-
The Financial Services Information Sharing and Analysis Center is calling attention to the security risks and potential fixes to a common practice: consumers handing over online banking credentials to financial advice sites.
October 31 -
Open Bank Project is looking to partner with banks worldwide in a bid to have them distribute third-party apps to customers. This would give customers more choice in their banking experiences, and let banks offer services to differentiate themselves from the banking herd.
January 30 -
In a few instances, banks have temporarily blocked data aggregators from screen scraping customers' bank account information. Are the banks exercising appropriate judgment or obstructing potential competitors?
November 12 -
A proposal to improve the way online banking information is shared with data aggregators has sparked a debate over a decades-old practice.
November 7 -
Among other reasons for seeking their own charters, the U.K.'s so-called challenger banks say they need to avoid being beholden to older institutions that can slow down the creative process.
September 16
While a handful of U.S. banks are opening their software and data to outside applications, something much bolder is happening in Europe: governments are championing the practice, especially the U.K.
The push for open bank APIs, or application programming interfaces, could transform the way consumers across the Atlantic interact with their banks and increase competition among providers. Switching or opening checking accounts may get easier, for example, since customers could more easily port their transaction history from one institution to another, and comparison services could give them greater insight into the costs of their accounts.
The prospect is both tantalizing and terrifying for banks. On the one hand, traditional products would become more commoditized. But open APIs would allow them to explore new business models, such as running their own app stores.
"The banks have the opportunity to be a marketplace of solutions," said Kristin Moyer, a research vice president at Gartner.
The initiative comes as banks in the U.S. wrangle with account aggregation sites over the practice of
The U.K. is continuing its work "toward having more of a leadership role in fintech community," said Moyer. She estimated that top-tier banks in the U.S. are at least three years behind others in Europe in developing APIs. As a result, "in the near term, U.S. banks are at a competitive disadvantage relative to global banks that also play in the U.S. market."
APIs allow one piece of software to talk to another. Open APIs allow third parties to build applications that interact with a bank's data. Importantly, they do so without sharing account credentials, minimizing the exposure of sensitive information.
Screen scraping, on the other hand, requires consumers to entrust their banking logins and passwords to third parties.
"Banks, they can't control this Pandora's box," said Alexander Niehenke, a principal at Scale Venture Partners. "Consumers want this."
Screen-scraping is convenient for consumers, but creates a risk for banks, which are required to safeguard consumer data under Title V of the Gramm-Leach-Bliley Act.
"It's a catch-22," said William Nelson, president and chief executive of the Financial Services Information Sharing and Analysis Center, an industry group focused on security threats. "Banks are concerned about the security around it."
The
In the U.K., HM (Her Majesty's) Treasury commissioned
Some U.S. banks, such as Bank of the West,
To be sure, there are good reasons for reluctance to open up via APIs. Beyond the expense, the model not only mandates a new mindset for a risk-adverse industry, but also requires them to open up in a way that could cannibalize their businesses.
"That's really an enormous sea change going," said Moyer. "Culture is really the hardest thing I think to change."
Andy Reiss, a director at the consultancy Fingleton Associates and one of the authors of the
"That's the theory," said Reiss. "We will see how it happens."
Just like in the telecom world where the consumer wouldn't care about the suppler of broadband, Reiss says the API model would turn the bank into a hub for transactions where the institution doesn't have a hold on the data for whatever the customer wants. The model could also serve as an opportunity for banks to become a marketplace for apps.
If banks had app stores, Moyer said, they could increase transactions and drive revenue. (Think of it as Apple getting a cut for developers using its platform.)
The Berlin software firm Tesobe's
"There's a lot of appetite" among European banks, said Simon Redfern, chief executive of Tesobe and founder of the Open Bank Project.
APIs, Redfern says, are more reliable than screen scraping and can help put the bank at the center of the platform. He too foresees a day when banks will open their own
Some European institutions, such as
But not all are keen on an idea that could create even more distance between their brand and the customer.
David Brear, chief thinker at the consulting firm Think Different Group Ltd., says some institutions see APIs as an opportunity to work closer with startups. Others see it as a threat to their business.
"Banks are reacting in different ways," said Brear.
Starling Bank, which is readying to launch in the U.K., is among those that say they are ready for a more open bank environment.
"We are well positioned to succeed in this new world and have designed our model with this in mind," said Anne Boden, chief executive of Starling, in an email.
As with any bank technology, there are security concerns even in a model perceived as safer than screen scraping.
Fingleton's Reiss says among the many important issues being hammered out is deciding which company is responsible if and when a third-party app clears out somebody's account without permission.
"[Banks] are stepping into the unknown there," said Reiss. "They're basically writing a blank check."
Brear views the API model as "really critical." Without it, innovating is akin to "trying to build a house without bricks," he said.
As such, Brear expects the U.S. government to eventually advocate for a bank API model so the country doesn't lose fintech footing.
"The government and regulators will have to get involved to really push to make this happen," said Brear.