I want a US based bank to build something like that. I believe Simple was initially supposed to expose an API to developers. The API has never come to fruition and I doubt ever will.
In order to disrupt the banking industry, you need a huge amount of capital to start and you are regulated in a way to prevent fast growth. These 2 things pretty much rule out the 'standard' way of doing startups.
I would love to see an opensource bank, open code all the way down to the core services that a bank depends on. It would help break up the stranglehold that just a handful of companies have on the market.
Too many things are just 'in the way'. The stagnation would probably need to start with regulatory support instead of using banking regulations to make it difficult for new business and ideas.
I have accounts at Chase, Citi, Capital One and a small credit union. All of them support exchanging of statements through OFX.
I wrote a small Python script around ofxclient[0] which downloads daily statements from all of these accounts and then merges them into a GNU Ledger-formatted text file. I was inspired to do this when GNU Ledger was on the front page here about a month ago[1]. I keep the ledger itself version controlled using git. It's been working great -- the script not only downloads the statements but also identifies certain keywords in the payee name and attributes those against the matched expense account.
>you need a huge amount of capital to start and you are regulated in a way to prevent fast growth. These 2 things pretty much rule out the 'standard' way of doing startups.
Mondo have raised 2 million pounds and "are looking to raise around £15-20 million before its full launch" so not that much more than many startups. Not sure about regulation preventing fast growth. I guess it slows it a bit.
"In this year’s Budget the Chancellor committed to delivering an open API standard in UK banking, and setting out a detailed framework for its design by the end of 2015, in order to help drive more competition and innovation in banking for the benefit of consumers."
Late to this thread, but some of us at Mondo are actually on the OBWG. You could consider Mondo's API a sneak peak of what's coming from potentially all banks in 3 or so years.
> I would love to see an opensource bank, open code all the way down to the core services that a bank depends on
Yeah, no thanks. I would not trust my money with a bank like that. A lot of fraud prevention is based on obscurity, and multiple steps of hurdles to make it easy to reverse a transaction. There's a reason money transfer takes a few days.
I take your point that you wouldn't want to open source everything, especially not the few critically secure bits of your infrastructure.
That said, money transfers take a couple of days because most interbank clearing houses were modelled after paper-based batch processes where people shuffle through paper a few times a day.
There are several real-time payment schemes in the world. Retail customers in the UK mostly use Faster Payments (FPS) for interbank transfers and they clear within a few seconds.
Security through obscurity hasn't been a powerful or useful paradigm for at least a decade now. The only thing that it provides now is more time for malicious users to exploit security holes before anyone notices.
I don't agree. Nobody is claiming that it should be the only layer, but as one layer of many a little bit of obscurity goes a long way.
For instance, reddit provides it's public source code but has all of its anti fraud stuff wrapped into a separate repo that is not public. This provides a lot of flexibility that wouldn't be available if it were all public. And sure, some of it is of temporary value ("we are catching this cheating teqnique specifically, until they realise that it's not working anymore") but the fraud arms race is much easier for the atackee if it is slowed down a bit by such temporary measures
In South Africa we have the same situation, no access to banking APIs so little room for innovation.
As a side project I decided to try and build banking infrastructure from the ground up, learning Go in the process [1], writing about the development along the way [2].
There is so much room for innovation in the traditional banking space, i.e. not using cryptocurrencies. Hopefully there will be innovation, especially when it comes to managing risk.
I took a look at the data Simple returns at some point a while back and it seemed (upon just an initial glance) that it would be fairly straightforward to extract data from. Everything that you saw on-screen could also be found in just a handful of JSON data points. Obviously there's the issue of constructing some kluge-y authentication mechanism which in and of itself would be insecure. But if you wanted the data, Simple by no means obfuscated it.
This is an important distinction. Simple's API is not secret, but it's also not stable, or versioned, or anything close to that.
Tools have been written to extract data from simple's API, but those endpoints have mostly been discovered through unofficial channels, and Simple often changes them without issuing any kind of warning.
So far twitter has been the best route to find about their changing API endpoints, which speaks simultaneously to the disorganization of the API and the massively high quality of their support team.
I agree. I've tweeted @Simple to see if they want to add anything to this thread. Although for a while now, their blog and Twitter feed have been filled with more "goal" posts/tweets than feature related things. And like others have said, their plans for an official API are probably non-existent.
I work at Mondo. People's savings are generally insured in banks.
Once we're a bank, customer funds up to £75k per account will be insured via FSCS.
In the meantime, the customer balances held on our prepaid debit card sit ringfenced in customer-specific accounts. If we went bankrupt, the funds can't be touched by our creditors and will simply be returned to the customers.
Ahh yes, an API on top of your bank... this was the promise of Simple Bank, one that they have now almost wholly backed out of which is quite disappointing. Don't get me wrong I still love them as my bank but I was really looking forward to an API that never materialized.
Does anyone know of a US bank that offers an API as a service? For consumer-level access and without requiring fees or a third party service, preferably.
The APIs will be publicly available to developers and account holders. We've only just started rolling out our first cards, though, so we're not on boarding many third party developers at the moment.
If you'd like to play around with the API, send an email to developers@getmondo.co.uk and we'll see what we can do :)
Silicon Valley Bank is taking beta signups right now for their API banking products https://www.svb.com/api/
From their director of API banking, "With API banking we aim to deliver a set of services that allow our customers to interact with the bank securely, programmatically, at high speed and with little (or no) manual intervention." https://www.svb.com/Blogs/Dan_Kimerling/Our_Mission_for_API_...
There aren't many major US banks that will do this for you right now unless they're actually not banks and in fact prepaid card users that explicitly do not have a bank charter.
This is because online account opening for banks is a very hard problem, and anyone with a bank charter basically can't use the closed loop trick that other services are using to provide money movement and storage without a charter.
Once you are past account opening, it's more about tech politics. No major US bank has publicly pushed an Oauth gateway, for example. But this is more about risk and the politics of contracts with financial aggregators than anything else. You can find hints of these murky waters in the articles surrounding the recent dust up between Chase and Intuit.
I have tried out Plaid Connect and it worked really well for me. This was in beta when only a very limited selection of banks were supported, so I had to go get a Bank of America account just to use it.
Authentication was incredibly easy and they handled security questions very gracefully in my opinion. I was able to build a pretty good Simple Goals clone with a weekend's worth of work.
Charley from Plaid here! We now support over 18,000+ banks in the US and Canada for Connect (transaction data) with our longtail integration :) https://plaid.com/docs/#long-tail-institutions
As isomorph says I've built a fully transactional API that works with existing major banks. We currently have a closed beta supporting banks in the RBS group (RBS, Natwest, Ulster, IOM) and we'll be adding Barclays and HSBC next.
Looks like just their honour, unfortunately. If banks provided first-party support, rather than forcing people to reverse engineer mobile phone app APIs, we might see safer implementations.
Neither. We cracked their mobile apps to reverse engineer their private mobile app APIs, and then implemented our own clients for those APIs. To the bank Teller looks like one of their own mobile apps.
No. There are a number of things that stop them doing this practically:
- Making breaking changes to their APIs break all in-flight clients. This is poor UX for their regular customers if their first party app stops working every week.
- App store approval time is a choke point
- Internal change control is another choke point
- I can find what's changed and deploy a fix in no time.
What if they block the ips you use to power the API? Furthermore, using some simple heuristics it should be easy to fingerprint your API and automate the blocking. Eg A normal user is unlikely to cycle IPs between requests. Your ApI might.
This is exactly what Tink app have done and they have been in operation for the past 3 years. Legally your using public available endpoints so even if they did block your IP's spin that docker image up on a new host ;)
This is a sign of how bad and far behind the bank technology stack has become. They are all fighting to stay relevant by keeping others out. But technologists are finding loopholes around their stack.
I was a user of Egg Money Manager. This site from the (now gone) UK bank presented all of your bank accounts, loans and credit card balances in a single place.
A clever way to avoid them handling any of your bank account details, they used a Java applet that stored your creds locally, interacting with their site so as to appear 'on the web'. Actually a great solution vs. giving your banking creds to a third party.
Encouraging that teller.io seems to be architected similarly. Would love to hear more.
We're currently introducing a Kafka layer which core banking connectors can interface with in any language. Else you can use Scala / Java code to connect to banking (or blockchain?) interfaces directly.
The core is AGPL plus commercial licenses for banks that don't want to abide by AGPL or get commercial support. SDKs etc are Apache licensed.
Regulation from EU (PSD2) and UK government Open Banking Working Group (OBWG) initiative is starting to move the API needle :-)
How far down the FCA application process are they? As far as I know only 2 companies have been granted permissions in the UK so far this year. One is a law firm, the other a stock broker.
Their site says they are still applying, thus how can they be accepting people's money already?
That said, it's worth paying the $10 to upgrade so that you can automatically include authentication credentials in your requests. (E.g. hit the auth endpoint to get a token, and then have that token automatically included in all your subsequent requests.)
Do Chrome apps really not get to share credentials/cookies with the rest of Chrome? Postman asked me to sign in with my google account, and proceeded to show me a login form that looked like a google login page but with no way for me to verify the domain.
This is true for even some small-town banks. I switched to Windows Phone last year and built a personal banking app that would display my financial details on a live tile. While using Fiddler to figure out the necessary API calls, I discovered that my tiny bank's Android and iOS API was actually provided and maintained by a much larger bank.
It turns out that the bigger bank has dozens of smaller banks using the very same API, and its a trivial matter of switching a URL slug to make my makeshift API work for these other banks.
It was an interesting learning experience, but I did manage to get myself locked out of my own bank account a few times while replicating the login process.
When we're talking about banking, those magic documents are pretty important. I wouldn't be surprised if, for example, using their private API makes you ineligible for fraud protection on your account.
You can download daily statements using a client like ofxclient[0] and then transform them into a ledger appropriate for GNU ledger. From there you can pretty much extract and export whatever it is you'd like to know.
With PSD2 regulations coming in I think we will see a lot more of this with banks having to open up APIs for merchants and more and more innovative solutions using them. Good work!
In order to disrupt the banking industry, you need a huge amount of capital to start and you are regulated in a way to prevent fast growth. These 2 things pretty much rule out the 'standard' way of doing startups.
I would love to see an opensource bank, open code all the way down to the core services that a bank depends on. It would help break up the stranglehold that just a handful of companies have on the market.
Too many things are just 'in the way'. The stagnation would probably need to start with regulatory support instead of using banking regulations to make it difficult for new business and ideas.