Duane Tough - PBATM - ny 03 February, 2020, 14:04 0 likes

Being in the Canadian payments space....this is taking for ever !!! WHY?  99% of COnsumer Data in Canada in payments is with Domestic FI's --- hmmm -- no need for competition is there :-) (Tongue in cheek)

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 04 February, 2020, 14:44 1 like

LOL it's easier to just hand over username and password of online banking accounts to the Mints and the Plaids of the world instead of waiting for Open Banking apps to see the light of the day!

Andrew Smith - RTGS & ClearBank - London 07 February, 2020, 14:23 0 likes

The issue with Open Banking type security models is the level of engineering required and the increase in friction for the customer. If Open Banking in any country is to really deliver on the promise, then we need to switch the model away from "banks" and back to the customer.

Us as customers need to be at the heart of the data, not the controllor simply of access to the data. If we switch that model, we can start to remove the complexities and friction associated with securing Open Banking.

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 07 February, 2020, 15:02 0 likes

One in four Americans with an online bank account has given away their online banking username and password to one or more fintechs via Plaid. The process is absolutely frictionless. They entering their (say) Chase creds into a screen without even realizing that the screen does not belong to Chase website or app. Since all this happens without Open Banking, what's the whole point of Open Banking? 

Notwithstanding that, I'm sure banks will be more than happy to cede control of data to customers if regulators will hold customers - not banks - responsible for all frauds, thefts and losses arising out of breaches and unauthorized uses of that data.

Dinesh Katyal - Financial Data Exchange - San Francisco Bay Area 02 May, 2020, 09:13 0 likes Credentials based access is not frictionless. The sessions can break quite easily as the credentials change or MFA or OTP required. The site traffic on the bank is disproportional to the use case. The data which is meant for presentation is scraped, and that can lead to duplicates and missing transactions. The security risks are somewhat obvious. @Andrew, would you please elaborate on your remark about customer centricity?

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 02 May, 2020, 13:56 0 likes

Apart from cryptowallets, I've never come across MFA in the USA. So, for general bank accounts, MFA / OTP is not too relevant. Everything else pertains to reliability, not friction.

Let connection break, app seeking access ("fintech app") to bank account via Plaid will retry on its own, without bothering end user, so no friction. Let screen layout change, scraping will bomb, again fintech app will handle it without bothering end user, so no friction. Even if one whole day or even week's transactions are not downloadable due to some scraping problem or whatever, sky will not fall. In any case, according to Stratechery, data failures for these reasons is only 5-10%. 

In any case, even with API-based access under Open Banking, the API can bomb, leading to all these problems, so there's that... 

The security risks are extremely obvious - for the last 10-20 years.

Despite all of the above issues, Mint, Betterment, Robinhood, and all other well known fintech apps accessing bank accounts use banking creds and scraping, not Open Banking API.

Dinesh Katyal - Financial Data Exchange - San Francisco Bay Area 04 May, 2020, 14:54 0 likes

Thanks Ketharaman! You're right - scraping on the surface seems the most efficient. However, it is not sustainable from data control, user experience, and security perspectives. APIs seem more difficult but that will change  to an easier and better option with increased standardization and availability of toolsets as industry gains more experience.