Just found this on Product Hunt - they claim to be able to offer a sane JSON API on top of legacy bank’s API by reverse-engineering the private APIs they use for their mobile apps.
This looks nice but I’m not sure how they’ll deal with the legacy banks obfuscating their APIs to prevent this, or sending them legal threats (I’m not sure whether API reverse engineering is legal in the UK - in the US I’d say they’re in deep trouble already as the DMCA could be abused to sue someone doing this).
I’ve been keeping an eye on Teller for a while. There is additional discussion at Competitor update.
The owner is clearly is of the view that PSD2 (the coming EU legislation) and general API access is never going to be up to scratch, so he reverse-engineers, as you say. It’s definitely part of his plan to disrupt, agitate and pressure legacy banks into cooperation. He even tweets at legacy bank customers experiencing issues where he could help and asks them to help out by asking the legacy bank to cooperate.
However, he has agreed a level of proper integration with Nationwide, which interested me… he does this by getting a one-time code from your card+online banking card reader and passing it to Nationwide, who then allow him future access to the API. He doesn’t support bank transfers yet, but I believe he told me that this will be coming.
My problem is that we grant Teller full access - whether it’s by giving up the logins, or with a more advanced scheme (eg Nationwide). And if all my money goes walkies, I could be in trouble! I would happily give them read-only access. For those of us who understand Oauth2 - I want the legacy and challenger banks to provide clear scopes of access and allow me to choose which!
My other concern is that Teller is or will become a juicy target for hackers - if they have uninhibited access to a large portion of the UK’s bank accounts (remember that they will position themselves as a tool for app developers to use, so end-users would be on the teller platform without realising it) someone could wreak havoc if they got in.
I would hope the FCA, which most likely doesn’t have scope to regulate them, at least talks to them if they, or any competitor aggregation platform, becomes systemically important to the UK retail banking sector!