bureaus at one end and consumers whose risk is being overstated at the other, you see very significant variances at both ends. According to Method’s analysis of consumer credit bureau files against real-time data snapshots: five percent of consumers have a credit card balance 307 percent higher than what is listed in their credit card file. Another five percent of consumers have a credit card balance 97 percent lower. 

The technology exists to fix this. But because there’s no universal shared identity layer across banks and aggregators, what should be as easy as granting informed consent becomes a battle to remember and correctly enter passwords at a myriad of financial institutions.

So while open banking data can be used at scale in lending decisions, it isn’t widely adopted. For a lender, getting a borrower through the application and to a credit decision as quickly as possible is their primary consideration. The average American is using a growing number of financial services providers. They carry more than $100,000 in debt, spread across a range of financial institutions, use a handful of financial apps, and a significant proportion will apply for new credit cards in the next year. When consumers have to manually link their accounts lenders commonly see a 30-40 percent drop off at the point of connection. That is unacceptable to lenders. For many of them, cash-flow underwriting is deployed only as a second chance option for applicants about to be declined. 

A Loophole Worth Closing 

Stale data is a systemic vulnerability. Method’s internal analysis shows that more than 40 percent of all tradelines on credit reports are more than one month old. And it goes far beyond credit cards: we see that 44 percent of personal loan data on file at credit bureaus is more than 30 days stale, while 59 percent of student loan data is 30 days old. Fifteen percent of personal loan data and 20 percent of student loan data is two months old. 

It’s not a recipe for accurate underwriting. And for more nuanced calculations like mortgages, which look at full debt-to-income ratio, the situation is further skewed from reality. A borrower whose credit card balance appears at $5,000 on the bureau but is actually above $15,000 has a very different financial situation than what credit bureau data suggests.

When financial institutions are constantly understating and overstating risks for different cohorts of consumers, no one is well served. Banks are overexposed to risk on one flank, and consumers who could qualify for debt consolidation, cheaper credit, or financial relief are left in the cold. 

Credit Stacking is Missed

Consumers who apply for several new credit applications in parallel, outside of what a financial institution can view, is not a new concern. But as the much hyped financial resiliency of the American consumer starts to soften, the concern is growing more acute. And it is compounded further by the looming spectre of BNPL, which does not consistently nor reliably appear on credit reports. While a few percent of consumers might be stacking credit card applications, according to CFPB data one-in-three borrowers stack BNPL across multiple providers, and almost two-thirds of BNPL users have multiple loans. 

Method’s analysis shows that borrowers whose credit card utilization spikes more than 50 percent in the 45 days after a credit snapshot is taken are two times more likely to have opened two or more accounts in that timeframe and have a 2.3x higher default rate. These consumers have a much different spending profile than banks are anticipating and are at a naturally higher risk of delinquency. 

Banks Are Not in Position to Meet Refinancing Demand

For a brief moment in February, interest rates were the lowest they’d been since late 2022. But the refinancing window is fickle, and closes quickly. 

Close to five million new borrowers became potentially eligible for refinancing. Too many borrowers couldn’t take advantage of this window because lenders are competing on outdated information. They have no accurate visibility into a liability picture of a consumer and are missing out on a ton of behavioral indicators around how quickly someone is paying off a debt, that would further identify them as ideal borrowers.  

 And when banks are underwriting new credit lines on data that is potentially months old they cannot serve consumers who qualify, and certainly not within finite, time-sensitive windows of opportunity. Consumers are either left paying higher interest rates, or banks lose customers to competitors with better underwriting.

Fix Authentication and You Unlock the Power of Open Banking in Lending 

Authentication is the key to facilitating a generational change in underwriting that will transition lenders away from relying on stale data and realize the potential of open banking. To enable this new era of underwriting, the industry must accept several realities. 

The industry must be willing to tackle digital identity. The improvement to customer experience of doing so would be enormous. Third parties could use a consumer’s verified identity to discover and connect all their financial accounts in a single flow, rather than requiring individual connections for each one. This would relieve users of the need to remember 10 passwords for 10 banks and stop requiring them to have the patience to connect each one and instead require only a single identity handshake. 

For this to work, banks will also need to get more comfortable trusting other institutions’ authentication processes. That’s a big ask, but it could be undertaken incrementally. Starting with lending use cases only would create very little real risk: it involves a known borrower already identified by the lender, leveraging read-only data access where only the lender sees the data. 

To fully fix this visibility gap, the CFPB should go further. It should enable other authentication mechanisms to ensure all borrowers and any type of debt can be served and lay the foundation for interoperability between all financial institutions. By expanding the data covered by 1033 to include student loans, mortgages, auto loans and BNPL, it would include the totality of consumers’ liabilities and provide lenders the full, current, to-the-minute picture of an applicant’s credit situation.  

There are a lot of organizations doing great work in this space, like Open ID Connect or Apple, and we’d be wise to also follow their lead as we think more broadly about digital identity. The net effect will be positive. Banks, for a start, will be able to underwrite even more consumers with greater clarity and less risk. They’ll fix a vulnerability and in doing so be able to assess all consumers a little better.

The opinions shared in this article are the author’s own and do not reflect the views of any organization they are affiliated with.

Open Banker curates and shares policy perspectives in the evolving landscape of financial services for free.

If an idea matters, you’ll find it here. If you find an idea here, it matters. 

Interested in contributing to Open Banker? Send us an email at [email protected].

OPEN BANKER SALON - JUNE 5, 2026

We started Open Banker to raise the quality of financial policy debate. Now, we are bringing the newsletter to life with our first ever event: Open Banker Salon. This isn't a typical conference. No 40-minute talking-head panels. No bland keynotes. The Salon is designed for real intellectual engagement with in-depth debate-style discussions.

Location: The Aspen Institute, Washington, DC

Pay just $795. Register here today!