I can see how that could work for global settings (connection settings and things like budget cycle settings). But if they were to include features like ability to add notes and re-categorise transactions (common in account aggregators) then presumably that metadata and transaction IDs would also need to be backed up to iCloud to enable recovery. Basically I don’t understand how an only-on-device approach for the data could work in a desirable way (i.e. be recoverable) if it were to evolve into something which included such features.
The same way as health and other private data with Apple. It lives on device until you decide to back it up at which point it’s encrypted and still only accessible on your devices once downloaded?
Except they don’t need to back up the transaction data itself, just some identifier to match it up again.
5 Likes
I mean it doesn’t rule out that people would be happy to do that.
Although most banks require you to go back to your other bank to reapprove every 90 days, there is scope within the open banking rules to not have to do that, it’s just not enforced.
Now I don’t think Apple would be satisfied with that implementation. It’s too much friction and would annoy users, putting them off using it.
Instead, I suspect they’ve gone to the banks and negotiated the better approach, where people only have to consent to Apple collecting that data from the wallet app every so often for Apple to keep collecting it. This might also explain the limited selection of banks on board.
I’ve posted a link to that part of the open banking rules up in the thread.
I don’t think it’s confirmed yet that this is the approach Apple are going, but no one’s shared anything in the onboarding to suggest you have to re-authenticate every 90 days with your bank like every other implementation currently requires.
But if this is how Apple are doing it, it’ll be as trivial to move it to your new phone as it is currently with Apple Pay. The data will transfer over, you’ll just need to consent to Apple that they can continue collecting it and sending it to your new phone.
This is all an educated guess though. I just don’t know with absolute certainty one way or the other.
But I do know that Apple won’t be stopping with your balance and transaction history. Internally their goal is for wallet to become the front end user interface for banking. So it’s definitely going to get more.
Revolut truelayer goes for many years!
Actually, Lloyds and Cheddar also:
I remember a change somewhere saying the 90 day no longer has to apply (apologies if missed it above anywhere).
The 90 days is still the enforced time limit, but now banks can allow access for longer (at their own discretion believe) and make it so users only need to consent with service provider (which would be able in this case) instead of having to send users constantly go back to their bank to reauthenticate.
I’ll find the link above and repost it in this reply.
2 Likes
Right, but the question is, do you re-authenticate with your bank on that date, or do you just update your consent with Apple as outlined in the the truelayer article above.
That’s the big question, and the crux here. If Apple were going to be sending you to the bank every 90 days, that is something they will (or should) have communicated directly in the wallet app, prior to sending you to HSBC to set it up.
So, following the changes, when a consumer uses an account information service provider (AISP) to access their account data, the following will happen:
- The consumer consents to the AISP to allow them to access/ share their data.
- They are redirected to their bank and complete authentication with their bank by providing credentials.
- The AISP then has access to that data for as long as the consumer wishes data access to continue.
After 90 days, the AISP must obtain re-confirmation of consent from the consumer:
- If the re-confirmation is obtained, the AISP can continue to access data.
- If the consumer asks for the data sharing to stop, the AISP must not access data (and access is revoked).
- If the consumer doesn’t respond, the AISP must not access the data but can send prompts and upon reconfirmation of consent can continue accessing data.
I wouldn be very surprised if this new implementation isn’t what Apple are using.
And for context, this is the old approach currently used by Monzo’s connected accounts and many others
To date, when a consumer uses an account information service provider (AISP) to access their account data, the following happens:
- The consumer consents to the AISP to allow them to access or share their data.
- The consumer is redirected to their bank and strongly authenticates with their bank by providing credentials.
- The AISP then has access to that data for 90-days.
There is then a legal requirement for the consumer’s bank to ‘re-authenticate’ the account access after 90 days. The process for this is:
- The AISP lets the consumer know that access to the account data has expired.
- The AISP redirects the consumer to their bank to re-authenticate.
- Access to the data for the AISP is renewed by the bank.
1 Like
I suppose we’ll just have to wait and see, but in the HSBC app it doesn’t seem to suggest consenting again with Apple is an option. This is the page explaining how/when it’ll be cancelled:
I guess the wording of the second reason in the list could be open to debate, but nothing stands out to me other than the expiry date.
1 Like
Definitely, because I understood that to mean differently than you.
It’s gonna be a wait and see game for sure.
1 Like
I would expect it to explicitly state something like “You can renew the connection directly with Apple Payment Services to extend the expiry date” if that were an option. I do agree it would be a bad experience for users to keep renewing so frequently though.
1 Like
Just been through the hsbc process briefly, including all privacy bits by Apple, didn’t see any times, however, when opening the HSBC to choose accounts, this was at the bottom:
So I guess it’s for the bank to decide how long, not Apple to take indefinitely.
I may have misread what you’re asking for, but this was relatively close in terms of time.
Halifax, on the other hand, say it’s down to the service provide 
Sorry I’ve not been helpful 1 bit 
1 Like
Yep that was the notice I saw! Didn’t see anything like that with Monzo.
1 Like
As would I, but then I remember it’s HSBC, and would be as equally surprised to see them communicate it accurately at all, especially if it is indeed the newer paradigm.
You’ll just have to let us know what happens come December 28, unless Apple publishes a support article explaining everything before then!
2 Likes
This isn’t what I was referring to when questioning whether Apple could provide desirable budgeting and analytics tools with data only held on device. I was thinking more how recovery would work for data the user has invested time into if it is only ever stored on device (notes, categorisation, analytics, etc). But I gather from @ndrw’s response that Apple does fully encrypted backup for certain data types, such as passwords and health data, and presumably this data would be included in that.
But in relation to re-authentication - there are already aggregators which don’t require you to do full re-authentication every 90 days. For example in Emma all you need to do is tap a “Renew all” button and all connections get renewed for another 90 days without needing to be re-directed to each bank for re-authentication.
Well none of this actually exists yet, nor is it how I imagined it working if/when apple does do this. I’m expecting them to approach it like they have in the US. Which is zero friction and simple. The polar opposite of what so many budgeting tools do on this side of the Atlantic, none of which I actually really like. Because of said friction. Whatever budgeting tools apple does will be done for you. You’ll probably get some options, and iCloud would remember and sync what those are. But don’t expect to be creating things like creating your own categories, or notes. They’re not very Apple-like features.
But again, even if you could, It would all transfer across to your new phone just like health data would, or E2E encrypted in iCloud if you desire (and if they’re allowed). It’s a solved problem.
I’m still very very new to Emma, so haven’t got to the point to experience that, but yes, that’s the sort of implementation I was talking about above and would expect Apple to take. All the ones I’ve tried prior send you back to your bank every 90 days or they lose all the data.
Emma are just really really good and very very quick to adopt the latest stuff, which is quite a marvel to behold.
Yeah, just confused me earlier in the thread when you alluded to Wallet data existing only on device. In my mind that would have excluded iCloud sync or backup.
1 Like
Maybe @_Tom or @TomMills know or they may know someone who may be able to provide insight? Someone must’ve set this up on Monzo’s end after all
1 Like
I wonder if the Wallet app will evolve at some point, given it’s moving towards banking as opposed to a storage app for cards.
1 Like
Not sure if it’s been mentioned, but it displays account balances when you’re using Apple Pay to pay on a website/in an app. Presumably it’ll be added to paying in person eventually too.
5 Likes
That’s really cool!
Not sure if want it on the interface for paying in person though because privacy. Also doubt they’ll do it for that reason too.
4 Likes