back to article Open APIs for UK banking: It's happening, people

On Tuesday, an industry-led group published a new framework for supporting the use of open APIs in the banking sector. The UK Treasury is keen for banks to open up access to the data they hold on customers to other businesses to encourage innovation and boost competition in the sector. It tasked an industry-led Open Banking …

  1. Tromos

    It seems that the first response many consumers have to open banking data is one of fear

    And the second response. And the third...

  2. Anonymous Coward
    Anonymous Coward

    1. Open-washing (Like green-washing but with openness)

    2. Don't trust banks once bit

    3. I want more privacy protection, not less.

    4. "Innovative" has meant wholesale rape and pillage of your privacy, for at least the past 10 years.

    5. The banks are going to collapse again anyway.

    6. The housing market is going to collapse again anyway.

    7. World war 3 is going to start this year anyway.

  3. Joe Burmeister

    I used to bank with a bank that could export statements as plain csv files.

    This was amazing because I could plumb that into GNU Cash and track spending accurately and easily. How was our shopping spending last month? Here's a pie graph! But we switched bank for money reasons and the new one is just web page statements.

    I'm hoping an Open API is something I could connect to GNU Crash, even if I had to write the code myself.

    1. psychonaut

      can you write a screen scraper to get your info from the web pages?

      (im not saying i can - i cant! - just saying its doable)

      1. VinceH

        "can you write a screen scraper to get your info from the web pages?"

        If you can save the page, it should be a piece of piss to do for anyone with even a small amount of programming ability.

        The annoyance is that it might not be a single page: the coding would still be easy, but it's just the chore of having to save 'n' pages to get a complete statement.

        What I find more irritating is the banks (and others) describing CSV files as "Microsoft Excel format" or similar.

      2. timhughes

        I have done just that https://github.com/timhughes/hsbc_scraper

    2. Gordon 10

      But surely the simpler requirement is the CSV file? In which case why is this dumb working group waffling on about API's files when the stoopid banks cant even get the damn downloads right.

      A simple csv download has far less attack surface than a whole host of API's.

      1. StephenD

        Does your bank offer the midata download? That's a .CSV of the last 12 months' transactions, intended to facilitate account comparison by uploading the resultant file to comparison websites (e.g. gocompare.com), but obviously available for other purposes.

        When it was launched in March, Barclays, HSBC (including First Direct), Lloyds, RBS (including NatWest) and Santander offered it. Possibly others have followed suit.

  4. paulm
    Facepalm

    Banks implementing a consistent API?

    Having previously worked with banks (payment processing) the idea of the banks all implementing an API in a consistent manner is laughable.

    They already have the APACS "standards" for transaction handling. Every bank implements it differently. Even if they did implement a common API they'd probably all interpret the same values in different ways leading to every consumer of the API having to put in special handling for every bank.

    I've seen a bank implement it's own version of a standard inconsistently with their own documentation, let alone the standard itself.

  5. Ole Juul

    wat?

    The UK Treasury is keen for banks to open up access to the data they hold on customers to other businesses . . .

    >thud<

    1. Doctor Syntax Silver badge

      Re: wat?

      Quite. Someone should send the Treasury a copy of the DPA.

      1. Anonymous Coward
        Anonymous Coward

        Re: wat?

        The Treasury will rely on the exemptions for "National Security" to make it all legal.

    2. Anonymous Coward
      Anonymous Coward

      Re: wat?

      The UK Treasury is keen for banks to open up access to the data they hold on customers to other businesses . . .

      Given the rate at which the banks get hacked it could be argued that that goal has already been reached, with just about similar security and privacy consequences. Who the f*ck comes up with these idiotic plans? Can't they beat up the banks instead so that they start from a decent, stable and trustworthy baseline before they venture (more) into stupid land?

      I would love Treasury to stay out of idea land and focus more on recovering the money that was thrown out left and right on consultants on failed IT projects, projects that from the look of their PIDs were never even AIMED at delivering anything.

    3. Anonymous Coward
      Anonymous Coward

      Re: wat?

      Sounds like another compelling reason to open an account somewhere civilised (i.e. a landlocked western European nation).

      Fuck the treasurytm

    4. Anonymous Coward
      Pirate

      Don't worry - it's going to be "protected by informed consent" - honest!

      [_] Yes, I'd like free(sic) travel insurance and 'identity theft'tm protection with that.* (Tick if applicable)

      *For a 'limited time' Wunch of Bankers Plc. accounts are eligible for 'free' inclusion in the unmissable Yummy Sprat unmissable bonus package. Yummy Sprat is provided 'free' to valuable cattle valued customers by ScamsЯUS Inc. an independent well regulated corporation and indicates full compliance with the Pimp The Plebs Up The Arse (Again) Act (2016). £100 liability limit. All successful claims will be paid within 20ca. Wunch of Bankers Plc. is a fully government regulated doubleplustrusty personal finance corporation. We take your privacy and security, seriously.

  6. Anonymous Coward
    Joke

    Business as usual ..

    https://www.youtube.com/watch?v=o9emqnRpYoU

  7. Neil Barnes Silver badge
    Stop

    Are they out of their tiny minds?

    "Potentially APIs could allow businesses to connect directly to prospective customers' bank account data..."

    No they fucking couldn't.

    Because if they do, how long before we get prices that vary in real time based on how much money we have in the bank?

    1. Anonymous Coward
      Anonymous Coward

      Re: Are they out of their tiny minds?

      You are percieved to have ALREADY shown (PASSIVE) consent to having prices that vary in real time based on how much money you are perceived to have (browse certain retail websites from iOS/OSX and see higher prices than if you browse the same website using IE, for example - because you can afford a luxury device you can afford luxury pricing)...

      This proposal is just taking your current consent to its natural end..

      i don't know what else to tell you - someone out there with a LOT of power and VERY LITTLE brain thinks market-driven economy means 'lobbyist-driven-economics'..

      1. Anonymous Coward
        Anonymous Coward

        Re: Are they out of their tiny minds?

        someone out there with a LOT of power and VERY LITTLE brain

        That pretty much describes most politicians..

  8. Dr. Mouse

    Disappointed...

    This was not the news I was hoping for, reading the article.

    What I want is a standard API which will allow me to hook an accounting programme into my accounts, from multiple different banks, and get all the data out. Apparently, this is available in Germany, and also on some business bank accounts (for a fee, I think), but at the moment I have to export the data manually and import it into the software. Being able to initiate payments, with an additional auth check (2FA/password/etc.), would be a bonus.

    1. Anonymous Coward
      Anonymous Coward

      Re: Disappointed...

      "What I want is a standard API which will allow me to hook..."

      Funnily enough, that's exactly what the foreign corporations which own your government want too. So fuck you, you insignificant little piss-ant.

  9. Jimmy2Cows Silver badge

    Oh, hell no!

    Standardised API? Fair enough. Maybe even makes sense if it's actually achievable across all banks and building societies. Worldwide. Many banks are global after all.

    Open source? OK, maybe. Enables the community to evaluate security, stability, interoperability etc.

    Give 3rd party businesses access to account data? No no no no no no no no no.

    And Fuck no!

    Only a complete moron, or heavily bribed (and likely both) could ever believe this is a good idea.

    Take what probably the majority of people expect, demand to be the most secure and private thing they do online, and open it up to every parasitic marketing twat out there. Fucking genius.

  10. Phil Bennett

    "Informed consent"

    such access should be only be facilitated where bank account holders have given their "informed consent"

    Would this be the usual "give your consent or don't have access to banking and all banks are signed up so good luck if you're unhappy, chum"?

    1. Christoph
      Facepalm

      Re: "Informed consent"

      Not forgetting "Give your consent if you want to work here / get a mortgage / get credit".

      All the banks open up all their customers' data via a standard API with a standard security mechanism? What could possibly go wrong? Even before they decide to let companies set up direct debits that way.

  11. cantankerous swineherd

    "banks to open up access to the data they hold on customers to other businesses"

    madness. businesses will include the spies (local council upwards) and criminals. plus coercion by all of the above plus employers and any other nosy bastard that can get some leverage. will there be an audit trail? hahahaha.

  12. Anonymous Coward
    Anonymous Coward

    "Even if banks conform to the ISO 20022 standard on messaging"

    Hahahahahahahaha. These are banks, who suck in their breath through their teeth before they allow more than 80 characters per line, and think lower case is dangerously modern. They'd faint at the sight of ISO 20022. If you're lucky what they take is 'Standard 18', which is based on ANSI X 3.27 from 1978. Except that they don't even follow their own standard -- one bank insists you populate a specific unused field with zeroes, another requires you to leave off the "END" marker, and so on. And if you're unlucky they decide to roll their own format and end up with a CSV format with 86 columns, 78 of which you are required to leave blank.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon