What do they do? The article doesn't make it clear. It just discusses them finding alternatives to screen-scraping customers bank accounts after being given the credentials.
This API looks really shiny and well documented, kudos!
Do you only screen scrape or have backend/backoffice/negotiated integrations with various banks? How do you deal with enduser bank credential storage (both technically and legally when dealing with bank ToS)?
Also, in your experience, have any standards like OFX actually achieved critical mass for adoption amongst banks, and has that made your team's lives any easier?
For the top 14 banks we work closely with the banks to build connections - however for the smaller and mid-size banks we work and connect with a variety of vendors that serve those banks.
I personally sit on the OFX consortium (and a couple other financial standards committees) and I'm not overly bullish. I'll just leave this link here.... https://xkcd.com/927/
That XKCD strip is very true for financial standards. :(
I think you missed a question (unless it was intentional :), but how do you deal with enduser bank credential storage (both technically and legally when dealing with bank ToS)?
For example, on the technical side, do you store the credentials themselves or just session tokens/cookies?
I believe some of the data aggregation is done by reverse engineering APIs of mobile banking apps. You can easily do that by setting up MITM proxy to intercept requests. In some cases, you may need to decompile app binaries to decipher password encryption algorithms.
Awesome job btw. I love the site redesign, but it has always been quite good aesthetically. If I could hijack this comment briefly, I would like to ask how you see yourself vs. Stripe, who has a lot of advantages in the payments information space, having their own payment infrastructure and the banks recently fighting aggragators including yodlee.
Seems like a startup-y Mint.