The case of Uber is just a sign of the new. The company is in fact a middleman, which pairs people who need a ride (clients) with drivers who own a car and have a free time (service providers). At first, it doesn’t differ that much from a taxi company as we know it – or from a dispatcher. But the devil is in the details: Uber doesn’t own any cars, neither it requires any licenses from the drivers. The only requirement is a 4-door car in good shape and valid insurance.
The company just collects requests via smartphone app, connects clients with nearest drivers, then charges clients’ credit cards and transfers money to drivers, keeping some commission. As a middleman, not a regular taxi company, Uber doesn’t fall into cab regulations – and this drives taxi companies and their drivers insane.
It may look like Uber is a win-win concept, offering only benefits to both sides of the deal: clients get cheaper rides and easy payment system with no cash involved, drivers can make use of their cars and time, earning extra – or only – money. Surely, it seems to be the ultimate brilliant idea – until something goes wrong.
The worst case scenarios are the best measures for new business models, which are not yet regulated by law. When it comes to Uber and its responsibility policy, situation gets bad when a bad thing happens: if a driver causes an accident, in which the passenger is hurt, the company doesn’t hold any responsibility. The passenger is left on their own devices, hoping that the driver was properly insured. And had a valid driving license.
What’s worse, Uber doesn’t exactly know who sits behind the wheel – it could be anybody, even a person convicted for the worst crimes. In December 2014 there was even a case in India when Uber’s female client was raped by the driver who had been charged, then acquitted, of a prior sexual assault. Sounds terrifying? Yes, but haven’t you heard of dishonest taxi drivers? Those who cheat on mileage, tamper with taximeters, choose longer routes, steal from drunk passengers or even rob their clients? No company can verify their employees 100%.
Legal battles against Uber around the world are mainly the result of “classic” taxi protests: they see Uber as unfair competition which avoids licenses and taxes, and omits law. This is true, but also poses some questions regarding the need of such regulations. Carpooling, couchsurfing and all other examples of the so-called sharing economy bring up the discussion about the core idea of business: giving your time, skills or properties in exchange for money or similar services with no regulations involved, peer to peer, on mutual agreement only.
New inventions based on technological progress are simply ahead of law – and ahead of legacy businesses operating in the same scope. No wonder these newcomers are seen as unfair competition: they don’t need to obey rules they don’t comply with – yet. Uber claims it is not a carrier – it only pairs clients with drivers, therefore it can’t be treated as a taxi company. If it wins legal battles in Europe and the US, it may be a tough time for local taxi businesses. The only way out for cab companies would then be to adopt Uber’s business model. The “if you can’t fight them, join them” rule fits here perfectly.
Uber is not alone in its struggle for a better world, where it is the customer, and not the threatened competition or the obsolete regulations that decide on what is best for him or her. Similar problems faced Kontomatik with its Bank API solution.
Bank API – short for Application Programming Interface – is a screen scraping tool used to obtain data from the customer’s bank account. Imagine you found a better bank account than the one you currently use: higher rates, attractive loans, lower costs, etc. It’s very tempting, but when you think about the chore of setting all your history, recipients, transfers, payments from scratch, you simply give up. Not to mention the fact you will need to start over with your credibility in a new bank – or you would have to provide many documents proving things your current bank already knows. Wouldn’t it be ideal to have a one click option to transfer all information from the old bank to the new one? That’s exactly what Bank API does.
On your behalf Bank API logs on to your current account with credentials you normally use to access your bank. Knowing the structure of your bank’s web interface, it mimics client’s activities in order to obtain all necessary information. Then, it transfers this data to your new bank account. Easily, within seconds, you get your information moved to a new location. You saved lots of time and effort – moreover, now you are not an anonymous, unverified customer. You are happy, and so is your new bank. But the old one isn’t.
Banks are not willing to share information about their clients, even though clients want them to. You could call it a malpractice – after all, this data, as well as money, belong to the account owner, not the institution that keeps it. Banks are aware of this, so they do everything they can to restrict access to valuable information. If they have an API, they will not make it publicly available.
If you try to use your legitimate login credentials to enable automatic data collection from your own account, bank will consider this as illegal activity: most banks don’t agree on any screen scraping as it violates terms and conditions in one point - a client mustn’t give their login and password to anyone, applications included. Banks can’t stop you from using screen scraping, since it follows the same login procedure as if you were doing it, but they will hold any responsibility for your losses in case your account was cleaned up by some malicious software. Of course, this is a security measure, but what about using password managers such as online LastPass service or local KeePass or RoboForm apps? When you store your bank credentials in them and use the autofill feature, do you violate the bank’s rules? And, last but not least, who is in fact the sole owner of these credentials and holds sole responsibility for actions made with the use of them?
Undoubtedly, keeping your logins and passwords outside your own memory poses a risk. But even if you don’t write them down on a post-it note and stick them on the monitor or use any password manager, you are still vulnerable: trojans and keyloggers can sneak into your computer and wait for your input. Shall banks forbid using PCs then? Besides, in vast majority of cases, logins and passwords alone are not enough to do much harm, as critical operations such as transfers have to be verified with a one-time password. So is it more of an overprotection or just an excuse for keeping competition at bay?
Bank API is as secure as your money in a bank that uses this technique. If you grant your new bank access to your old account, all your credentials will be stored alongside your financial data within the same banking system, protected with your login and password to the new account.
The problem is that although banks would be more than happy to take a peek into their clients’ accounts in other financial institutions, they are more than reluctant to release such information to their competition. And they find supporters in regulators: in July 2014 Polish Financial Supervision Authority issued a note stating that screen scraping techniques lead to security breaches and should not be used by banks. No institution wants to seek a quarrel with the Authority, so banks obediently resigned from Bank API solutions.
In fact, PFSA forced Polish banks to abandon this new, existing technology in favor of future official API, which will allow banks to exchange client’s data legally and securely. Sounds great, but it’s still in the works and it’s hard to tell when it becomes operational and available.
The regulations or recommendations of PFSA don’t apply to non-banking financial institutions such as quick loans businesses – and these companies use Bank API solutions with pleasure, obtaining customer scoring within minutes. And no client complained so far.
This is what makes Kontomatik a lot like Uber: it has a great product, which takes a nonstandard approach to meet client’s needs and people could easily benefit from it. Yet, because of this innovative concept, which threatens banking status quo, it’s under constant attack of banks backed up by regulators and outdated law.
Perhaps other countries will pave the way for Kontomatik and alike. This year the UK government started working with banks and fintech firms on an open API standard. Standardization would allow the development of third-party apps that are compatible with the systems of all UK banks, and that can securely use customer banking data, with their permission. For now, banks can freely rely on third-party solutions such as Bank API.
But the leader in transforming banking into an open ecosystem where it’s us, clients, who decide which of our data can be shared with whom, is Germany. The open API, called FinTS, is now supported by 2000 financial institutions in this country – no surprise since the project dates back to 1995, when it was first developed as the Home Banking Computer Interface. Read more about Bank API in Germany.
Bank APIs are the future of banking. They will enable new features and experiences, letting customers choose a preferred interface of banking services: it could be an app developed by their bank or by another bank, or even by some third-party company.
With easy access to client financial data, banks can offer better deals. Comparison tools will show best options available for your money. This drives competition in financial services, which is good for customers.
The same principle of free market economy applies to taxi companies endangered by Uber and other carpooling services: businesses good for consumers will defend themselves. Laws and regulations are here to protect us customers from bad and unfair practices, not vice versa.