Abimbola Oloyede - UNITED BANK FOR AFRICA - Lagos 19 October, 2017, 07:22 0 likes

This is great news! I can see the fire burning fiercely...

A Finextra member 19 October, 2017, 21:13 1 like As PSD2 APIs aren’t yet available, it must be assumed this uses screen scraping with customers having to surrender user id and passwords for bank accounts to Bud. Is HSBC taking responsibility for security risks or is it down to Bud or is it the customer carrying the risk? Not sure I would be trusting a Fintech startup with my bank credentials.

Rajesh Tiwari - Wipro Ltd - London 20 October, 2017, 08:10 0 likes

Great, bold and aggressive move. HSBC is showing to prove that they are leader in adopting to the new trends and policy. Any new initiative always comes with a question on security of data, but now that is a old school. All the Fintech includding startups has learnt that Data security is very important stuff and they have done all required majors to not to let breach the data privact. I am all up for it and looking forward. In todays world. more you share more you are secure.

 

A Finextra member 20 October, 2017, 08:26 0 likes Rajesh, Is that a personal opinion or an official Wipro view? Here is the view of the FIDO Alliance who are pushing for a ban on screen scraping. “We do not see any way in which the screen scraping approach requested by the EC can be implemented to the level of enhanced security called for in PSD2…. Sharing passwords is simply a bad practice from a security perspective.” - Brett McDowell, Executive Director, Fido Alliance Equifax couldn’t secure their 500M+ customers data. What hope has Bud, a startup, got? Why would most customers trust them? In my opinion account aggregation is a good thing. For customers to trust it, banks need to implement it properly with secure APIs they take collective accountability for. This is the approach PSD2 and the SCA RTS standards have laid out. Allowing 3rd parties, especially unproven startups, to handle customer bank credentials should be a complete no, no and banks like HSBC should not be encouraging it.

Rajesh Tiwari - Wipro Ltd - London 20 October, 2017, 09:18 0 likes Hi, Please note this is my personal opinion and not of my organisation. Screenscraping is a bad idea to share the data however I am sure this can be solved differently and you rightly mentioned by secure API implementation.

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 20 October, 2017, 09:26 1 like

Anyone who thinks this is a "new initiative" needs a loud alarm clock to wake them up. Once they wake up, they might find out that MINT pioneered the PFM / MoMMA / Online Aggregation product category in 2006. In the decade following MINT's launch of its PFM website, several fintechs have entered and exited this space viz. WeSabe in USA and Kublax in UK. HDFC Bank introduced this in India around 5 years ago and shut it down a year later probably because it failed to gain traction.

Handing over your online banking credentials to a VC-funded startup is a bad idea to begin with, made worse by the tripe delivered by them in return. Nevertheless, I'll go back to using the first PFM app that fulfills the wishlist I've given in my blog post Innovative Fintechs Don’t Need No PSD2 Regulation.

Talking about security, when I hand over my online banking creds to a bank, I'm only worried about the ability of the bank to protect it from hackers. Whereas, when it comes to a VC-funded fintech startup, I'm not sure the startup itself wouldn't use it for illicit purposes when, for example, it needs to shore up its numbers before its next fund raise. If anybody thinks that's "old school", they need to have their head examined after being woken up by the loud alarm clock.

A Finextra member 23 October, 2017, 11:33 1 like

In the UK Egg pioneered account aggregation with their Egg Money Manager from 2001 making account aggregation at least 16 years old.

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 23 October, 2017, 12:47 0 likes

@Anon: TY for correcting my impression that MINT pioneered account aggregation / PFM. 

A Finextra member 23 October, 2017, 20:22 0 likes

Sounds like a neat concept, but exposing your different bank credentials to others, how safe is it, given the number of cyber attacks/hacks going on these days.