Tag open-banking

 Note

Very interesting podcast about #OpenBanking and #StrongCustomerAuthentication. It's nice to hear some other folks' thoughts on what it looks like both as a bank and as a third party https://fi.11fs.com/573 #FintechInsider

 Reply

Reply to https://lobste.rs/s/4qf4tj/future_web_isn_t_web#c_932z7f

I work on Open Banking APIs for a UK credit card provider.

A large reason I see that the data isn't made directly available to the customer is because if the customer were to accidentally leak / lose their own data, the provider (HSBC, Barclays etc) would be liable, not you. That means lots of hefty fines.

You'd also likely be touching some PCI data, so you'd need to be cleared / set up to handle that safely (or having some way to filter it before you received it).

Also, it requires a fair bit of extra setup and the use of certificate-based authentication (MTLS + signing request objects) means that as it currently sits you'd be need one of those, which aren't cheap as they're all EV certs.

Its a shame, because the customer should get their data. But you may be able to work with intermediaries that may provide an interface for that data, who can do the hard work for you, ie https://www.openwrks.com/