A library of snippets
xxx
The market for media of exchange will gravitate towards those systems with the lowest transaction costs, and in the case of proof-of-work digital currencies, that means those protocols that forever subsidise hashing costs with the coin’s seigniorage
From Some Crypto Quibbles with Threadneedle Street | cryptonomics
xxx
xxx
This job has been largely been left to the European Banking Authority (EBA) who have been mandated to define the necessary guidelines and regulatory technical standards (aka RTS – although they won’t be defining anything ‘technical’ as technologists might understand that term) which are subject to their own timelines.
From PSD2, why the confusion? Oh, that’s why! | Killian Clifford | LinkedIn
xxx
xxx
Let’s say you like the look of a house that is for sale. You judge it is worth – for argument’s sake – 100 rupees. The chances are the seller will tell you he will only take, say, 50 rupees as a formal payment and demand the rest in cash… It means the seller can avoid a hefty capital gains tax bill. Buyers benefit too because the lower the declared value of the property, the lower the property tax they will be obliged to pay.
This means that Indians tend to have much smaller mortgages compared to the real value of their properties than elsewhere in the world and hence the system is more resilient against shocks to the system. Of course, the system concentrates wealth with rich people who can afford to pay cash, but the point made in the article holds.
OK, so fair enough, I was a little disappointed. The Open Banking Working Group published its Open Banking Standard.
The Open Banking Working Group, which undertook a review last year at the request of the Treasury, is calling for information on banks’ products and customers to be more easily accessed by digital services, including comparison sites.
From Banks urged to share data so customers can shop around – FT.com
Right underneath the heading “Open Banking Standard”, the document says that its goal “in publishing this Framework today is to enable the accelerated building of an Open Banking Standard in the UK”. Wait, what? We went from a “standard” to “a framework to accelerate the building of a standard”? This is why I was disappointed, to say the least. I thought the document might set out some actual APIs so that that both banks, fintechs, regulators and entrepreneurs could plan new products and services but the truth is it reflects the political realities of the pending complex “settlement” between banks, the regulators and others. It’s a holding document.
Here’s what I mean. Many people thought the document was going to say something along these lines…
The EBA DCSI three-part framework for PSD2 XS2A looks good so we’ll use that. The EBA can set the mandatory payment APIs. We will define a minimum set of non-mandatory payment APIs specific to the UK (to use, for example, PayM). We will also define a minimum set of non-mandatory non-payment APIs (i.e., the Treasury standards for Open Banking) specific to the UK but in consultation with relevant European bodies.
Now, I am particularly interested in the non-mandatory non-payment APIs, including those for Open Banking, because that’s where I think that the banks have an opportunity to become an essential platform. I was expecting to see a list of proposed APIs along the lines of…
DCSI_NMNP_UK_Adult ( Service Provider, Customer ) returns { YES, NO, INVALID_PROVIDER, INVALID_ACCOUNTHOLDER }
I’m not that interested in open data (e.g., ATM locations). What I’m interested in is customer transaction data, especially as it supports the more transactional APIs envisaged under PSD2. It would be crazy for banks to have to implement multiple infrastructures, so it’s logical to create an infrastructure for access to customer transaction data that can also be used for transactions. To use an obvious example, working out how to get the Service_Provider token and the Customer token is actually pretty complicated. If we can figure out how to do it (evolving the security standards as we go, in line with SCA) so that customers can access their own transaction data to start with (and, of course, to grant that permission to third-parties) then we can have an enabling platform in place for PSD2 that ought to turbocharge the fintech sector, as well as the banks (as I wrote earlier this week, banks will be users of these APIs as well as providers of them).
Anyway, let’s move on, since the Standard did contain any APIs or even a framework for APIs, we can’t use it to start planning services right now. Let’s instead focus on the positives and look at what the document did. What it did set out was a four part framework, comprising
None of these currently exist, so they need to be created. If we focus on the APIs, the document does note that thanks to the requirements of the Second Payment Services Directive (PSD2) and the General Data Protection Regulation (GDPR), many of the APIs will need to be built anyway. Hence co-ordinating the APIs in this way will actually save the industry time and money and obviously we all agree with this. But it looks as if we’re going to have to wait before we start prototyping and testing any actual apps for this stuff.
Of particular interest to me (and to many of our clients, I imagine) is the relationship between token provision and strong customer authentication (SCA). What are the flows going to be? So the document didn’t really get interesting for me until page 48, where Figure 7c.1 sets out the authorisation flow: third-party requests access to data, customers authenticates with bank (under provisions of SCA, presumably), customer is returned to third-party provider. Sounds easy, doesn’t it? It isn’t. As the Standard explains, there a significant risks around this. I can paraphrase them easily as:
How does Grandma or, for that matter, anyone else know that who they are granting access to and what they are granting access for actually corresponds to what is on their computer screen? Well, as Figure 7c.3 indicates, they can’t. Hence requests for access can only come from organisations that have been registered previously with someone, in some way. I guess they are thinking about registering with an Open Banking Authority or something like? I might also point out that where the document talks about Grandma giving “informed consent” I automatically shiver. Having been involved in a couple of previous projects for the European Commission to try to explore what “informed consent” actually means and how the general public might be supported in giving it, I can tell you that it is a minefield (I can imagine the lawsuits might make Payment Protection mis-selling look like a walk in the park.)
I agree very strongly with the document about contextual limitations. The tokens granted to third-parties should be circumscribed. They should be for a fixed time, for a fixed purpose, for a fixed provider. So if I give Saga permission to look at my bank account, that permission should be for (say) 7 days maximum, read-only and only for transaction data.
There is some technical detail in the Standard. It says that APIs should use JSON/REST, for example.
However, there are a number of leading API platform providers and no universally accepted RESTful API design methodology, which will lead to a scramble by the proponents of RAML, SWAGGER and Apiary.io to be the provider (and language) of choice for creation of common open APIs and developer sandbox.
From Celent Banking Blog » The UK open banking API framework – more questions than answers?
xxx
The data accessed via an open API may be closed, shared or open data.
xxx
Permission to access data will only be granted on the basis of informed customer consent,
The document calls for the launch of, in a year’s time, of a
tightly scoped Open Banking API, enabling select, read-access, open data use cases
Now, let me stress that I was not party to any of the discussions, and I am not breaking any confidences by saying this, but I imagine the discussions about what data the banks consider “proprietary” and what data the banks consider “open” must have been rather convoluted.
xxx
The API-fication of payments will continue to gather momentum, and has the potential to lead to a significant increase in new payment services and functionalities
xxx
xxx
Bitcoin is more expensive and inconvenient than regular banking is, and far more expensive and inconvenient than regular banking could be if it starts supporting smart transactions on public ledgers without bothering with the baggage of mining.
From Bram Cohen’s answer to Bram Cohen: What is the state of Bitcoin in 2016? – Quora
The robust (and accurate) remark from Bram Cohen (the chap who invented BitTorrent).
xxx
A consultation from the Department for Culture Media and Sport said “commercial providers” of porn should have verification controls to stop under 18s viewing the content. Companies that don’t comply may face fines from a new porn regulator, or have their websites shut down.
From UK’s porn age checks set ‘dangerous’ precedent (Wired UK)
xxx
xxx
Another neighbor and co-owner of the building, Sandeep Hingorani, lives in the top-floor studio — and for the past 10 months he has also rented Huang’s unit, despite her not wanting him to live there.
The problems started when an Airbnb user, “Jim Tako,” asked to rent Huang’s apartment.
From Airbnb renter fooled neighbor, refused to leave – Business Insider
xxx
xxx
Whether that’s listing a spare room on Airbnb, driving for a few hours a week on Uber, completing a few DIY jobs on TaskRabbit or cleaning someone’s flat via Hassle.
And as a customer of these services you’re required to trust that the individual you let into your house is as trustworthy as the stranger driving your car.
xxx
Onfido run this data through an instant checking system, pulling the numbers and writing straight off your passport to check it is genuine and not stolen, and then cross-referencing this data with other databases.
Ah. But this isn’t quite the same thing. If you are my Uber driver, there are lots of things I want to know about you, but who you are isn’t one of them. I want to know you a have clean driving licence, that the car is insured, that you don’t play loud music and annoy people with it. All sorts of things. Who you really are? Whatever. That’s none of my business anyway. One thing I really do want to know is that you are actually the driver with the five star reviews that you say you are, whether I know your real name or not.
xxx
Trust is about much more than money; it’s about human relationships, obligations, experiences, and about anticipating what other people will do.
xxx
So we went to the pub. For lunch. Seven of us. Say £20 per head. £100+ quid. Say £50 quid gross for the pub. Colleague goes to order food and drinks and pay at the bar. Apologetic barmaid comes over to explain that their “card machine” is down, so she can only accept cash. Under normal circumstances I would have simply walked out, feeling it wholly inappropriate to reward such a poorly managed establishment and, as a functioning actor in a capitalist economy, done my duty to depress their lunchtime takings.
Here’s what we wanted to say:
This is absurd. This is 2016 not 1916. Your card machine is down? Well, so what! Are you seriously telling me that mein host has no mobile phone number capable of registering for PingIt or PayM? That none of the staff or the pub itself have a PayPal account that I can send the money to? That neither the owners nor managers not contingency planners thought to tuck an iZettle behind the bar to use when the clunky and expensive GPRS terminal fails for one reason or another? This is a joke. Either the person responsible for the finances of this dive should be sued by the shareholders for negligence or I suspect your card machine isn’t broken at all, you’re just keeping the cash off the books to save on the paperwork. Either way, I’ve been thrown out of better places than this, so I’m taking my business elsewhere. Good day to you.
Of course, being English, what we actually said was:
oh sorry, don’t worry about it, we’ll go and get some cash
A helpful barfly explained that there was a free ATM only a couple of minutes walk away, so a scouting party was sent out to forage for cash while we waited back in the comfort of the lounge.
//embedr.flickr.com/assets/client-code.js
There is absolutely no excuse for not taking electronic payments, even for those eking out a living in the margins of the crumbling ruins of post-Brown Britain.
//embedr.flickr.com/assets/client-code.js
xxx
Snippings