Personal banking needs an API

My washer and dryer can tell my smart watch when they are done washing and drying. A voice assistant in my kitchen can update my grocery list. Documents in selected folders on my laptop can be synced to data centers around the world in an instant.

These things are possible through the use of APIs, which most every user-facing service, tool, device and ecosystem out there these days seems to understand are an essential part of their offering. APIs give users, developers and partners a way to build new things on top of the thing you already offer. They give people flexibility to integrate a service, tool or device into their lives in a way that makes sense for them. APIs help encourage wide adoption and extensibility.

The industry that seems to be far behind in offering powerful APIs to end users? Personal banking, and related billing systems for utilities and credit card companies.

When I want to check the current balance on my personal checking account, I have to follow a multi-step process in a web browser or mobile app.

When I want to get the latest PDF copy of a bill from my mobile phone carrier, it’s something like 10 clicks across three different websites.

When I want to initiate a bill payment on a credit card provider that doesn’t support automatic drafting from my bank, it’s a similarly long process.

The other day a rep from a utility told me I had to call them to request a form be mailed to me so I could fill it out and mail it back to them, just in order to set up automatic payments from a bank account.

And when I want to be notified about certain kinds of activity from these institutions, I have to log in to each one to go through their proprietary grid of checkboxes and verification methods to set up push alerts or text messages…if they offer notifications at all.

Indeed, accessing and working with my personal financial information is one of the most cumbersome, high-friction, analog things I do any more. Personal banking and bill payment feels like swimming in mud compared to the light speed of most of the rest of the information economy.

Why is there so much friction in personal banking and financial transactions?

Industry experts would presumably point to security as a key concern. If you can move money around with zero friction, abuse and fraud get that much easier, right? By introducing some obscurity and slowness into banking interactions, maybe there are more opportunities to spot problems and stop problematic behavior before it gets too far.

But I wonder if this is an outdated way of thinking. So many critical parts of our lives are gated by a single username and password, and maybe a text message or TOTP authentication code here and there: our email, our smart homes, our appliances, our vehicles, our dating profiles and romantic lives, our travel plans, personal messaging, on and on. The damage that can be done as a result of poor personal security hygiene or badly designed software applications is already quite significant.

Is holding back more streamlined access to our financial data really helping that much?

At the same time, we see that at least some of the fraud and abuse that does happen with personal finances is related to poorly designed user experiences. If banks are always updating the design and features and URLs and names of their websites and mobile apps, of course people are going to have a hard time distinguishing legitimate communications from a phishing email. If consumer credit agencies are being hacked and having data exposed, and operating with questionable priorities even when they are secure, of course people are going to feel less hopeful about securing their personal credit records over time.

So I think you could make the case that having simpler, more streamlined access to our personal financial information would in at least some cases be more secure than what we have now, and would encourage better financial literacy.

What would this look like? A lot of people could probably imagine:

“Alexa, does my checking account have enough funds to cover my upcoming mortgage payment?”

“Hey Siri, pay the full balance of my Visa card, on the due date, from our joint checking account.”

Those couple of seemingly simple voice commands would require a lot of behind the scenes API access, but all of that would likely mostly happen on the business side of things. Some banks do have APIs that could support things like this, but most are for “partners” who intend to make money as middleware to other applications (think Plaid, Teller). It would be useful, but it wouldn’t do much in terms of opening up access to our personal financial data.

Here’s what I’m looking for in a personal banking API:

GET /accounts/
GET /accounts/12345/balance
GET /accounts/12345/transactions
GET /accounts/12345/transactions?type=deposit
GET /accounts/12345/transactions?min=300&max=1000
GET /accounts/12345/statement?format=csv&period=most_recent
POST /accounts/12345/transfer
POST /accounts/12345/deposit?type=check_images
POST /accounts/12345/balance-payment

List my accounts. Get details about my accounts and transactions. Download my statement data. Make a transfer, make a deposit, make a balance payment. Pretty simple, right? But potentially very powerful when it comes to freeing the data and setting up integrations.

With these kinds of API endpoints, I could create:

  • An IFTTT or Zapier app that checks my balance right when I want it.
  • A shell script that lists all my recent purchases at restaurants, across all accounts.
  • A cron job that puts my checking account PDF statements into a Dropbox folder every month.

Beyond that, I’d also want to see support for webhook subscriptions on an account I care about. Every time there’s any kind of activity on my account, send the details (over SSL, of course) to a server I control, and then let me do what I want with it. Store it. Query it. Pass it along. Flash the lights in the kitchen. The possibilities are endless.

And yes, there would have to be some strong security practices. Strong encryption, difficult to sidestep authentication, deep monitoring and flagging of suspicious transactions, and other protections in place for users everywhere. But banks, utilities and other financial organizations already invest a lot into these practices anyway (sometimes to great effect, sometimes not), so why not expand the thinking to include modern APIs that open up the possibilities to new workflows?

As I said on Twitter two years ago, the first financial institution that offers this kind of access will likely immediately get all of my banking business.

I haven’t researched it thoroughly, but I’m guessing that “fintech” startups have already tried to tackle this space, and immediately been bogged down in regulatory barriers, legacy systems and the reluctance of banking institutions to give up control over the data they hold. Still, it seems like this is an area ripe for disruption and change.

Would you use these kinds of personal banking API endpoints? Am I missing something about how feasible this is, or how useful it would be?

Published by

Chris Hardie

Journalist, publisher, software developer, entrepreneur

2 thoughts on “Personal banking needs an API”

  1. You might be interested in Plaid; they’re doing this: https://plaid.com/ (I’m not affiliated with them)

    Based on this article (https://www.eff.org/deeplinks/2019/12/mint-late-stage-adversarial-interoperability-demonstrates-what-we-had-and-what-we), it seems that the main barrier isn’t security concerns but simply that banks don’t want their users to have an API. :(. Hence using Plaid (and Mint) is kind of janky: you have to give them your bank account’s username, password and answers to security questions, all of which they presumably store encrypted but not hashed. I never felt comfortable doing this, but apparently lots of people do it.

    So the ironic thing is that banks not having their own APIs is actually hurting security… maybe at some point (if Plaid becomes popular enough?) banks will give in and provide APIs. Or perhaps Stripe will save the day and start offering checking accounts…

  2. I agree completely. I would love to have APIs from my bank, even just to get balances.

    A few years ago I had written a program that would control Firefox over Marionette to do screen scraping for this purpose. I had it working with three of the financial institutions I deal with, but it required a fair amount of maintenance for my main bank — they changed the names and styling of critical UI elements often. Eventually it completely stopped working one day with my main bank for some isoteric reason that is hard to troubleshoot without getting into the internals of the browser. In the end I wasn’t able to find the root cause of the new failure and I had to abandon the idea.

    I really don’t like the idea of trusting my credentials to some third-party tool to get these sorts of APIs though.

Leave a Reply

Your email address will not be published. Required fields are marked *