[HN Gopher] The quiet battle raging around open banking ___________________________________________________________________ The quiet battle raging around open banking Author : rmesters Score : 62 points Date : 2021-08-02 07:22 UTC (15 hours ago) (HTM) web link (sifted.eu) (TXT) w3m dump (sifted.eu) | Havoc wrote: | Quite surprised to see a sponsored post make the front page of | hn. | | I'm planning to utilize the UK version to aggregate my | transactions via a read only interface. That seems relatively | safe & think I can wrangle the half a dozen accounts with python | into some sort of coherent view. | | Someone hacked together a bash version of it already: | | https://gitlab.com/emorrp1/accounts | fuckthebay321 wrote: | FUCK YOUR MASK MANDATE! | | KILL YOURSELF FUCKING FASCIST BITCH! | rendall wrote: | I didn't understand that article. Maybe I don't have enough | context. | | _" share their bank data with other parties"_ | | What? Who wants to share their what now with whom? Why would they | do that? | | _" Fintechs like Plaid, TrueLayer and Tink have founded their | businesses on providing access to regulated banking data for a | fee.."_ | | What data? Aggregated? Individual banking? What regulated data? | What regulations? | | _" Under current banking regulation, raw data must be provided | for free to consumers via an official application programming | interface (or API). As a result, the apps pick up the cost on | behalf of their users."_ | | What? My bank doesn't offer an API. I have no idea what that last | sentance even means. What cost? | | It really seems like the article assumes a lot of background | knowledge. Anybody have an ELI5 link? | tormeh wrote: | If memory serves it's an EU directive meant to decouple | handling of money from access to banking information by forcing | banks to provide APIs that third parties can use on a bank | customer's behalf. So you can grant an app permission to see a | live view of your account balance, for example. Not sure what | applications the lawmakers have in mind. Credit rating seems | like an obvious application. It would maybe make it easier to | circumvent credit cards for money transfer, maybe? I suspect | there's a lot of hand-wavy "startups will figure something out" | Denvercoder9 wrote: | _> Not sure what applications the lawmakers have in mind._ | | Accounting and budgeting services are the most common | examples. | greatgib wrote: | This article does not make a lot of sense. | | As you can see it is sponsored by Nordigen, and they try to say | that open banking has some ugly and bad aspects in everything | that is not the particular points of their marketing offer. | damagednoob wrote: | > What? Who wants to share their what now with whom? Why would | they do that? | | Barclays will send banking data directly to FreeAgent[1] which | allows you to categorize the transactions and upload receipts. | FreeAgent uses this information to calculate how much VAT and | Corporation tax I owe to the government. Couldn't be simpler. | | [1] https://support.freeagent.com/hc/en- | gb/articles/360006470520... | twic wrote: | This is all about PSD2: | https://www.ukfinance.org.uk/guidance/payment-services-direc... | rojeee wrote: | All banks in the EU must offer a data and payments API. The | APIs are standardised and must allow third party service | providers - which themselves must be regulated - to be able to | build services using these APIs. With a user's authorisation, | said service provider can view transaction data or initiate a | payment, for example. The specific regulation is called | "payment services directive 2". | wrnr wrote: | This is exactly what I miss about PSD2, a small company still | can't just use an api to do it's banking, checking what money | comes in and optionally (semi) automate payments. You still | need to lobby your country's ministry of finance to get a | license. Great for all the hot customer payments startups but | useless for a company that just want to do IBAN and cut out | the middle man. | Nextgrid wrote: | This is exactly why I hate the name "Open" Banking. | keerthiko wrote: | Truly we need two tiers of API access, one which will | only work with bank accounts we link to our API developer | profile, which is easier to get access to, and another | that is meant to handle third party bank data which | requires ministry compliance and may need to wait longer | for. | Nextgrid wrote: | > What? Who wants to share their what now with whom? Why would | they do that? | | Accounting or budgeting services for example. | | > What data? Aggregated? Individual banking? | | TrueLayer & Plaid are gateways that translate bank's individual | APIs into a single common one, and their clients pay them for | the privilege (typically a monthly fee per active account | connected). | | > What regulated data? What regulations? | | There are EU regulations that force each bank to provide an API | to any AISP (account information services provider) or PISP | (payment initiation service provider). The (A|P)ISP can request | the end-user's consent (typically via OAuth) to access this | data. | | > My bank doesn't offer an API. | | This is why I dislike the name _Open_ Banking. It 's not | actually open. You have to either to through tons of regulatory | BS to become an AISP or go through a gatekeeper like TrueLayer | or their competitors (which will happily "lend" you their AISP | license). Fortunately, there are modern banks such as Monzo or | Starling which allow the end-user to use the API to access | their own account, but technically this has nothing to do with | Open Banking (even though it's often the same API). | ru552 wrote: | I work around this sector. Big banks sell data to data brokers | the same as telcos do. It's unlike Facebook selling your data | because the people buying it aren't trying to target you | specifically. They are looking for market trends. You are | usually aggregated around your demographic. Essentially, the | banks are selling the spending behaviors of demographic X. This | type of anonymous data is important to businesses like Nike and | Coke because it informs their advertising messages. | lazide wrote: | That is incredibly disturbing. | [deleted] | jimhefferon wrote: | > Big banks sell data to data brokers the same as telcos do. | | Do they pay me for making money from me? | foolinaround wrote: | indirectly, by providing you with 'free' services. | alex_smart wrote: | I also know that there are several companies trying to build | alternative credit risk models in markets like India and | Colombia, where many people do not have a credit history so | the usual credit scoring models do not really work. In this | case the data is certainly being used to target, or rather | score you specifically. | Nextgrid wrote: | If this is actually true (because it has nothing to do with | Open Banking), how does this comply with the GDPR? | elzbardico wrote: | I see no point in open banking for me as a customer. The supposed | benefits are timid compared to the huge privacy implications. I | pass | travoc wrote: | They're helpful if you use portfolio aggregation tools like | Personal Capital or Mint. Tracking your overall portfolio | balance when you have many different types of investment | accounts with different banks is difficult to do by hand. | | Without open banking APIs, these tools have to collect your | authentication information and impersonate you on your banks' | websites to collect your account balance information. | fsflover wrote: | Which privacy implications? | danuker wrote: | The attack surface is larger if there are also third parties | with access to your account data. | | Attackers will breach the weakest link. Right now there is | only one link: your bank's website. | lazide wrote: | That is unfortunately not true. There are a great many | additional surface areas, such as that time they linked | TurboTax to their account, or the time they signed up for | budgeting software - and gave it their bank credentials, | etc. | | Most of these being done through screen scraping and by | storing users bank credentials in some random 3rd parties | database. Which is a huge and tempting target. | | It's gotten somewhat better in some cases now as they are | at least using SSO type setups, so it's a track able and | expirable token instead of raw credentials at least some of | the time - but yikes. | frosted-flakes wrote: | I use a budget app called YNAB (You Need A Budget). It's great, | but if I want to connect it to my bank account so I don't | forget to add a transaction, I need to literally _give my bank | account number and password_ to Plaid, a 3rd party service that | logs into my online banking portal _as me_ in order to screen- | scrape my transaction data, because my bank does not offer an | API. Do you not see a problem with this? Not only is it a | terrible idea from a security stand-point, but it 's also super | brittle and error-prone, because whenever the bank updates its | website it breaks the screenscraper. | hughrr wrote: | Gah I was looking into this sort of stuff. I'm sticking to | Excel and manual reconciliation like I've been doing for 20 | years now. Thanks for the heads up. | frosted-flakes wrote: | You don't _need_ to connect your bank account to YNAB. It | works fine without it; you just need to manually enter | every transaction, which you should do anyway. Linking to | your bank account is just to catch mistakes and to auto-add | scheduled transactions. | | I would never go back to budgeting in Excel. Way too | tedious. | gjs278 wrote: | ok well I do. mint is the easiest example. maybe get some money | first and you'll understand too. | wdb wrote: | Open Finance is quite possible without giving your user name and | password, by using a similar approach as Open Banking API. Which | platform require you to give your credentials? | crooked-v wrote: | Plaid is the big one. They use app-specific passwords or other | auth methods where available, but most of the integrations they | offer are built on elaborate screen scraping because the banks | they're pulling from don't offer any kind of APIs in the first | place. | default-kramer wrote: | I wish I could give my banks/FIs a token which allows the bank/FI | to just drop my data (like transactions) into my Google Drive in | some machine-readable format like CSV. Then I could use an | offline tool of my choosing to analyze the data. Why can't it be | this simple? | Nextgrid wrote: | Use a modern bank like Monzo or Starling and they'll allow you | to access their API directly without having either an AISP | license or using a gatekeeper like TrueLayer. | samename wrote: | For people in the US: Monzo has a waitlist and Starling | doesn't seem available (yet) | reilly3000 wrote: | I yearn for better personal financial software with things like | purchase queues, a simple "should I buy this?" UI, and a way to | quickly calculate the downstream effects of financial decisions. | Open banking, or at least clean, timely bank data is prerequisite | to anything like that, but it's been elusive for solo devs in the | US. The UK and EU is far ahead in that regard. ___________________________________________________________________ (page generated 2021-08-02 23:01 UTC)