Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The UK and EU have both adopted effectively what you describe under PSD2 - the UK banks in particular were forced by their competition and markets regulator (CMA) to adopt open interoperable APIs.

The end result, now it's available, is that you have 2 levels of API access. One is for access to account information (I tend to think of this as read-only access), and the other is to allow for "payment initiation" (think of it as write access, although not a perfect analogy).

An account information service provider (AISP) can do things like aggregate bank accounts into one view, across different banks. A payment service initiation provider (PISP) can create payment gateways and initiate payments against a bank account using an authenticated session (enabling direct bank payment online, without needing a debit or credit card and the associated infrastructure around that).

You can't just rock up and access the APIs though - I believe you need to get your application approved and engage with the regulator, which is probably for the better, to avoid the "app store problem" of loads of apps springing up in the API ecosystem, asking for permission, then just leeching data to third parties after you apparently consent on page 46 of their terms.



This is the template for US financial regulators and legislators to implement. Plaid is filling a regulatory vacuum.


It's a vacuum that encourages banks to continue sabotaging, foot dragging, and target moving.

The result is middle apps that are forced to use sketchy anti-patterns like screen scraping and asking for user/pass instead of each bank issuing a per-app token. The banks are just fine with this because anything that explodes will be the middle app's fault and they want to preserve their otherwise moatless situation. Consumers can't really tell banks apart so they have to force retention.


From my view, PSD2 has been slowly and terribly introduced. Would love to hear from some people who are AISPs or PISPs though.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: