Categories
Uncategorised

“My Plaid” and how DeFi identity is coming to disrupt Open Banking

Was intrigued to read in the latest Fintech 🧠 Food that @Plaid has launched a beta product called My Plaid (http://my.plaid.com) that allows users to see which companies they are sharing their financial data with 🧐

Naturally, I wanted to take it out for a spin…

For now, it doesn't seem to have the capability to see which companies have access to data. You can only add accounts, like any personal finance app out there, and see an aggregated view of accounts.

So, nothing *too* differentiated for now πŸ€·πŸ½β€β™‚οΈ

Where it breaks down potentially is that this will likely only work where the origin/destination of financial data uses Plaid APIs.

The alternative – as @ACTobin from @evernym put it – is to “make the user their own API” πŸ’‘

And THAT is why I'm bullish about the application of #selfsovereignidentity in #fintech:

1. It goes beyond the scope of what data is available under Open Banking (mostly current accounts & credit cards)
2. It doesn't rely on a single, proprietary vendor like Plaid to work

In a way, I'm glad Plaid is doing this now because it demonstrates clear product-market fit and demand for digital identity services, that we *can* solve in a more efficient and privacy-preserving fashion @cheqd_io πŸ‘πŸ½

It’s taken SEVEN years since Open Banking regulations were defined in Europe to get to any semblance of consistent access for users being able to take their current/card account data elsewhere.

And this has arguably been GOOD for competition and more consumer choice.

If the financial services industry tried to solve data portability with traditional means, I can see this taking another half a decade.

Do we really want to wait that long? Or will we see bolder fintechs embracing new standards in DeFi identity eat the lunch of incumbents again?

Originally tweeted by Ankur Banerjee (@ankurb) on 22 August 2021.

Categories
Technology

How banks get away with paying little attention to identity theft

Originally posted via this Twitter thread

The story this week fromΒ @mikulajaΒ on how his identity was stolen and used to open bank accounts and loans is deep-dive into the ugly side of how KYC works.

There’s another side to this story of how ID fraud impacts some demographics disproportionately.

The burden of responding to the fallout of ID theft is squarely on the person whose ID is stolen.

Often, the person impacted isn’t even a customer of the financial institution where attempts have been made to open accounts, and therefore it’s low priority for those companies. happens to know the finance/fintech space, and had contacts that could elevate the customer support requests to higher-ups. Even then, he found the process challenging and slow.

I wonder how many hours of Jason’s time all this follow-up took πŸ˜”

At the best of times, I know many that find dealing with banks anxiety-inducing. If you up the stakes with potential future impact on credit scores etc, those stakes get raised.

Add the hurdles of paperwork, filing requests with police, waiting on hold on customer care

…and pretty soon, you start realising that banks have shifted the burden of this to:

– non-native speakers or immigrants
– anyone with mental health conditions or anxiety issues
– people who simply don’t have the time or patience (many of us)

I say this as someone who has generalised anxiety disorder and ADHD. I could deal with ID theft, since I know the fintech and ID verification space well enough to know how to even start unfucking the situation.

Many people don’t. And so they take the financial hit and move on. The reality is that a lot of fintechs/banks try to meet the bare minimum due diligence needed to open an account, and acknowledge that means there are some scammers in the mix.

They prioritise reducing barriers when signing up for an account since they care about user growth. Even if someone reports a financial crime to law enforcement, it’s so common, so white collar, and so hard to track down that even when people lose $10-100ks the best you get the paperwork and effort needed to get a police reference number and a πŸ€·πŸ½β€β™‚οΈ from police. (There’s this phrase from the British show @Line_of_duty that to me sums up the ridiculousness and futility of most financial fraud reporting to the police: “I’ll have to generate a non-crime crime reference number” πŸ₯²πŸ˜­)

Banks/fintechs typically get fined if they didn’t follow the process of following bare minimum due diligence criteria when opening accounts.

They don’t get incentivised or fined for resolving cases where fraud or ID theft actually happens. An example of this is one of the many occasions in which HSBC was fined for failing to do effective AML.

Their solution? Turn the bank account opening form 5-6 pages long with questions like “Are you a terrorist?”, “Are you associated with drug cartels?”

Ridiculous financial regs mean HSBC gets to do minimal checks on top, wring their hands, and say “But we tried and the customer lied to us! 😨”

@sytaylorΒ puts this well when he described AML as “a car that doesn’t work 99.9% of the time”

I wish I had screenshots for this form, it was circa 2015-2016 when I was opening an account with HSBC. (It doesn’t look like the form is that long or asks those questions any more.)

Rant over. I’m glad @mikulaja found some semblance of resolution, although it might unfortunately continue to haunt him in the future too. πŸ˜” (I hope it doesn’t)

Thanks to @AnaisCis for connecting us. ❀️ @NateSoffio, you might have some thoughts too on disproportionate impact πŸ€”

Actually, one more thing: @mikulaja rightfully calls out the lack of data sharing on fraud and/or a reluctance to pay for commercial tools that track this as a reason why fraudsters can get away targetting this kind of fraud at companies they know have lax policies.

Data sharing of fraudsters, and even more intrusive forms like sharing biometrics of known fraudsters (πŸ‘‹πŸ½@hare_brain) is a big priority for large banks.

But it’s also very inequitable because this kind of denylist is even more opaque than credit rating agencies with no redress

While banks are a whole lot more secretive about this kind of data sharing, one good example of this in a different sector is how bars/nightclubs often participate in secret biometric denylists of punters they’ve banned.

Maybe the people who are on the list “deserved” it. But who’s to check? You could’ve looked the bouncer the wrong way, or turned down advances from someone which led to them vengefully banning you.

Applying the same principles to banks could lead to financial exclusion πŸ˜•