Transaction data exposed via open banking APIs in Australia could be enriched with location information to help identify if someone has been in a Covid-19 hotspot.

Most of us are aware of the need to identify individuals who have been in contact with someone infected with Covid-19. Currently, contact tracers use a combination of the CovidSafe app or voluntary check-in data at cafes and restaurants (i.e. where patrons scan a QR code or complete a guest book). Each of these methods have limited reliability, with estimates that the CovidSafe app only works 25% of the time.

Other options might involve using GPS, yet that performs poorly in higher-risk, indoor settings. Alternatively, relying on people to recall their whereabouts is even less reliable, bluetooth is inconsistent and checking in via QR code is voluntary.

But, what if the solution lies in people’s everyday bank transactions?

As Covid-19 accelerates the shift to a cashless economy, the location metadata associated with a bank transaction can be used to identify if a payment was made at the same place and same time as an infected person.

The launch of CDR and open banking in Australia means that developers can use third parties like Basiq to get bank transaction data via screen scraping technology, open banking APIs, or a mix of both. Basiq’s Enrich API is then able to return detailed location information on this transaction data. With it, an app could let users check if they have visited any Covid-19 hotspots by analysing their expense transactions during a relevant time period:

'Safespot' an app that uses open banking data via Basiq to alert users if they're at risk of Covid.

How it could work

Use Basiq Connect API to return every payment transaction that occurred. Then use the Basiq Enrich API to return the latitude and longitude of the merchant for each transaction. The dates and locations can then be parsed against the relevant state health department Covid-19 case location datasets (e.g.: NSW Health dataset here).

You could generate an alert wherever a transaction’s location and date corresponds with a hotspot’s location and date.

Below is an example recipe, using the NSW dataset:

  1. Get users to connect their accounts using Basiq Connect UI control, which will securely extract their transaction details from each account, cleaning, enriching and standardising their format across all connected institutions. Detailed instructions and sequence diagram for this step can be found here.
  2. Use the Connect API to retrieve a list of transactions filtered by transaction date (e.g.: the range of dates in the Covid-19 dataset) and class=payment (the class used for payments to merchants).{{user-id}}/transactions?'2020-07-10','2020-09-09'),transaction.class.eq(‘payment’)

"type": "transaction",
"id": "fb904a88-406b-461a-93e5-f2780d6d2bff",
"status": "posted",
"description": "THE DOCK BAR PTY LIMIT REDFERN NS AUS Card xx0002",
"amount": "-153.73",
"account": "939f72a8-db57-417d-a820-64814fa917a8",
"balance": "",
"direction": "debit",
"class": "payment",
"institution": "AU00000",
"connection": "4ae2b84e-f514-4724-95dd-2c4a4f7b7f4e",
"transactionDate": "",
"postDate": "2020-08-29T00:00:00Z",
The response will include 3 attributes (amongst many others) that will be used to search the Covid-19 dataset - postDate, description and institution.

3. Extract the merchant name from each transaction’s description, and post it plus the institution to the Enrich API.

Including the institution is vital as Enrich uses specific ML algorithms that recognise the unique transaction description formats used by each institution for better accuracy.

4. From the response, extract the geometry attribute from the response, which includes (amongst other information) the merchant’s latitude and longitude.

"location": {
            "routeNo": "182",
            "route": "Redfern St",
            "postalCode": "2016",
            "suburb": "Redfern",
            "state": "NSW",
            "country": "Australia",
            "formattedAddress": "182 Redfern St, Redfern NSW 2016",
            "geometry": {
                "lat": "-33.8922255",
                "lng": "151.2007772"

5. Using the lat and lng keys from the extracted geometry, search the Latitude and Longitude columns of the Covid-19 locations dataset.

6. If any location records are found, check their Date_1 to Date_15 columns against the transaction record’s postDate. Usually only Date_1 contains data, unless there has been more than one occasion where an infected person visited that location.

7. If you find a match between the transaction postDate and any of the location’s Date columns, extract the action value from that row, which contains the Health Department advice to anyone that may have been in contact - e.g.: watch for symptoms, or isolate and get tested immediately.

8. A more geospatial approach would be to display both the Covid-19 hotspots and transaction records on a map so the user can see how close any are. You could also programmatically measure the distance between the hotspot and transaction using the haversine formula, considering any distance of 50 metres or less between the transaction and hotspot coordinates to be a match.

To keep updated on all our future data projects, subscribe to the Basiq blog below. For more on how Basiq provides secure and automated access to financial data check out the Basiq website.