Tag open-banking


I know part of it is that (from what I've been told and understand) if you the customer were to I.e. leak your data accidentally, it'd lead to the bank being reprimanded, and so one way it's managed is that only FCA registered third parties can access data. That being said, I don't really know how some third parties allow programmatic access in this case. Also having worked with Open Banking implementation, it's not as fun to use without having an intermediate API that the third party provides to you, rather than the raw OB spec 😅


Very interesting podcast about #OpenBanking and #StrongCustomerAuthentication. It's nice to hear some other folks' thoughts on what it looks like both as a bank and as a third party https://fi.11fs.com/573 #FintechInsider


I work on Open Banking APIs for a UK credit card provider.

A large reason I see that the data isn't made directly available to the customer is because if the customer were to accidentally leak / lose their own data, the provider (HSBC, Barclays etc) would be liable, not you. That means lots of hefty fines.

You'd also likely be touching some PCI data, so you'd need to be cleared / set up to handle that safely (or having some way to filter it before you received it).

Also, it requires a fair bit of extra setup and the use of certificate-based authentication (MTLS + signing request objects) means that as it currently sits you'd be need one of those, which aren't cheap as they're all EV certs.

Its a shame, because the customer should get their data. But you may be able to work with intermediaries that may provide an interface for that data, who can do the hard work for you, ie https://www.openwrks.com/