[HN Gopher] The quiet battle raging around open banking
___________________________________________________________________
The quiet battle raging around open banking
Author : rmesters
Score : 62 points
Date : 2021-08-02 07:22 UTC (15 hours ago)
(HTM) web link (sifted.eu)
(TXT) w3m dump (sifted.eu)
| Havoc wrote:
| Quite surprised to see a sponsored post make the front page of
| hn.
|
| I'm planning to utilize the UK version to aggregate my
| transactions via a read only interface. That seems relatively
| safe & think I can wrangle the half a dozen accounts with python
| into some sort of coherent view.
|
| Someone hacked together a bash version of it already:
|
| https://gitlab.com/emorrp1/accounts
| fuckthebay321 wrote:
| FUCK YOUR MASK MANDATE!
|
| KILL YOURSELF FUCKING FASCIST BITCH!
| rendall wrote:
| I didn't understand that article. Maybe I don't have enough
| context.
|
| _" share their bank data with other parties"_
|
| What? Who wants to share their what now with whom? Why would they
| do that?
|
| _" Fintechs like Plaid, TrueLayer and Tink have founded their
| businesses on providing access to regulated banking data for a
| fee.."_
|
| What data? Aggregated? Individual banking? What regulated data?
| What regulations?
|
| _" Under current banking regulation, raw data must be provided
| for free to consumers via an official application programming
| interface (or API). As a result, the apps pick up the cost on
| behalf of their users."_
|
| What? My bank doesn't offer an API. I have no idea what that last
| sentance even means. What cost?
|
| It really seems like the article assumes a lot of background
| knowledge. Anybody have an ELI5 link?
| tormeh wrote:
| If memory serves it's an EU directive meant to decouple
| handling of money from access to banking information by forcing
| banks to provide APIs that third parties can use on a bank
| customer's behalf. So you can grant an app permission to see a
| live view of your account balance, for example. Not sure what
| applications the lawmakers have in mind. Credit rating seems
| like an obvious application. It would maybe make it easier to
| circumvent credit cards for money transfer, maybe? I suspect
| there's a lot of hand-wavy "startups will figure something out"
| Denvercoder9 wrote:
| _> Not sure what applications the lawmakers have in mind._
|
| Accounting and budgeting services are the most common
| examples.
| greatgib wrote:
| This article does not make a lot of sense.
|
| As you can see it is sponsored by Nordigen, and they try to say
| that open banking has some ugly and bad aspects in everything
| that is not the particular points of their marketing offer.
| damagednoob wrote:
| > What? Who wants to share their what now with whom? Why would
| they do that?
|
| Barclays will send banking data directly to FreeAgent[1] which
| allows you to categorize the transactions and upload receipts.
| FreeAgent uses this information to calculate how much VAT and
| Corporation tax I owe to the government. Couldn't be simpler.
|
| [1] https://support.freeagent.com/hc/en-
| gb/articles/360006470520...
| twic wrote:
| This is all about PSD2:
| https://www.ukfinance.org.uk/guidance/payment-services-direc...
| rojeee wrote:
| All banks in the EU must offer a data and payments API. The
| APIs are standardised and must allow third party service
| providers - which themselves must be regulated - to be able to
| build services using these APIs. With a user's authorisation,
| said service provider can view transaction data or initiate a
| payment, for example. The specific regulation is called
| "payment services directive 2".
| wrnr wrote:
| This is exactly what I miss about PSD2, a small company still
| can't just use an api to do it's banking, checking what money
| comes in and optionally (semi) automate payments. You still
| need to lobby your country's ministry of finance to get a
| license. Great for all the hot customer payments startups but
| useless for a company that just want to do IBAN and cut out
| the middle man.
| Nextgrid wrote:
| This is exactly why I hate the name "Open" Banking.
| keerthiko wrote:
| Truly we need two tiers of API access, one which will
| only work with bank accounts we link to our API developer
| profile, which is easier to get access to, and another
| that is meant to handle third party bank data which
| requires ministry compliance and may need to wait longer
| for.
| Nextgrid wrote:
| > What? Who wants to share their what now with whom? Why would
| they do that?
|
| Accounting or budgeting services for example.
|
| > What data? Aggregated? Individual banking?
|
| TrueLayer & Plaid are gateways that translate bank's individual
| APIs into a single common one, and their clients pay them for
| the privilege (typically a monthly fee per active account
| connected).
|
| > What regulated data? What regulations?
|
| There are EU regulations that force each bank to provide an API
| to any AISP (account information services provider) or PISP
| (payment initiation service provider). The (A|P)ISP can request
| the end-user's consent (typically via OAuth) to access this
| data.
|
| > My bank doesn't offer an API.
|
| This is why I dislike the name _Open_ Banking. It 's not
| actually open. You have to either to through tons of regulatory
| BS to become an AISP or go through a gatekeeper like TrueLayer
| or their competitors (which will happily "lend" you their AISP
| license). Fortunately, there are modern banks such as Monzo or
| Starling which allow the end-user to use the API to access
| their own account, but technically this has nothing to do with
| Open Banking (even though it's often the same API).
| ru552 wrote:
| I work around this sector. Big banks sell data to data brokers
| the same as telcos do. It's unlike Facebook selling your data
| because the people buying it aren't trying to target you
| specifically. They are looking for market trends. You are
| usually aggregated around your demographic. Essentially, the
| banks are selling the spending behaviors of demographic X. This
| type of anonymous data is important to businesses like Nike and
| Coke because it informs their advertising messages.
| lazide wrote:
| That is incredibly disturbing.
| [deleted]
| jimhefferon wrote:
| > Big banks sell data to data brokers the same as telcos do.
|
| Do they pay me for making money from me?
| foolinaround wrote:
| indirectly, by providing you with 'free' services.
| alex_smart wrote:
| I also know that there are several companies trying to build
| alternative credit risk models in markets like India and
| Colombia, where many people do not have a credit history so
| the usual credit scoring models do not really work. In this
| case the data is certainly being used to target, or rather
| score you specifically.
| Nextgrid wrote:
| If this is actually true (because it has nothing to do with
| Open Banking), how does this comply with the GDPR?
| elzbardico wrote:
| I see no point in open banking for me as a customer. The supposed
| benefits are timid compared to the huge privacy implications. I
| pass
| travoc wrote:
| They're helpful if you use portfolio aggregation tools like
| Personal Capital or Mint. Tracking your overall portfolio
| balance when you have many different types of investment
| accounts with different banks is difficult to do by hand.
|
| Without open banking APIs, these tools have to collect your
| authentication information and impersonate you on your banks'
| websites to collect your account balance information.
| fsflover wrote:
| Which privacy implications?
| danuker wrote:
| The attack surface is larger if there are also third parties
| with access to your account data.
|
| Attackers will breach the weakest link. Right now there is
| only one link: your bank's website.
| lazide wrote:
| That is unfortunately not true. There are a great many
| additional surface areas, such as that time they linked
| TurboTax to their account, or the time they signed up for
| budgeting software - and gave it their bank credentials,
| etc.
|
| Most of these being done through screen scraping and by
| storing users bank credentials in some random 3rd parties
| database. Which is a huge and tempting target.
|
| It's gotten somewhat better in some cases now as they are
| at least using SSO type setups, so it's a track able and
| expirable token instead of raw credentials at least some of
| the time - but yikes.
| frosted-flakes wrote:
| I use a budget app called YNAB (You Need A Budget). It's great,
| but if I want to connect it to my bank account so I don't
| forget to add a transaction, I need to literally _give my bank
| account number and password_ to Plaid, a 3rd party service that
| logs into my online banking portal _as me_ in order to screen-
| scrape my transaction data, because my bank does not offer an
| API. Do you not see a problem with this? Not only is it a
| terrible idea from a security stand-point, but it 's also super
| brittle and error-prone, because whenever the bank updates its
| website it breaks the screenscraper.
| hughrr wrote:
| Gah I was looking into this sort of stuff. I'm sticking to
| Excel and manual reconciliation like I've been doing for 20
| years now. Thanks for the heads up.
| frosted-flakes wrote:
| You don't _need_ to connect your bank account to YNAB. It
| works fine without it; you just need to manually enter
| every transaction, which you should do anyway. Linking to
| your bank account is just to catch mistakes and to auto-add
| scheduled transactions.
|
| I would never go back to budgeting in Excel. Way too
| tedious.
| gjs278 wrote:
| ok well I do. mint is the easiest example. maybe get some money
| first and you'll understand too.
| wdb wrote:
| Open Finance is quite possible without giving your user name and
| password, by using a similar approach as Open Banking API. Which
| platform require you to give your credentials?
| crooked-v wrote:
| Plaid is the big one. They use app-specific passwords or other
| auth methods where available, but most of the integrations they
| offer are built on elaborate screen scraping because the banks
| they're pulling from don't offer any kind of APIs in the first
| place.
| default-kramer wrote:
| I wish I could give my banks/FIs a token which allows the bank/FI
| to just drop my data (like transactions) into my Google Drive in
| some machine-readable format like CSV. Then I could use an
| offline tool of my choosing to analyze the data. Why can't it be
| this simple?
| Nextgrid wrote:
| Use a modern bank like Monzo or Starling and they'll allow you
| to access their API directly without having either an AISP
| license or using a gatekeeper like TrueLayer.
| samename wrote:
| For people in the US: Monzo has a waitlist and Starling
| doesn't seem available (yet)
| reilly3000 wrote:
| I yearn for better personal financial software with things like
| purchase queues, a simple "should I buy this?" UI, and a way to
| quickly calculate the downstream effects of financial decisions.
| Open banking, or at least clean, timely bank data is prerequisite
| to anything like that, but it's been elusive for solo devs in the
| US. The UK and EU is far ahead in that regard.
___________________________________________________________________
(page generated 2021-08-02 23:01 UTC)