Consent fatigue in open banking: designing seamless user consent

As open banking grows, customers face repeated permission requests across multiple screens. Without careful design, this leads to “consent fatigue” - users disengage or accept blindly. We explore what causes this fatigue and how fintechs can design experiences that minimise friction and build trust.

Open banking lets customers connect their bank accounts to third‑party services for payments and data sharing. To work, it relies on consent: the customer must authorise data access and payment initiation. However, research warns that there is a tension between providing enough information for informed decisions and avoiding overwhelming the user. Over‑explaining or repeating consent prompts can create friction and cause users to drop out [1].

Consent fatigue occurs when people are repeatedly asked to agree to terms, permission screens or privacy notices. Cookie banners are an extreme example - a typical user can see about 1,020 cookie banners per year [4]. When similar patterns appear in open banking, customers feel bombarded and either disengage or accept without reading. The Open Banking Customer Experience Guidelines emphasise that adoption depends on intuitive experiences: customers need clarity about what they are consenting to and confidence that the process is secure [5].

Why it matters for open banking

Fintechs often design consent flows from a compliance perspective, listing every permission separately. A study on open‑banking UX found that users lose attention after the second permission screen [2]. This leads to abandonments - people stop linking their accounts - and undermines trust. The guidelines caution that unnecessary friction and poorly timed consent moments erode user control [1].

Consent fatigue also affects adoption because customers will not connect accounts unless there is a clear, immediate benefit. The RiseUp guide notes that intent‑driven consent improves uptake by showing the value (e.g., connecting an account to find savings) [3]. Without this context, repeated requests feel onerous.

Multi‑screen authorisation: Many payment initiation services display separate screens for authentication, data sharing, recurring payment consent and optional marketing. Users typically pay attention for the first screen or two; by the third they start to lose focus [2]. In some cases, drop‑off rates rise dramatically after multiple prompts.
Long, legalistic text: Lengthy privacy notices or consent forms can overwhelm customers. According to TTC Labs, there is a trade‑off between giving enough detail to be transparent and not adding friction [1]. Ambiguity about why data is needed encourages users to either abandon the flow or consent without understanding.
Repeated requests across services: Customers may be asked to grant consent every time they connect a new account or use a feature. Cookie‑consent research shows that repeated prompts lead to indifference, causing users to click “accept” automatically [4]. Similar behaviour occurs when open‑banking consents are not bundled logically.

1. Group and prioritise consents

Where multiple data types are needed for the same processing activity, group them into a single consent choice and avoid asking separately [1]. However, keep consents separate for distinct purposes and be selective in what you group. Offer a clear “accept all” option for optional data processing but allow users granular control if they choose [1]. This approach minimises friction while preserving choice.

2. Use layered, plain‑language design

Present information in layers: a concise summary first, with the option to explore details. Givestation’s research shows that progressive disclosure and plain language improve conversions by 2.7× [2]. Explaining what data will be used, why it is needed and whether the user can change their mind reduces anxiety. Avoid jargon and legalistic language.

3. Focus on user value and timing

Ask for consent just‑in‑time - when the user is about to use a feature - rather than up front [4]. Highlight the immediate benefit, aligning with intent‑driven consent [3]. Customers should feel that granting access will deliver something valuable, such as personalised budgeting or faster checkout.

4. Provide trust indicators and transparency

People are more willing to consent when they trust the service. Display regulator information, trust logos, bank‑grade security badges clearly. Givestation found that such visual markers increased user confidence by up to 85% [2]. Offer clear paths to revoke consent or cancel a transaction and show how data will be managed, in line with the Open Banking Customer Experience Guidelines [5].

5. Respect returning users and preferences

Design consent flows to recognise returning customers and remember their previous choices. Cookie‑consent studies recommend customising banners and avoiding unnecessary repetition [4]. In open banking, this means not asking for the same permission again unless something has changed or re‑authorisation is required by regulation, or storing and displaying a user's previous choices on a bank selection screen.

What this means for Asima

Asima aims to be the infrastructure partner for enterprise‑grade open banking. To stand out, we must balance compliance with usability. In practice, that means helping you to design consent flows that:

Group permissions logically and offer an “accept all” with granular choices.
Use progressive disclosure and plain language, with call‑outs explaining why each permission matters.
Ask for consent at the moment of need, showing the tangible benefits of connecting accounts.
Display strong trust signals - appropriate logos, FCA references and secure design - and make cancellation easy.
Remember users, so they are not repeatedly asked for the same permissions.

By embedding these principles, our customers reduce consent fatigue, improve completion rates and build long‑term trust with their customers.

Footnotes

TTC Labs report on consent design notes that there is a tension between giving enough information and avoiding friction; too many consent moments cause users to disengage. It recommends grouping consents when appropriate and providing an “allow all” option with granular control. Source
Givestation’s UX study found that users lose attention after the second permission screen. Progressive disclosure and plain language increased completion rates 2.7×, and visual trust indicators boosted confidence. Source
RiseUp emphasises that intent‑driven consent is critical; customers connect accounts only when they see immediate value. Source
Cookie‑consent research shows that users experience fatigue when they face hundreds of consent prompts, leading to indifference. It advocates simple language, layered consent, smart defaults and just‑in‑time requests. Source
The Open Banking Customer Experience Guidelines highlight that adoption depends on intuitive design and clear explanations of consent in secure flows. Source

Kieron James
October 2025

Recent posts

December 04, 2025

Fintech and open banking news: 11/25

November brought the first commercial cVRP transaction via Visa A2A, a major BNPL player announcing its own stablecoin, and the FCA setting out how it plans to regulate cryptoassets and stablecoins. Here is Asima’s take on what matters.

November 27, 2025

API quality is becoming a competitive differentiator - and UK open banking data proves it

Latest UK open banking metrics show average response times in the 300 ms range, with availability over 99 %. For infrastructure providers like Asima, these numbers matter — because true scale demands performance, resilience and trust baked into every API.

November 20, 2025

Open banking hits its stride: OBL keynote signals for infrastructure-providers

At the 2025 Open Banking Expo, Open Banking Limited explained how the UK system is moving from mandated rails to open innovation. In this post we unpack the engineering implications for payments and data infrastructure, and what it means for platforms like Asima.

November 13, 2025

UK marketplace payments: authorisation, agent status, or Asima’s third-party verification

If you run a marketplace where customers pay third-party sellers, you’re in UK payments territory. Learn when FCA approval applies, why the Appointed Representative route doesn’t, and how Asima’s Third-Party Verified Accounts model can help.

November 06, 2025

Fintech and open banking news: 10/25

October brought major developments in open finance testing, regulatory collaboration, and the future of tokenised payments. Asima reviews the highlights, the infrastructure implications, and what clients should prepare for next.

October 30, 2025

Control by design: what superintelligence fears tell us about infrastructure trust

A new call to prohibit “superintelligence” has united unlikely voices. Rather than pick a side, we examine what this debate reveals about control, consent and accountability in critical infrastructure, and how those ideas inform the systems we build in finance.