A rare public brawl broke out this week between PNC Financial and the popular PayPal-owned peer-to-peer payments service Venmo. PNC, with $408 billion in assets and some 6.5 million mobile users, made a security enhancement recently that blocked users from accessing their accounts via Venmo.
The problem actually lies with Plaid, which is the intermediary in many of these situations and has been at the center of other account access conflicts in the past. Plaid has in these instances quietly pointed the finger at the banks, claiming bank application programming interfaces, or APIs, are sub-par, but consumers have never heard of Plaid, so the public fight between the bank and PayPal is what they see.
What made the fight particularly interesting was that PNC’s frontline staff directed users to Zelle, the bank-owned direct competitor to Venmo.
Venmo responded by saying customers should be allowed to choose which service they prefer.
In the third quarter of 2019, Zelle reported $49 billion in transactions, up 73% from the previous quarter, while Venmo tallied $27 billion, up 64% over last quarter. PayPal itself moved $178 billion.
The fight itself is interesting, less in the sense of who is wrong and who is right, but as a case study in the piecemeal way open banking is advancing in the U.S. and how responsibilities are viewed by the various constituents. For example, open banking laws would almost certainly require banks to alert Plaid or whomever was overseeing API access to accounts about security enhancements that might affect customer access.
Open banking is regulated in a number of jurisdictions around the globe, but the U.S. isn’t one of them, and is not likely to be. Open banking means that banks are required to grant access to customer data to third parties when requested to do so by authenticated customers.
While often linked in casual conversation with the debate over “who actually owns the data,” open banking regulations tend to be far more limited in scope. While banks are compelled to give access to customer data upon request, Google, Facebook and other technology giants face no such requirement, though regulators are at least considering it. The U.S. is looking to Europe on this matter, as with adjacent data privacy laws. Open banking is somewhat ironic from the banking perspective, because while banks have generally speaking been responsible custodians of customer data for many years, the relatively young companies Facebook and Google have built their businesses on selling tidbits from the rapidly proliferating pool of customer data that may be quite personal.
And the Internet of Things is opening customers up to risk that is lightly overseen by regulatory bodies. Amazon’s Ring doorbell has failed in several startling ways, exposing families to shocking invasions of privacy — that is not the kind of data sharing open banking advocates envision.
Consumer awareness of data privacy and digital privacy generally is increasing quickly, and several states are already in the process of implementing European-style consumer protection laws that banks and many other businesses will need to comply with quickly.
But in today’s banking world, API access is already a firmly entrenched reality with Plaid is at the center of it. The San Francisco-based company is clearly positioned to thrive in the coming world of increased account access by financial ecosystems. The company is valued at $2.65 billion and has raised $310 million from investors. It also quietly absorbed Quovo, one of its primary competitors, in the past year.
But banks also stand to gain from the brave new world of APIs, and financial institutions that embrace the platform or ecosystem approach may find lucrative new revenue streams such as highly personalized products and licensing fees. In the absence of regulatory requirements, several banks are already taking decisive steps in this direction.
U.S. Bank, widely regarded as a progressive institution, has signed a number of data-sharing agreements with fintechs. Industry watchers can expect fast follower banks to do the same. But this is not just limited to large institutions. The major technology vendors such as Fiserv and FIS are launching API initiatives of their own, and while they lag European counterparts, something is better than nothing. Smaller banks dependent on the major vendors will need to look in that direction for guidance in open banking initiatives.
So the fight over Venmo is not a bad sign for open banking or even banks that resist it, but it rather part of the inevitable growing pains the industry will need to endure as API access becomes part of what consumers expect.
Is your institution interested in discussing an API strategy? Please reach out to us if so and we can help build your strategy.