Category: APIs

The worrying fragility of PSD2

This is the write up/script of a Pecha Kucha-ish talk I gave at the ustwo Fintech Talkies II event on Thursday the 19th of May 2016. What I actually said was recorded on video and will be embedded here when available. There are a few mentions of Monument Valley in here as the game was made by ustwo, this seems to have confused a few people who are seemingly unaware of this fact. Sorry. I have also added a load of links to the end of the preso if people want to read a lot of stuff about PSD2.

****************

Slide1

Slide 1: Hello. I am Aden and I want to talk about my favourite bit of European Parliamentary legislation and my worry over its wellbeing.  PSD2 is the second iteration of the Payments Service Directive a series of proposals to change to European law around the movement of money and transaction data. It will change the way we bank and I really want it to be successful in doing so.

Slide2

Slide 2: Here is the legislative beauty. 90 odd pages of almost impenetrable legalese. Its stated purpose is to make a more integrated and efficient European payments market. And to level the playing field. What it means really is to kick banks assess to open up data and cut out dominant middle men from payments. It will introduce two key things. PIS and AIS.

Slide3

Slide 3: Let me try and explain. Ada wants to buy the complete works of M.C. Escher, she takes out her Mondo card (she strikes me as a Mondo user) and she inputs her card details into Amazon. The payment request goes off to the acquirer, Worldpay – this is routed through the card scheme in use, MasterdCard here and then to Ada’s bank that issued her card. Money sent back for payment to amazon. Amazon keeps the card details on file. Repeat ad infinitum for other merchants.  (Thanks to Starling for the inspiration for these diagrams – link to the originals below)
Slide4Slide 4: In the new world of PIS. No card details are exchanged. Instead a token based connection is made, The merchant makes a request to Ada’s bank / card provider for a token based relationship to be formed. This then creates a direct link to Ada’s account. Unique to the merchant. Ada is in full control. A failing at the merchant means she does not have to cancel cards. The merchant must be licensed in some way to be able to move money in this way. They will be known as PISPs. This change also cuts out all those other pesky mainly American card scheme and allows new players to emerge, it also starts to make current accounts more platform like.

Slide5

Slide 5: Let’s now take a look AIS. Here Crow, who is very organised with his finances as he is saving for a curse lifting procedure, Crow has his main account with Barclays and he downloads the transactions manually every so often in CSV format. Crow has a credit card with HSBC and he downloads his transactions in the bloody useless format of PDF because reasons. He swears. He also has a joint account at Lloyds with his crow lover. This is a semi automatic download and he has given his password details over to money dashboard to scrape his transactions. He is a reckless maverick. He then munges all this data together and manages his money the best he can. He caws with disdain regularly and walks around seemingly aimlessly in frustration. (No way I managed to say all this in 20 seconds)
Slide6

Slide 6: No more pain in the brave new world my Crow friend! Similar to the payment relationships, in the future banks will have to provide an automated and much safer less painful means of transfer. Like the way you would connect your twitter account to a third party app.  The consumers of this data must be licensed ins some as yet undefined way. These new information aggregators will be known as AISPs.

Slide7

Slide 7: Now I don’t know about you but these changes are exciting. AISPs and PISPs could effectively replace a lot of functionality of exisiting banks and allow for some hopefully much richer, simpler, more interesting interfaces, experiences and services. The rules were signed into European Law at the beginning of the year and the EU members must all be compliant with the proposals by the start of 2018….but all is not quite pelvis thrustingly awesome…although to continue the theme slightly

Slide8

Slide 8: Now as we saw last week, Europe is a beautifully diverse set of countries who interpret things in many ways. When it comes to PSD2 and the need for some solid standards for APIs, communication and security variation and creativity might not be the best thing. The directives need to be transcribed by all 28 EU members into local laws, in the UK this will be part of the Payments Services Regulations.

Slide9

Slide 9: There is another hitch. There are will be some Regulatory technical standards., RTS for nine areas relating to these changes. The key ones being around communication methods i.e. APIs and strong customer authentication to allow these functions to work. These things are not published yet. They are due ‘this summer’. The final ratification of the standards though could take 18 months. The EBA are confident there will be enough published in time for solutions to be created to meet the deadlines. This feels like shaky foundations to me….

Slide10a

Slide 10: Because we do not want the kinds of people that bought you these bloody things to be cobbling together technical standards that will drive the future of banking. We must not let those that forced the situation of today be in charge of the situation of tomorrow or we will end up with some very uncomfortable solution…

Slide10

Slide 10a: *Uproarious laughter or tumbleweed and very bemused looks*

 

 

 

Slide11

Slide 11: The lack of easy access to payments and more importantly data has forced awful workarounds that put brave users at risk and stagnate change for the mainstream. Scraping is a necessary evil and I hate that it has to exit. Thankfully PSD2 sounds the death knell for scraping banking data or at the very least ensures better methods will exist.

Slide12

Slide 12: Thankfully our own fine land is on it. We have the Open Data Institute pulling together some open standards and bring lots of people to the party, we also have the competition markets authority this week demanding that APIs be ready by Q1 of next year in the UK for certain types of data. I do hope they have the power and the skill to make this happen…although I do have minor concerns about fragmentation of standards…and it is adding yet more committees and requirements and words to the debate…

Slide13

Slide 13: Which is bringing to mind the classic battle of the Open Systems Interconnection reference model and Transport Control Portal and Internet Protocol. OSI was debated and designed to the nth degree, technically perfect and backed by regulators, industry, engineers alike….but it lost to something simpler yet flawed. This quote from one of the god fathers of the internet sums it up perfectly. I worry PSD2 technical guidelines will drag on because someone wants to make it a beautiful dream.

Slide14

Slide 14: Meanwhile companies with real vision are living the dream. Brilliant UK based companies like Currency Cloud have shown what real platforms and smart APIs can build, Go cardless made direct debit easy, Mondo and Starling are both building for API driven worlds with current accounts as a platform. Thankfully some bigger banks are there too, BBVA with their open platform and Citi with their mobile API challenges.

Slide15

Slide 15: Companies like Stripe have proven the power of treating APIs like products, making the developers real customers and making it easier than ever to make things involving the movement of money. They have raised the standards of the industry ten fold, pushing PayPal to buy Braintree, Mastercard and Visa to relaunch and redouble their API efforts regularly. These are the kinds of people I want to ensure are involved in the design of solutions for banking’s future.

Slide16

Slide 16: Another nice little example that I like is Xignite. They provide market data with lovely APIs, they are building out an ecosystem of parties who all provide data in this same way. More ingredients to build more things. Fintech companies coming together to build something greater than just they themselves ever could. My utopian hippy self wants far more openness and collaboration between financial services firms for the benefit of people who want to make better things.

Slide17

Slide 17: Because we need to challenge the stereotypical attitude of the banker, they are by no means all like this but still the attitude to PSD2 is this is our data we won’t make it easy for those bastards to just come in and steal our customers because we are shit at making decent interfaces. They need to see that decent APIs will benefit their own developers over anyone else. People being able to make things faster than ever before. The smart ones know this, they know they no longer ‘own the customer’ but that they need to integrate well into the customers whole financial relationship.

Slide18

Slide 18: Ultimately I want to see the innovative players drive the market. Yes the regulation is welcome and needed. But what will really make the incumbents move is a mixture of regulation and the fear of missing out. Missing out on how banking will work tomorrow, how easily new players launch products and services, how easily business models are mixed and remixed and how their customers bank with the companies that fit into their lives the best.

Slide19

Slide 19: PSD2 does feel like an illusory adventure of impossible architecture….but is certainly a challenge worth facing but unlike Ada there will be no forgiveness if this does not pan out the way it should. The people who have suffered rubbish banking have suffered long enough. Please let’s not fuck this up.

 

Slide20

Slide 20: Thanks very much for listening. Slides and what I was meant to say are published here, I have also included a load of links to more reading material used to make this presentation. If anyone wants to hire me based on my awful presentation puns and passion for European regulation then please do let me know. Cheers.

Video link – Coming soon hopefully

View on Slideshare

Lots of other links to related material.

PSD2 Framework – http://ec.europa.eu/finance/payments/framework/index_en.htm

PSD2 FAQ – http://europa.eu/rapid/press-release_MEMO-15-5793_en.htm?locale=en

Discussion on RTS on strong customer authentication and secure communication under PSD2 – https://www.eba.europa.eu/news-press/calendar?p_p_id=8&_8_struts_action=%2Fcalendar%2Fview_event&_8_eventId=1303933

EBA Discussion paper on innovative uses of consumer data by financial institutions https://www.finextra.com/finextra-downloads/newsdocs/eba-dp-2016-01.pdf

UK Gov – Call for evidence on data sharing and open data in banking – https://www.gov.uk/government/consultations/data-sharing-and-open-data-in-banking-call-for-evidence/call-for-evidence-on-data-sharing-and-open-data-in-banking

Competition & Markets review of banking for SMEs https://www.gov.uk/cma-cases/review-of-banking-for-small-and-medium-sized-businesses-smes-in-the-uk

CMA – Retail banking market investigation Provisional decision on remedies(THIS IS GOLD) https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/523755/retail_banking_market_pdr.pdf

UK Open Banking Standard Intro – http://hollandfintech.com/wp-content/uploads/2016/02/298568600-Introducing-the-Open-Banking-Standard.pdf

OBWG Short Proposal Apr 2016 – https://docs.google.com/document/d/1s6ITjXD1HNUQMmsxdqmmUS8c1UwgLhTXSIr1ZjgxIS0/edit#

Explaining  PSD2 – Starling Bank http://starlingbank.co.uk/explaining-psd2/

W3C Web Payments group – PSD2 https://www.w3.org/Payments/IG/wiki/PSD2

W3C first public working draft payment request API https://www.w3.org/blog/wpwg/2016/04/21/first-public-working-drafts-of-payment-request-api/

OSI – The Internet that wasn’t http://spectrum.ieee.org/computing/networks/osi-the-internet-that-wasnt

Programmable Web – Banking API directories http://www.programmableweb.com/category/banking

Just another brick in the walled garden

We live in an age where we benefit greatly from some of the most open and connected technologies ever created. The Internet and the the world wide web built on top of that, have given rise to all manner of technological and societal change. They have seen corporate giants rise upon the shoulders of open and connected, yet they all seem headed towards ever more closed gigantic networks where inter-operation is always at a bare minimum and usually only to benefit themselves, they will let you share outwards in some cases but not all, they will let content in but it must come in through their chosen and tightly controlled methods.

Now I suspect a lot of people will be thinking the answer is blockchain/distributed ledgers/new rails etc. and they might be right but I have avoided mentioning them in this piece. I have avoided them because I am interested in the fixing of the existing system rather than its wholesale replacement. Longer term perhaps new rails will exist but that will not be for decades at least.

I have long desired for banking to be far more open and inter-operable. Open APIs are on the horizon in Europe driven by regulations such as the second Payments Service Directive (PSD2) and UK government initiatives such as the Open Bank Working Group backed by HM treasury. I worry however that these are fragile initiatives even if they are mandatory regulatory changes. The lack of implementation clarity allows for too many opportunities to brick up experiences. Be that making accessing your own transaction data so complicated it is better to screen scrape the data than use official methods. Payment options that are so complex in using that plastic will always be preferred. The closed nature of banking remains even when the rules say open up because of UX disasters.

Mobile payments are also showing worrying trends in heading down these paths. Mobile payments are here yet not quite evenly distributed at the moment. They are tied largely to handset makers (Apple and Samsung Pay), or telcos, or existing card schemes. Interoperability remains patchy at this early stage as the market finds its feet. You need to have phone X or operating system Y and then you need to have the luck of the gods in finding merchants that actually accept your chosen payment method. The big boys are playing for keeps, they want to own the ecosystem as much as possible and they want to lock in the consumer to this perfectly constructed world. The new tech giants are just doing what banks have always done. Is it hubris that their global scale and technical prowess can allow them to succeed where banks have failed? Is it an us vs them story playing out? The new breed vs the old breed? Or is Apple Pay just helping the incumbents become more so? Technological progress is welcome but what is the end game and who will be allowed on the playing field?

Neverteroperability

My concern is that we will never get the interoperability I, and I am sure many others, desire. What if Sir Tim Berners Lee had patented the World Wide Web? Where would we be today? We have so many innovations limited by their lack of interoperability. We will surely never see a universal dial tone for say video or instant messaging. Even just something like presence, am I available to talk right now? Am I online? Am I in this country or that city?

We have had many great standards to help unify things but they are rejected at every turn and now lay dying. XMPP for messaging, RSS for all manner of content is an afterthought or seen as a historic anomaly. Anyone remember Open Social? An attempt to make interoperable social network components.

Those standards arose from a technical need to solve specific problems I.e. interoperability, and did so well but it is a problem solved that most companies would rather not have solved. Marketing money wants to know who, how many and how engaged the audience they are targeting is. The higher the walls of the garden the more it looks like a barrel and the more users look like fish fresh for shooting.

Those walls also seem to get ever thicker. Bickering between companies feels school yard level as they trade tit for tat blows. Whatsapp users being unable use their Telegram ID in their profile, Instagram and twitter blocking users/photo sharing and all manner of other petty nonsense. I guess when marketing money drives the company though then a barrel is the shape to aim for. What battles will we see between payments companies? Early shots were fired when telcos blocked software based payments like Google Wallet.

The telephone, fixed line and mobile talk too each other irrespective of telco provider, country or make of phone. This took both regulatory change to ensure networks and patents were used to benefit the greater good and avoid monopolies being formed. Email can be routed to any provider and software user due to the open standard of SMTP. Can you imagine if you could only send email to specific email clients Gmail to Gmail, Outlook to Outlook etc? Or Vodafone to Vodafone or Sprint to Sprint? (for some old enough they can probably remember what that was like). Now we acccept these closed networks as the norm as we all have Facebook Messenger, Whatsapp and Snapchat and lots of other messaging apps. I strongly believe this should not happen with financial services.

History repeating

I cannot pay everywhere.

I cannot get my data from every financial product and use it with other providers or services.

I see this exact same thing playing out in the tech world playing out in the finance world with payments and financial data. Those with the most to lose want to retain control. Those with the most to gain (Tech giants, new fintech entrants) cry for openness but will they reciprocate this in the future once they have a market share outcrop to cling to? Can we build a set of principles and standards that ensure once banking data and payments are opened up they stay open ensuring more and more layers can be built upon them, web like.

I worry for PSD2 because of how the design seems to be happening. Loose guidelines, country specific translations and implementations. Who are the people designing these technical guidelines? Are they bankers or people that understand the web? Can the fintech industry build a solution better/quicker? A better fit for what we need rather than this design by multiple committee stuff that seems to be dragging on and on. Is this regulatory change ultimately just a stick to make the market come up with something better? Will it be OSI vs TCP/IP all over again? Working and well implemented code beating the 172 page page guidelines document?

Money moving is complex and risky. The governance requirements are huge. The liability issues byzantine. I just feel that if we see a few more companies getting some working code (APIs, Auth Methods, Data Standards etc.) then it will make a greater dent in progress. Companies joining forces could do a greater good than yet more committees I reckon. I like the work Xignite has done in joining forces with 21 other companies to form a Fintech API Revolution Ecosystem. I would love to see much more of this ecosystem building, how about just some simple principles or badges of honour for those that make APIs available in FS? Maybe we see banks and FS firms joining initiatives such as the Web We Want (The bank network we want?) Build awareness to allow more building, more inclusion, more access.

The tech giants have built their new gardens and we humans seem to love silos. We love to control and be controlled but these things ultimately limit the scope and scale of technological shifts. They seemingly ensure maximum value can be extracted by the corporate overlords rather than making something bigger, more open that I strongly believe would be better. Will we just end up living in a world where you are either a Google, Apple, Amazon, Alibaba, BBVA ecosystem person and have no choice otherwise?

The opening up of transaction data access and payments instructions is clearly a huge complex change and I have simplified massively but my main point is that walled gardens will lead to fragmented experiences unless you are willing to commit yourself entirely to a single ecosystem owner. The banks have been the ultimate walled gardens as they try to ‘own the customer’ instead of being truly customer centric. They would do well to understand this shift. Excel where they can and make it is easy or seamless for their customers to do business elsewhere. Think platforms and ecosystems not locked in and owned.

Ultimately what is the end game the regulators desire for PSD2? Stop existing incumbents getting an ever stronger hold over the European Payments market i.e. EMVco. To enable greater competition and allow market forces to create a beautiful open ecosystem.

Conclusion

I think PSD2 will eventually crack open the transaction data and payments markets in Europe and hopefully the shockwaves will be felt around the world. The changes proposed however are seen as a real threat to a great many very powerful players and what the country level implementations of PSD2 we finally see in 2018/2019 will look like is a concern. I think the Open Data Institute are doing well to take a lead in the UK but do they wield enough power? Do they have enough momentum? I would like to see more involvement from the W3C. I would like to hear more from HM Treasury and the Competition Market Authority and I believe moves are underway. Also from the governments around the world making openness key. The bottom line is I would like to see a far more open approach to PSD2 from as many parties involved as possible. There are so many people relying on it and it will lead a great change. That maybe too terrifying for those that enjoy the benefits of those huge walls today.

Unless cooperation is forced is the chance of it happening lost forever? Also is the wrong sort of force / design potentially even more harmful? There are industries that need a kick to get started and some industries that need a kick to remember their history e.g. Telcos. I want PSD2 to succeed in cracking the engine open but while the bonnet is up I want to be sure then when it slams shut it’s not all covered in glue and irreparable, licensed components and parts only, registered dealers the only ones allowed to fix and the DIY hobbyist i.e. the individual user is left out.

This all points to a wonderful opportunity for forward thinking financial services players, be they the incumbents or the newer breed but either way I want more of them to work together, to aim for something more open, flexible and altruistic like the web. Altruism and banking might not be easy bedfellows but if you want to be truly customer centric as most keep saying and to truly digitally transform then it would be a wise goal to aim for.

Burdened by ideas

*SOUND THE NAVEL GAZING ALARM* While writing my last post on PFMs I was struck by how certain ideas and themes recur in my writing and thinking. I am starting to get the feeling I am burdened by these ideas. My brilliance is being hampered by these synapse occupying visions of majesty so much so that my humility has been diminished. Self mockery aside the real reason they are a burden is due to the lack of progress I have made with turning them from ideas stuck in my head to anything resembling reality. I wrote about the problem with ideas stuck in my head last year and one of the ideas I will talk about in this post is one of the ones I refferred to. In that post I said I wanted to protect the idea:

[I] feel a need to evangelise this idea and to ensure it is not crushed by the design by committee types or overlooked as just a feature that can be dropped.

It of course got killed. For this and other reasons I have decided it is time for me to publish these oh so burdensome ideas. Be rid of these foul demons in the vain hope that someone agrees they are good ideas and has some sort of vision of how to make them reality. These ideas are of various ages and I think this list is probably in oldest first order.

 

Identity Clearly this is a huge topic and I am interested in all facets of identity but the bothersome idea I have harboured for several years is why can’t I logon to my bank website? Yes I can log on to Internet Banking but that is different. For most banks the website is a completely different entity to its online banking portal. If I want to save a quote, view the terms of my insurance policy and potentially view my balances I should not need full strength security and validation. All quite subjective with regards to how secure different types of interaction should be but access to some forms of interactions need to be simpler (it could be argued that it’s the customers choice as to what level of security they desire). Also you have the whole personalisation angle (only show me adverts for relevant products, paint the site black if I am a certain grade of customer etc) to this but I am not so interested in that.

Some banks operate other logons on their websites or external parts of their site such as the logon for HSBC’s Advance offers  or the first direct lab. I suspect interactions here are not well linked to customer profiles or CRM systems because of these logon issues. They also require yet another user ID and password which everyone loves.

What about non-customers visiting a banks site? Why not have a level of registration/identity to allow people to research products, begin applications and then once they take out a product you can upgrade the logon to a level that allows more secure transactions? Don’t make me fully authenticate for everything and don’t leave tracking to cookies and chance for everything else.

Clearly identity is a much bigger thing but I don’t want to get into all that NSTIC / Digital Asset Grid type stuff just yet or even the connection of social network identities or the thought of Klout scores linked to product offerings (shudder). I just want basic federated logons for bank websites and any 3rd party sites the bank operates.

 

Notification Systems – I have written quite a detailed post on this idea a while back. The bottom line is that in banking today there are many types of events that occur but very few of those events are subject to any form of tailored notification to me as a customer especially if they are not financial transactions. If a specific transaction arrives in my account can I be notified via SMS? If my account balance drops below a certain limit can I get a DM on Twitter? If I miss a call from my RM can I be notified via email? If my mortgage application progresses to the next milestone can I get a message sent to my Internet Fridge? If someone tries to logon from a country or using a device that is not mine can you alert me via every channel available? (why don’t banks have an audit trail that the user can see showing their logon activity ala Gmail?) Today the notifications available to customers are fairly limited. Maybe some basic SMS or some notifications inside a mobile app. The tailoring of them is also limited. No creation of rules or choice of multiple notification channels.

Not only does this limit the amount of feedback loops a bank creates it means the banks miss an opportunity to engage with customers. This thing has happened with your product…you should take some action (and hopefully see this advert for new stuff).

Over and above this though is that these notifications and these events that have occurred are fuel for other services both inside and outside the bank. Imagine if your bank had systems that played together nicely in ways you could manage. Imagine if you had the equivalent of If This Then That for your bank(s). The events and notifications are ripe for bringing your bank activities into your digital world rather than keeping them all locked away in an internet banking portal.

 

Activity Streams – (This is kind of the one referred to earlier that got killed off) Basically these are a well known form of viewing data and capturing specific forms of interaction. The Facebook newsfeed is probably the most well known form of activity stream. A flowing river of events that have occurred in your network. Why isn’t your bank relationship represented like that? Today it is split by account, then drill down into a list of transactions. That view is of course important but it shows little of the actual interactions. Why not have an activity stream of all actions across all products and services? For example why not show entries such as;

    • You called today and we have done the following things
    • You left a comment on the first direct lab
    • You have won a prize for being our bestest customer
    • We have replied to your complaint about your prize (See our response)
    • We tried to cold call you but you ignored our call
    • You have been chosen for a fantastic new marketing promotion
    • etc

These would be interspersed with the far more frequent and familiar account transactions but it shows you everything that happens across your relationship with your bank. This representation may also change the way you present transactions as more data could be added such as geolocation, images of cheques, call recordings, 3rd party offers etc

Activity Streams are also a blossoming open standard.  You can post events in the activity stream format and then build a stream of those events across any service. If all banking relationship notifications/events mentioned in section two were formatted into activity streams it would allow those events to be brought together more simply in a single place, easing front end integration but also should you so desire allow you to share them outside your bank. This presentation by one of the contributors to the Activity Streams standard, Chris Messina of Google, explains them brilliantly. What if banks extended the standard from it’s current social network definition? A bank contributing to open standards? Crazy talk…

Again this idea is about linking things together. Bringing events from a multitude of systems into one stream. Also enabling the linkage of bank events into wider world of web services.

 

Open Data & Application Programming Interfaces –  This is my current brain occupier. The one thing I would like banks to embrace the most. I have written about these things many times both inside and outside of the organisation I work for but like Robin S said ‘words are so easy to say’.  I wrote about them here, here and here.  Basically what I want to see is banks surface APIs for core functions. An API for my transactions that I could plug into other services ala Freeagent, An API for payments so a developer could code an app to send money to people ala PayPal X Commerce etc. The very smart James Governor said a while back that he believed API creation and management will be a core skill of the successful enterprises of the future. He is right. We are starting to see a bit of a groundswell around financial services APIs, albeit mainly from new entrants. That will change soon hopefully as the banks wake up to the potential of bridging the gap between the bank network and the web.

Open Data is very similar in that instead of publishing services it is about publishing things that have happened. Banks should have some cracking data sets that could be shared for the benefit of others. Not least the hackers and tinkers and visualisers etc. If the World Bank can do it (and do it well) why can’t some of the other banks of the world do it?

 

Conclusion of sorts – The main themes here are related to some sort of connective tissue of banking and the web. You can tell I am not a TOGAF certified architect with those kinds of descriptions. I am always disappointed when something can’t be connected to something else for what ever crappy reason ‘It was too expensive to build it like that’ ‘IT Security wouldn’t let us’ ‘It was planned for phase 2’ ‘Open standards are a legal minefield so we write better ones’ ‘What the hell are you on about tubby?! Only activity stream you need is to go swimming’ etc

I understand these things are potentially major infrastructural changes and there is also an unhealthy dose of mindset changes required as well. Both these things notoriously complex, challenging and expensive. I have no mind for business models or numbers related to these kinds of things so could not put a price on such a thing.  I suspect they will cost a fortune to build but will they deliver the savings needed to justify them? Will they allow innovation and creativity to flourish in the way my Utopian visions say they will. Who knows? I believe they will but who will believe me without Return On Investment numbers and other dull figures of justification?

My failings (of which there are many) are that I don’t really know how to make things/make things happen (this could be a whole new navel gazing post). I know how to do whiny blog posts and sarcastic presentations and that ain’t working so well for these kinds of ideas (I am being  flippant but I really don’t know how to start these things). Obviously a problem shared is a problem halved so this is my attempt at that.

Be Gone. Maybe it is time to drown the puppy. Arrogantly accept the fact my ideas are clearly far too ahead of their time/not in anyway realistic. Move on. Seek out new ideas in new areas far away from these and rid myself of this (not very heavy) burden. This is the first step towards that…publish away my problems. I will of course be right back to them the moment anyone shows the merest flicker of interest because I suspect the only real way to rid myself of this burden is to see these things, or better solutions, implemented.

More Problems With PFM

This post originally appeared on Finextra. It is my first post there and is an attempt to put me and my half baked thoughts and ideas under a bit more scrutiny. I have reposted it here so I have a copy on my own personal blog. 

I love online Personal Financial Management tools. These web based services which allow people to visualize and manage their financial lives in one place, using pretty graphs to show where their money goes, set budgets and alerts, have shown how money should be viewed and interacted with in a richer way than most banks currently provide. The problem with them though is that getting data into them, certainly in the UK, is a real pain in the…

First a bit of background, Personal Financial Management tools need data to exist. There are a number of ways to get this data;

1. Users manually download data from their accounts to a file in a recognized financial data format e.g. Open Financial Exchange (OFX), and then upload to their online tool of choice.

2. The tool scrapes the data from the bank i.e. a script logs on for you and downloads the data, this involves handing over your password and logon and probably invalidates your account’s terms and conditions. If your bank uses a physical device to generate an access code as part of the logon then scraping will not work.

3. You are lucky and live in a country where banks provide some sort of automated feed directly to your PFM from the bank, such as Germany. No need to handover your full logon details to Internet banking just authorization for a data feed. Your postman does not need a key to your house to deliver a letter.

Clearly option 3 is the most convenient from a user point of view and is also much more secure than option 2.

In the UK none of the high street banks currently provide automated feeds from their personal current accounts. Nationwide used to have an OFX server running but I believe it was switched off a few years ago. Because of this lack of automated data feeds the UK PFM market is pretty stagnant. Kublax closed down a few years ago. Wesabe partnered with the Telegraph but to no avail as they also closed their doors soon after. Mint have threatened to launch in the UK many times but I have still not seen a date. There are some still running of course, Love Money, Money Dashboard and Money Toolkit being fine examples of the genre but I have a feeling their usage remains niche due to the issues with getting data into them as highlighted above.

On the business side of things the situation is a little better with automated feeds for HSBC (my employer) working with Xero and Barclays recently announced an automated service with Freeagent. The problem is that these are both bespoke implementations, much like the automated feeds from banks in other countries which vary by instituion. In Germany they are lucky enough to have the FinTS/HBCI system which is an attempt at a standard protocol and delivery mechanism but from my conversations with people in Germany it is a little elderly and not implemented consistently across banks. I think it is pretty safe to state that for the majority of the financial services world no standard exists today for the automatic feeding of any transactional data to the web. This means for the majority of users we are left with the hardly enticing choice of either manual and onerous data uploading or very risky data scraping options. 

Isn’t this a problem for the banks to fix?

Yes it probably is but I don’t believe there is much chance of use seeing all the banks in the world coming together in the next few years to agree a standard form of automated data exchange with web services, to be primarily used by PFMs who they see as competitors. The fact that the banks would benefit from these standards themselves as it means they could pull in competitor data into their own online banking services but I think the number of perceived issues prevent this from becoming reality. Reasons such as fear of the data feed being a security risk that would attract crackers from far and wide, the thought of transaction data being plugged into places that could lead to non-regulated financial advice being or more accurately the handing over of valuable customer data for others to mine. There are many implications to opening up a customer controlled data feed from banks.

As customers demand more from their online financial interfaces the desire to connect their tools of choice with their financial data is increasing. The banks that are smart enough to realize this is an enticing interface for some customers will perhaps offer some feeds but will they get behind an open standard that all banks and web services can use and integrate with? I can’t see it happening anytime soon due to the complexity of the banking industry let alone the perceived threat to competition from new entrants.

What about the Government? There is a chance in the UK that Government proposals may speed up the provision of standard automated feeds in the form of the MiData project, which aims to free customer usage data from various industries and return it to people for them to use as an aid to get better offers for products and services. I am a fan of the MiData project and what it is trying to achieve but Governments like Banks are not renowned for their speed to market.

This is why I think the future lays in the hands of the PFM providers and other financial services startups. They have built their tools on the open standards and open source code that the pioneers of the open web have built. Can they give something back to the web community and build some open standard financial data services? Build services that link to other services, for example could I use Mint and integrate it with FreeAgent?

Today we have a wealth of PFMs that have solutions for getting data in but they are not so great at sharing that data outwards, like the banks, so they are effectively just creating a single layer on top of the banks when I think they should be joining together to create an ecosystem, an ecosystem that the banks would find it increasingly difficult to ignore.

We see more and more new PFM tools enter the market every year and I think we are reaching peak PFM. An ever prettier array of pie charts, graphs and budget calculators offering similar functionality but all bound by the issues of getting data inside them and no real integration between them.

What I would like PFMs and other financial startups to focus on is a wider ecosystem otherwise they are just making new silos; we have more than enough of those in the banking world. Today Yodlee is the major player in this space due to the fact they have integration and data feeds from the largest number of banks. If a standard for data distribution were put in place then no one player would have the upper hand, be that a bank or an aggregator. Is it not in the interest of the wider PFM market to come up with open standards?

Where are the open standards in banking?

There does seem to be a lack of open standards in banking that can be used by the wider world. There are standard formats for financial transaction data, such as OFX mentioned above; the issue is that there are no standards for moving that data between banks and the web. The OFX consortium did provide a client server method for the transfer of data but the world has moved on and newer methods are required. Whatever happened to OFX? Could someone resurrect this?

The web for me is better when we have smaller things loosely coupled and backed up with a lovely dollop of open standards. Where are the open source initiatives around financial APIs?

The big players in the PFM market are readying their app stores and development platforms. Yodlee’s platform announcement was reporteed recently on Finextra, and Mint are also planning to make their APIs (Application Programming Interfaces) public soon. This is a great thing as it will allow for ecosystems to flourish. My only concern is that we are potentially building powerful single players. Will these new APIs be compatible with each other? Will data be in the same format? I hope they will.

Old world or new world?

PFM tools have shown the traditional financial industry how to display information about money on the web. They have given people more insight and control over their money. I think it is in their hands to show how data about money can be part of the wider web and not just locked in silos. I think they can show the way with standardized automated feeds that can fuel a wider ecosystem that will benefit people further in how they interact with money.

The banks can and should play a part in this. They clearly hold the keys to the data and may be reluctant to let go but I think it is in their interest to do so for the benefit of their customers as well as themselves. Making themselves a key part of this new ecosystem not only shows they are willing to open up it also shows they understand the web.

So, who will fix the problem with PFM?

Please stop calling them dumb pipes

Lots of people recently seem to be warning about banks becoming dumb pipes. They say banks are destined to just become the wires. The hearts and minds of customers will be won by the masters of the web. The Googles and Amazons and Apples and Paypals of the web 2.0 world. I agree they probably will but is it really a problem?

Those web 2.0 darlings are not going to make themselves into bank. The majority of them are just interested in the transaction data they don’t want the hassle of running a bank. Basel 3, MiFID and other impenetrable forms of regulation might not be too appealing.

Some may say (not me of course as I work for one) Banks have proved they don’t really get this web thing and especially not this web 2.0 thing with its rounded corners and nice fonts and helpful intuitive interfaces. Why not let the experts have a go at that bit while banks stick to what they are good at.

The banks operate a huge complex global network that moves trillions of dollars per day, usually without much issue. Complex fraud and anti-tax evasion systems operate silently. Audit requirements, data protection standards and a myriad of regulations make this system the powerful beast it is and also a potentially irreplaceable one.

No one in Silicon Valley or any other entrepreneur saturated dreamland is going to want to recreate the whole bank system (I have visions of mad stock sale billionaires from Facebook sitting in their volcano housed lairs thinking ‘we should do that’). That bank system may be a bit long in the tooth and may need some updates here and there but could we give it a chance to catch up by laying down some of these so called dumb pipes and bringing it closer to that other huge complex global network called the Internet? If we give a few more people access to the system in a web friendly way will it be of benefit to all? Will people realise the power of this network and what it allows us to do today?

Liz Lumley wrote a great post about SXSWi and how all the cool companies trying to disrupt banking are massively reliant on that network. ‘What struck me was the juxtaposition of the bravado coupled with the fairly shocking display of ignorance on how international banking and payments happen.’  These pipes are never going to be simple or dumb.

That being said I am interested in the most simple of these dumb pipes. I want an automated data feed from a current account. Every time a new transaction occurs I want a data feed I can subscribe to, just like RSS, to update. That feels very simple and you could say dumb but to make that happen is going to take some damn smart coding and some bravery.

The big problem is authentication. How do I prove I am who I say am? How do I prove that I am allowed to subscribe to that data feed? How does that authentication model satisfy banks security and fraud departments? How does it satisfy the regulators?  What would happen if someone had access to all the data behind that API? What if the Daily Mail had access?

The most simple implementation of the so called dumb pipe was planted in my head by Dave Birch. He posted the following tweet.

Setup a private twitter account. Plug it into your bank account (this dumb pipe of course has OAuth/XAuth like qualities). Follow it to catch your transactions as they happen. Now a bank would never build this. No revenue at all. It only presents risk but a customer has asked for it (albeit a quite forward thinking one who would be a guinea pig to embed payments chip into his body) but a customer need is a customer need and we know they are always right.

A few examples i have seen during my time at HSBC where customers are trying to circumvent this lack of a subscription data feed. Designer Aral Balkan was none too happy that he could only manually access transaction data from two months in the past. So he built a tool (in under 4 days) to scrape the data and save it in a format for him to upload to Freeagent. Another person, a smart gentleman going by the name Jay Fresh, went a step further. He reverse engineered online banking to produce a command line interface. I spoke with him and asked him why, his reply was that he had simply wanted to build his own iPhone app. I can understand his frustrations. Should customers have to work so hard to do this? Should they have to risk their own logon data and potentially break terms and conditions to try and get to the data? Banks spend pots of cash each year trying to figure out what customers want, why not give them the tools to build what they want. A so called dumb pipe would be a very powerful tool in the right hands.

Mr Bank 2.0 (soon to be 2.1 and available in all good book stores), Brett King, also wrote a great post on this topic (and has been talking about it for years) arguing that if the banks do become merely an infrastructure layer then they will miss out on the value built on top of it and that we may need fewer banks/infrastructure providers. I agree they might and there could be less banks but do we need that infrastructure layer to be created to allow new value chains (ugh) and innovations to truly flourish? Where would we be if we still had a fragmented electricity system? Or you could only call someone on the same telephone network as you? We need to create these commodotised infrastructural layers and allow them to weave into the wider world (web?). The innovation S-Curves of many technologies have shown this pattern. Banks may resist as the wireless telcos are doing now, except for the smart ones such as Telefonica, but I believe there is an inevitability and the banks that embrace this will be the ones that exist…but I digress.

So what would a banks dumb pipe look like? What are the technologies required to keep this mother of all honey pots safe and secure so it does not spring a sticky leak. What would be needed to build the simple sounding dumb pipe detailed above? Yes there is inherent risk on freeing customer transaction data but I think the potential benefits outweigh the risks (I may be alone on this). We are starting to see some things in the French banking market that might answer these questions SDK’s have recently been released by Crédit Agricole and this week has also seen the launch of an API by Banque AXA. The future looks French.

I look forward to the arrival of the dumb pipe. It will bring together the banking system and the web. I have high hopes for this dumb pipe. People need to realise that the pipe is not so dumb.

If This Then That

The very lovely service If This Then That came out of it’s long beta cycle recently. The service is beautiful and simple in both its design and more importantly its  implementation. As the name suggests it allows you to create actions that occur if something else happens. These are the steps involved.

Click me.

You can create tasks based on triggers from a number of channels. The channels are the usual suspects of the social web

Channels have a selection of pre baked in tasks. Choose one and continue.

Then repeat the cycle for the ‘that’ element of your task.

You then have some more advanced options for the output. Here I am capturing a Twitter Favourite which contains a link to pass the link into Instapaper for me to read later.

Once you have created your tasks you can share them as recipes for others to use.

I love the simplicity and power of this site and what really got me thinking is the lack of this simple rules based operation in the world of banking. Some basic rules might exist for banks around simple notifications such as If my account balance drops below a certain level then notify me. This notification will no doubt be limited to a very small number of channels.

What if banks implemented not only the wealth of triggers shown in ifttt but the linkage to the many services that you already use.  Of course this would need some rather innovative APIs for the banking world with the ability to link outside the organisation and interact with the social web. I can but dream.