Hacker News new | past | comments | ask | show | jobs | submit login

"At first glance, open banking might seem to be a problem for Plaid, but ... developers will still prefer to use one well-built API that abstracts away thousands of financial institutions"

This type of centralisation makes me sad, but it's probably true for most startups. By using Plaid or an Open Banking service from another party (e.g. Experian) you'll pay fees to get information you can get for free if you integrate directly with the banks.

Even though the open banking APIs are uniform, any company wishing to use them still has to register with each and every bank, and test the integration works with each one. Until you've done it once, it's hard to know whether it will be easy (you write the code once, and it works flawlessly for all banks) or you have edge cases (e.g. some banks have funny timeout issues). So if you're a developer on a deadline, you will likely prefer to use a single API.






>you'll pay fees to get information you can get for free if you integrate directly with the banks

For the data Plaid was providing, this isn't really true at all in the US. Last I checked, the big banks were very guarded in their API access and you either had to have (1) a large payment (2) a high minimum balance and (3) pay for an audit from their auditor of choice.

I think Europe is different in this regard but the US players really had no incentive to do anything Plaid offered.


"For the data Plaid was providing, this isn't really true at all in the US."

Right, I'm talking specifically about open banking, which isn't a thing in the US.


If you want to truly use most bank API's you have to be audited heavily by them first.

I’d rather each bank purchases an API provider who has the appropriate security certifications to integrate with the bank’s backoffice systems, than have each bank attempt to implement OAuth themselves and fail in all the usual catastrophic ways. Their specialty is banking, not OAuth, and they already pay vendors for many other services that aren’t their specialty.

This also hints that a not-Visa competitor will appear in the credit union space, since credit unions often have a shared provider for banking websites (and bill pay, and etc.) and would presumably set up their own competitive API provider on top of that.


By using Plaid or an Open Banking service from another party (e.g. Experian) you'll pay fees to get information you can get for free if you integrate directly with the banks.

...which suggests you're not necessarily paying for the integration with a free service - you're paying for the integration at a grand scale. I.E. - paying to not have to do all that work yourself.


Banking dinosaurs brought this pressure for middle services on themselves by pretending they're not interchangeable services with limited means to tell them apart otherwise.

If they'd all support a standard API, plaid would vaporize overnight.


"If they'd all support a standard API, plaid would vaporize overnight."

In the UK, the banks already support a standard API, but it's still easier for developers to use an intermediary to access those APIs. Because using Plaid or Experian they don't need per-bank credentials and tests.


>Because using Plaid or Experian they don't need per-bank credentials and tests.

They also push all the risk in terms of Plaid being compromised onto the User's, instead of the service provider.

This is a winning deal for Plaid, because in the event of an undiscovered breach, there is no proof in the form of say, hackers running off with Plaid's hypothetical Autonomous System's credentials and generating fraudulent activity that can be shut down by just patching the breach and changing Plaid's credentials.

Instead, banks have to scratch their heads and figure out why all these seemingly random customers are calling about fraudulent activity at right around the same time.

It's absolutely terrible in the diagnostics department, but seemingly ideal for exploiting legal grey areas for avoiding culpability if something goes wrong.

I'm not sure federated OAuth is the answer, but it's a damn sight better than what Plaid is doing.


This is the government's job - to make a working market. They should be forcing banks, through their existing bank regulation powers, to allow interoperation.



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: