Community

@AndrewRothwell: Good question even if I say so myself - because I'd exactly this question when Apple Pay was launched in the US, particularly since the underlying wallet, Passbook, does have LBS functionality. At the time, I was told that payment cards can't be set by location since the 1-to-1 relationship that applies between loyalty card and location doesn't apply for payment cards. Even if this feature has somehow been implemented by now, it'd require the GPS to be on - which is otherwise not the case for Apple Pay to work - which poses two challenges, namely, faster battery drain and GPS tends not to work too well indoors. But iPhone6 is more powerful, these problems might be resolved, and I'm very eager to know the answer to your question.

Is there any regulatory stipulation on the price that can banks can charge for the API access? After all, banks have spent huge money on collecting and maintaining all this data and deserve to be compensated for sharing it with third parties.

I tend to agree with @CharmaineO about liability in the event of a data breach or any number of other things that could wrong with this approach.

On a side note, I've come across APIs from well before 2000 (e.g. SAP's BAPI), so the line crediting SFDC for launching APIs in 2000 must only mean cloud API. Besides, BAPIs could be implemented over mainframe instances of SAP, so banks shouldn't have too many problems doing a similar thing on top of their legacy systems.

Last but not the least, how does this regulation plan to safeguard the consumer's rights? After all, as a bank customer, I'd hate for all my data to be shared via APIs with every new fintech startup that comes around and for me to be told ex post facto that this has happened on account of some regulation. I've come across people who are not comfortable about their bank sharing their retail banking data even with its own corporate banking SBU.

Good post but, being on both sides of the table, I can see where these startups are coming from. Problem is most angels and VCs are themselves not pathbreaking and would rather stick to the "known devil" territory. Very early in the pitch, they want to be able to place the new startup in front of them into a pigeonhole defined by a successful startup XYZ viz. Uber of this, AirBnB of that, etc. When that happens, the next obvious question is how're you different from XYZ (and other XYZ-clones that're already in the market) and the -ers follow soon. I'm not saying that this is the right way to pitch but I've seen many sound, but clean-slate, pitches falling flat with investors who couldn't "get" them within the few allotted minutes.

@JamesBell: I know you're stating the "party line" but banks have as much to lose (interchange fees) due to friction as merchants (revenues), so I'd support merchants if they made a case for shared liability when 3DS is absent. On a side note, I've often wondered the same thing about lack of recent fraud data as you.

This must have played some part in USAA being named as the US Company with the Best Web Experience (Source: https://twitter.com/rshevlin/status/621055143698657280). On a side note, average savings in the pilot group works out to US$ 37.50 / mo [120000/(800*4)]. To a coffee lover like me, that sounds too measly to justify skipping a coffee! IMO, these Mobile Money Management Apps (MoMMA) aren't doing themselves any favors by harping on the example of coffee in a coffee-drinking nation like USA!

Even when you make bank switching less painful than root canal surgery, not enough people want to switch. I totally agree with the previous comments.

I love the way Stripe minces no words in holding 2FA / 3DS responsible for potential loss of revenues: "at Stripe we've so far opted not to support 3D Secure since we believe the costs outweigh the benefits." More at https://support.stripe.com/questions/does-stripe-support-3d-secure-verified-by-visa-mastercard-securecode. Thanks to Adam Nybäck - Anyro - Stockholm for sharing this Stripe link.

@AdamN: TY for sharing this Stripe link. I've added it as a comment below my post. I'm glad that I'm not the only one harping about how the push for greater security can result in lost revenues. Well before Stripe, other PSPs have advocated CVV / AVS checks as a tradeoff between security and convenience. Just that regulators in some countries (e.g. India) pushed ahead with 3DS and stuck to their stand despite receiving feedback about loss of revenues caused by 3DS friction whereas regulators in some other countries (e.g. USA) didn't. In extreme cases, the Indian regulator actually went on record saying "security first, convenience later". There are examples of SaaS and ecommerce companies who relocated outside India just to avoid the burden of 2FA / 3DS.

Having run the FPS implementation for a Top 3 UK bank back in 2008, I got a chance to observe it from very close quarters. While it has its advantages, like the ability to mimic the realtime settlement nature of credit card, credit card offers many other benefits to the payor that are unmatched by FPS, even excluding rewards viz. repudiation, deferred payment, greater security, zero fees. Therefore, no matter how widespread ACH / FPS rails become, alternative modes of payments like credit card will always remain and the payor will always want to have a lot of say about which payment mode they wish to use. I'll never say never but I don't see the day when the payor will be ready to totally relinquish their choice of payment mode to a hub or whatever you call it. That said, once the payor decides a payment mode, it might be possible for a hub to automate the specific route / brand within that mode e.g. If payor selects ACH, hub can automatically decide whether to route it via NACHA or Clearing House; if payor selects Credit Card, hub can automatically decide whether to use HDFC-VISA-3323 or AMEX-5333 or whatever card. It already works this way for cross-border remittance: Once the remitter selects wire transfer @ US$ 45, the bank automatically decides which correpondent bank and route to use.

Does anyone how much extra revenues merchants gained by not being overzealous about security, causing too much friction and suffering from shopping cart abandonment?

Mitigating Fraud Does Not Pay The Bills