UK banks don't accept any liability if you give your online banking credentials to a third party.<p>If some fraud was to come about as a result of someone using Teller then they would be out of pocket or has Teller got agreements with the compatible banks to overcome this situation (either by Teller reimbursing the customer or the bank)?
Somebody told me that 2018 is the deadline for EU banks to provide API access. If that's the case then going through any server side layer managed by somebody is unnecessary and people in general should think twice about every single bank transaction being stored somewhere "there". It gives out a lot of information from your internet provider to your child's creche, holidays habits, income (duh), loan repayments and whether you like on mondays this new sandwich at pret a manger with a coffee for take-away or eat-in - can be inferred as well.<p>So be careful and if you want to have more insight into your finance maybe it's better to digest those apis yourself, libraries should pop out soon if they are not yet available for your bank (in europe anyway).
As a German it is hard to believe that such things do not exist yet in other countries. We have a standardized protocol called FinTS which is implemented by most banks. This results in a huge amount of desktop and mobile applications for banking.
Not seeing terms of service or a privacy policy. Who's responsible when there's an error, or a transaction is processed twice or zero times? Is this really a scheme to obtain user data and sell it to advertisers?
Early on at Token, we looked Teller as a possible solution to getting to market quickly. We found two things: 1) the lawyers told us to stay clear (huge greyzone) and 2) the banks themselves didn't want to engage with us using teller even if it sped up development time. We even brought stevie in talk to our lawyers to make his case. He failed to convince them. Finally, we inquired about the price. Stevie was elusive on pricing. I finally asked, "Look, if we paid you $1M, how many banks could we get?" He said one. So at that point, we were so far apart on all issues, so we pulled out. Token will be doing something similar to teller in terms of "one API for all banks" (aggregating banks' PSD2 interface with Token acting as a PISP/AISP). But we are also providing the PSD2 interface for other banks. We have raised plenty of money to do it right ($18.5M Series A to start with), but our pricing to developers will be ridiculously inexpensive. Also, we need to hire developers very quickly, so if you are interested in helping us do it right (no shared secrets, all end-to-end secure protocols, secure central PII storage (where the decryption keys are only available at endpoints), please let us know. We don't have a lot of time left to do this right. We are located in London and San Francisco.
There already exists a company called Teller in Europe which is dealing with payment solutions.<p>> Nets is split up in two divisions: Nets, which manages the Danish market, and Teller, which handles all international markets. This means that Nets processes all Dankort transactions, while Teller processes all transactions by international cards.<p><a href="http://www.epay.eu/acquirer-internet/nets-teller.asp" rel="nofollow">http://www.epay.eu/acquirer-internet/nets-teller.asp</a><p><a href="https://www.nets.eu/en/payments/" rel="nofollow">https://www.nets.eu/en/payments/</a><p><a href="http://netseu.23video.com/secret/12342399/64f0568391b3ebaa58b291826ee05aa4" rel="nofollow">http://netseu.23video.com/secret/12342399/64f0568391b3ebaa58...</a><p><a href="https://my.teller.com/login" rel="nofollow">https://my.teller.com/login</a>
Hey all - co-founder of Plaid[0]. Congrats to Steve - great to see some innovation across the pond!<p>There were a bunch of questions about Plaid and the difference. The obvious one is that Teller is UK only and supports the top couple banks, Plaid is US only and supports thousands of financial institutions. If you need both UK and US coverage - since we both have pretty developer friendly APIs - it seems like a nice combo! Steve/Teller have also taken a bit of an antagonistic approach and has not worked with the banks - time will see if this proves successful, but we've taken the approach to work directly with the banks (as investors, clients, data-partners etc.).<p>Hope that helps and if you have any other questions/comments feel free to shoot me an email at william [at] plaid.com<p>[0] <a href="https://plaid.com" rel="nofollow">https://plaid.com</a>
Am i the only one that would never trust a completely unknown third party with my bank account?<p>I like the idea, but i would never use this as a service on the internet.
"We realise that our revenue will most likely be a very long tail with a small number of customers bringing in most of the cash."<p>Either they or I don't understand what long tail means.
Dutch mobile-only bank Bunq also published their API pretty recently: <a href="https://www.bunq.com/en/api" rel="nofollow">https://www.bunq.com/en/api</a><p>Things are starting to not-entirely-suck in retail banking land. (in Europe, at least - not sure about elsewhere)
I built a little script to export my accounts to CSV/QIF. Super easy to use API! <a href="https://github.com/scottrobertson/teller-export" rel="nofollow">https://github.com/scottrobertson/teller-export</a>
Can someone explain to me this dichotomy I see with the almost thermo-nuclear war when it comes to copyright protection of total drivel, but when it comes to fin-tech there is literally a flourishing industry of screen scraping typing companies and well-publicized plays like Mint and it's just like a big shrug? How are these companies able to mitigate through the banking companies TOU and such?
I emailed a bit with sjtgraham on this a while back.<p>It was my understanding back then that even when Teller does more advanced authentication with the bank, eg EMV CAP, that that does still grant them the rights to move money, even though Teller doesn't yet support it.<p>To me that paints a big target on Teller's back - all those juicy downstream credentials.<p>sjtgraham's point was that setting up new payees typically (always?) requires additional authentication. But I can think of a number of scenarios where a hacker might send all my money to all my existing payees just to mess with me/Teller/my bank... causing fees and stress.<p>Obviously it's going down the route that Teller won't need your full credentials, you will grant them access via something like EMV CAP, which I applaud.<p>But I would call on Teller to publicly commit to not integrate more 'advanced' auth methods if they don't include the ability to grant read-only access, if the user wishes!
Yeah no thanks. I want a banking API but I want a <i>first party</i> API. No way I'm trusting some random guy on the internet with my banking password.
I wonder how many of the use cases for a retail banking API would be simply satisfied by just allowing customers to request a weekly email with a CSV transaction file attached in a sensible format?
Is there a test / mock instance, allowing you to call services connecting to dummy bank accounts? i.e. Some people may be concerned about trying out the API on their own accounts during the early stages, or if any update services are added in future. Also it enables those not banking with a supported bank to develop against the service.
Once you have access to someones banking account you can typically make small transfers (up to ~£200) without second-factor authentication. So if your service get's breached attackers will have potentially the means to extract real cash through mules or wreck havoc.<p>Asking for credentials is no go whatever the bank is. There are ways to get some feeds even now but that requires signing some papers. Besides, I don't want to shoot down the service because this is genuinely a useful service (if it wasn't for the scrapping) but the best way to solve this problem is for banks to implement their own APIs with proper access controls that make sense in the context of the bank and the account.
Teller is already an established brand name in the payment industry in Norway (Scandinavia?). <a href="https://www.nets.eu/en/payments/" rel="nofollow">https://www.nets.eu/en/payments/</a>
This is annoying, I got all excited and then realising this is for a handful of UK banks. Would be great if it were tagged as a UK thing more prominently.
Does anyone have any insight into a PSD2-style effort in Australia?<p>I notice that National Australia Bank is experimenting with APIs, they have a developer portal [1], with FX rates and branch location APIs currently available. Authentication, customer details and accounts APIs are 'coming soon'.<p>[1] <a href="https://developer.nab.com.au/ourapis" rel="nofollow">https://developer.nab.com.au/ourapis</a>
Bunq already has a native api [0], only if you pay sadly, many other functions are free. I like Bunq but their app devellopment is slow, I still can't share iDeal (is iDeal only Dutch? I wonder...) requests through anything other than email and sms. Everybody is waiting for general sharing on Android/iOS.<p>[0] <a href="https://doc.bunq.com/" rel="nofollow">https://doc.bunq.com/</a>
> Transfer money between accounts, make external payments using Faster Payments, and manage your payees, standing orders, and Direct Debits all through the Teller API.<p>What will the fees be on sending/receiving money?<p>Scraping data from your own bank account seems rather uninteresting to me. I assume sending/transferring is limited to domestic banks. Is this the case?
Cool project,<p>You should make it open source (to grow your bank catalog by the community) with some premium Plan (to earn money of it)<p>That's the only way to get it worldwide, otherwise, you will have to do MITM attack every single Bank App in order to get their APIs, with is painful and most of the times impossible without valid credentials.<p>Opensource + Premium is the way to go!
Engineer at MX here! We have a similar product for US and Canadian banks called Atrium.<p>More info here: <a href="https://atrium.mx.com/home" rel="nofollow">https://atrium.mx.com/home</a><p>NOTE: I saw a few people mentioning Plaid and Quovo so I thought it would be appropriate to mention our product.
Knowing the founder personally and his level of competency writing code gets me very warm down below. If I still lived in the UK, I would build something around Teller trying to give users a feeling close to what Monzo-bank is/does. Some kind of a hybrid zombie child, but beautiful!
A bank account is usually only part of the financial equation. What would really be useful is an API for a service like Mint. I'd even be willing to pay a low fee for someone to make available all the aggregate data from all the financial institutions via API for me.
Maybe every Bank should provide its own, well documented API. Third Party is not an option imho. Also this reminds me of that root Bank i saw here in HN some time ago... <a href="https://root.co.za/" rel="nofollow">https://root.co.za/</a>
Sorry for the newb question but a quick google didn't yield the results I was looking for. What is the attack vector here that "screen scraping" would exploit?
Which countries are supported? Not seeing that info anywhere. I only saw in a comment here that Teller has relationships with "every major UK bank".
Seems similar to <a href="https://root.co.za/" rel="nofollow">https://root.co.za/</a> - which is focused on South Africa.