Slashdot Mirror
How an Open Standard API Could Revolutionize Banking
An anonymous reader writes: Open bank data will give us the freedom to access all banks in real time and from a single view, automatically calculating the best deals in complete transparency, which will be a significant step forward for social good and give people more control over their finances. Meanwhile, financial tech incubators, accelerators, and startups are creating a more experienced talent pool of developers ready to act upon these newly available assets. From the article: "The United Kingdom government has commissioned a study of the feasibility of UK banks giving customers the ability to share their transactional data with third parties via an open standard API. First mentioned alongside the autumn statement back in December, the chancellor has now outlined plans for a mandatory open banking API standard during the recent budget in March."
going for first post...
I just spent almost an hour downloading CSV files for my HSBC business accounts (three accounts). This involves stepping through statements by hand, operating a dropdown, and clicking Download, for each month. One by one. You can't even right-click on each statement and "open in new tab".
An OAuth2 + REST API to just grab this data would be very useful.
Does the author serious thinks banks are going to adopt anything that is "a significant step forward for social good and give people more control over their finances". Most of the money they make is off people who can't control their finances effectively.
Keep in mind their entire business is moving numbers from one pile to another. Anything that keeps them in control of the access to these piles and information about them is a good thing to them.
I can understand benefits of standard, open API for automatic processing of orders for companies and various home-budget tools. But I don't get "automatically calculating the best deals in complete transparency". Do you really need a program, querying 100 of banks in realtime for the best place to have your current account _today_? And tomorrow you are going to switch, because international transfers over there are half cent cheaper?
API for transactions - sure yes. But API for bank offers metadata? Isn't it bit too much?
Because I really want advertisers and the NSA/IRS knowing even more about my financial habits. Yay for openness!
They will love it, because what they want is transparency and more competition, because that is what banks want: to give you the ability to compare.
Oh wait, they don't. They will fight this with everything they have and they have money.
Don't fight for your country, if your country does not fight for you.
1. Customer opt in or opt out? Binary control, or more fine grained control?
2. Security? Liability?
3. Will the "financial tech incubators, accelerators, and startups" be held to the same requirements and same standards? If not, why not?
4. How will API evolution and versioning work? Who's responsible?
5. How will compliance with the standard(s) (and service levels) be enforced?
Imagine that instead of having your shitty bank app or website, or in many cases, several shitty bank apps or websites, you had one unified app that accessed that consistent API across banks, and presented a nice interface.
Transfer from bank 1s savings account on the right day to pay your incoming card bill from bank 2. ... ...
Unified balance and tracking of upcoming bills - warning you if you're about to go into the red with a hypothetical purchase in a week and your forecast income,
And yes - security is an obvious issue, and there need to be strict permissions.
I go for first post, and someone always gets it ahead of me. You're trying not to get it and yet you get it.
What's your secret?
Is HBCI not open? What are the differences and benefits? Drawbacks?
Use cash. You will buy goods for less (if you negotiate), and your activities will not be followed as easily by the voyeurs in government.
You mean like the internet database, first the government (Jacqui Smith MP for Stasiland) was going to store all the data of every website visited.
Then when the people rebelled, she proposed ISPs would log (AND INDEX) all the internet data in databases with an API for government to access.
Then that was rejected, her Tory version Theresa May then tried to do the same thing, also using the same lying rhetoric, also rejected.
Then Snowden came out and we found out the f**ers have done it anyway, and GCHQ was spying on Brits in violation of its charter, and for a foreign power no less, the NSA.
So be warned if someone wants to make an open API, the first thing they'll do is grab that data in secret regardless of the laws of the UK.
Up to a short while ago, German banks were using a proprietary archaic binary format to accept transfer instructions from customers. The specification was relatively short, and in the last years processing was nearly instantaneous (upload a file, and transactions were executed (during working hours of the banks) - no slower than "secondary" banking services like paypal are today).
Now the EU has standardized the banks ("SEPA"), and introduced the use of an ISO format. The schema is called "pain". And that name is an omen. Where things were simple "move money from A to B" instructions, this is now cascaded into different levels of execution times, first/single/recurrent withdrawls, and even something as insane as partial execution of transactions contained in a file (to be signed by individual TANs). Collecting money now takes a whooping 6 bank working days. It feels like banks have to print, copy, sign, and file such XML request files when processing them. Probably fax them to the other affected bank, too.
Standardization is good, but the processes involved are unnecessarily heavy-weight, and some of those processes have been hard-wired into the schema. It seems to be a compromise between the bureaucrats of the participating countries. And of course it would be unreasonable to expect that they could do something that is technically sane.
We really need a standard method of retrieving porn. Oh wait its "banking" with a "b"
"how an open standard api could revolutionize hacking of banks"
there. two little words.makes all the difference.
at least now, a hacker usually has to target a specific customer group or bank... and the same specific hack used won't work elsewhere without some degree of modification... with a nationwide (or worse, global) standard.. they could potentially hack _them all_ at once.. all it would take is one little crack in the foundation.........
The idea that anyone except banks/criminals/LE will benefit from this is patently absurd.
Through a self-perpetuating ecosystem of developers, the banks will continue to gather high-value data from customers through third party integration.
I read the article but don't really understand what a "self-perpetuating ecosystem of developers" would do for me. It sounds like they're planning to breed.
A pile of code where what little documentation available is 6 years out of date.
Hmm, all banks with a common API so any flaw in that API means that the cybercriminals have instant access to all banking information for everyone everywhere. And we know d*mned well that there WILL be flaws in that API.
I prefer the bazaar to the cathedral, please.
Sometimes the "writing on the wall" is blood spatter...
Standard ? We can't even come up with a NFC pay system because everyone wants to be the owner (permanent 2% siphon) and no one really wants to co operate.
I hear in the third world you can transfer money with a text message.
How about proper support for OFX first? I have enough issues with my bank sending me broken OFX Files that are broken, or that every OFX Client for Linux remotely supports.
In Germany we have something similar already for about 20 years. It's called HBCI (home banking computer interface) or, in it's newer incarnation FinTS.
Reference: http://www.hbci-zka.de/english/
https://de.wikipedia.org/wiki/Homebanking_Computer_Interface (german)
It's a central API which is voluntarily implemented by about 2000 banks (half of all existing) in Germany.
There are numerous commercial and also open source programs and apps available for customers. It's very easy to consolidate one's personal finance with several different banks in one single program.
It offers encryption, multi-factor autorisation etc..
The current implementation with chip generated TAN is quite secure. The data of a transaction is sent over a separate channel (usually blinking GIF image) to a cheap (10 €) reader which decodes the data with the help of a cryptographic chipcard and presents the data to the user on a display. If accepted by the user, it generates a TAN (transaction numer) valid only that transaction.
Summary: Such a central API works and has definitely a big value for customers.
I for one wouldn't choose to open any commercial relation to a bank which hasn't implemented that API
This is just a superficial technology implementation that will make the BIG banks richer, more powerful, and better organized, financially and politically. Not a revolution at all. It's a step backwards for humanity. A REVOLUTION would to be breaking up the BIG banks into much smaller and better regulated entities that cannot use depositors money for risk-implied investments, i.e. Wall $treet.
Bitcoin is the open, decentralized and open-source banking API.
Despite what you may have heard, the technology is thriving and the number of developers, projects and startups in the space is exploding. 2015 is on track to be a $1b investment year for bitcoin, most invested in USD (not bitcoin) in more than 700 startups.
It's a lot more than a currency, it's the Internet of Money, or Money-over-IP (MOIP). Read the Satoshi Nakamoto whitepaper, every geek should.
The US has several commercial closed API offerings from Intiut, Plaid and Yodlee
See http://bryanbyrne.com/post/98332433645/overview-of-bank-data-apis
An open banking API provides great benefits to the consumer. Banks are very conservative in adopting new technology. However they'll be competitively challenged by non-bank payment systems like Google Wallet, Paypal etc and lots of other Fin Tech start-ups that use API's to access banking information.
Let's hope they include not-just transaction data but also a payments system in the API.
Other posters have already demolished the idea that banks will do this voluntarily or by edict.
The engineering approach is to not involve them. The Finance::Bank collection is the closest you're going to find to a workable solution.
Anybody who has money to spend on a government "solution" should send it to these developers instead.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
As expected, someone else chimed in about Bitcoin. However let's be realistic for a minute and assume the banks will want to keep using national currencies in the short term. The software for this already exists, it's called Open-Transactions. It's FOSS, features a high-level API, and has been in testing for years. Yes it works for bitcoin, but it also works for dollars, gold, apples, whatever unit of account you want. It's faster and cheaper than bitcoin because it can be centralized (or federated) instead of completely decentralized.
Before anyone gets all freaked out about "financial cryptography OMG criminals", I'd like to point out that financial cryptography includes digital signatures to prevent fraud even without necessarily encrypting anything. The server operator can allow whichever API calls they need and nothing else.
while the UK has their issues, this issue is all but settled in the US. the Open Financial Exchange defines a way to interface with banks. the problem is getting software that can do this with ease.
Anons need not reply. Questions end with a question mark.
PositiveMoney has it all wrong. The video says "if we all paid off our debt, the current economic system would collapse". But if we all paid off our debt and stopped working because we didn't need to anymore, then the real economy (i.e. the thing that actually produces food, clothes, houses, cars, computer, electricity, clean water, etc.) really would also collapse because there would be no one doing the work to create all that stuff.
There is a big issue of inequality of both income and wealth distribution. But debt itself isn't the problem. Think about Zimbabwe where the government printed money and handed it out to the poor. Everyone paid off their debts. But the currency is worthless because inflation was 1000%. No one bothered working because the money they got from selling it would be worthless before they could spend it. There was no point in doing anything for which you didn't receive some immediate benefit. The concept of savings simply ceased to exist. (Hoarding, however, was very much still alive.)
Debt, in fact, is the biggest and best backstop a currency has. Debt is the promise that the people who owe money in that currency will work for you in the future. Stuff is still relatively plentiful, but labor, especially skilled labor, is very dear indeed. And debt means a currency is backed by that labor. That's a big part of why the dollar reigns supreme.