<div dir="ltr">that is far more of a legal/liability problem than a technical one.<div>In the us there are 3 mechanisms, all with separate legal/liability results.</div><div>Credit cards are not banking in the sense you mean, but are controlled by the FED, reg CC. Consumer liability limited to $50 which is usually not worth the time to collect.</div><div>Debit cards apply directly to the user's bank account and so are very dangerous. I encourage people to avoid them like the plague.</div><div>ACH payments are bank account to bank account and are more like traditional banking drafts.</div><div>Because of the weak protection around ACH payments the release of the consumers bank routing number is very risky.</div><div>I believe that the introduction of a write api that can extract $ from a consumer's  bank account will result in massive losses that will result in long legal tussles to determine who pays the bill.</div><div>I can see no good coming from such a write api against consumer or small business bank balances.   ..tom</div><div><br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>Peace ..tom</div></div></div></div>
<br><div class="gmail_quote">On Mon, Nov 13, 2017 at 11:20 AM, Anders Rundgren <span dir="ltr"><<a href="mailto:anders.rundgren.net@gmail.com" target="_blank">anders.rundgren.net@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 2017-11-13 19:20, Tom Jones wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I thought i was directly addressing that point. I guess the problem, as usual, is one of semantics.<br>
</blockquote>
<br></span>
Yes, I was addressing this from a purely technical level where<br>
transferring money from an account to another entity using an<br>
on-link bank application is currently performed through [technically]<br>
entirely different means compared to using a payment card connected<br>
to the same account.<br>
<br>
The hope is [apparently] that open banking APIs will finally unify<br>
the technical side of money transfers, right?<br>
<br>
Cheers,<br>
Anders<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
<br>
Banking originally applied to depository financial institutions (DFI) only.<br>
The banks were fiduciary holders of funds on the behalf of depositors.<br>
That is the basis for the financial regulations of the first 1/3 of the 20th century.<br>
Customers issued bank drafts (checks) against their funds, those were payments to the holder of the draft.<br>
Bank cards allows account holders access to their funds 24x7 at ATMs.<br>
<br>
Consumer payments originally applied to credit card accounts which were approved drafts signed by the holder of the account.<br>
This started to change with the initiation of MOTO - mail order telephone order - payments.<br>
But the big change occurred when banks learned that they could make more money from fees than from deposits.<br>
<br>
Today i guess i would say that "banking" is anything that the account holder initiates on his own behalf.<br>
Payments are anything that an FI does against a user account that does not have an immediate consumer draft as back up.<br>
<br>
Clearly the banks want to move us to a brave new world where they do things to our account and declaim any responsibility if anything goes wrong.<br>
Check some of Ross Anderson's articles if you disagree with that statement.<br>
It seems to date that all apis approved by the banks are in furtherance of such an movement.<br>
In particular that means that if an aggregator can "write" to the bank, it is no long in the realm of "banking".<br>
<br>
Peace ..tom<br>
<br></span><span class="">
On Sun, Nov 12, 2017 at 10:27 PM, Anders Rundgren <<a href="mailto:anders.rundgren.net@gmail.com" target="_blank">anders.rundgren.net@gmail.com</a> <mailto:<a href="mailto:anders.rundgren.net@gmail.com" target="_blank">anders.rundgren.net@gm<wbr>ail.com</a>>> wrote:<br>
<br>
    On 2017-11-12 04:14, Tom Jones wrote:<br>
<br>
        i am not sure about the eu, but in the us the ach payment method is not constrained by any dollar limit.<br>
        ANSI X9.59 addressed limits and user consent. AFAICT there is no protection for users in UK open banking or FAPI.<br>
        It's all banks all the way down.<br>
        Now if we could find a way to make it a claim, then OpenID can handle it.<br>
<br>
<br>
    I'm not sure that this is really what I'm asking for, it is rather a comment/reaction to my somewhat heretic claim that "Banking" and "Consumer Payments" are quite different and probably do not gain by being dealt by a generic payment initiation API and associated security model.<br>
<br>
    A "visual" of that could be taking a peek at these URL's<br></span>
    <a href="https://www.openbanking.org.uk/read-write-apis/payment-initiation-api/v1-1-0/#usage-examples-merchant" rel="noreferrer" target="_blank">https://www.openbanking.org.uk<wbr>/read-write-apis/payment-initi<wbr>ation-api/v1-1-0/#usage-exampl<wbr>es-merchant</a> <<a href="https://www.openbanking.org.uk/read-write-apis/payment-initiation-api/v1-1-0/#usage-examples-merchant" rel="noreferrer" target="_blank">https://www.openbanking.org.u<wbr>k/read-write-apis/payment-init<wbr>iation-api/v1-1-0/#usage-examp<wbr>les-merchant</a>><br>
    <a href="https://cyberphone.github.io/doc/saturn/saturn-authorization.pdf" rel="noreferrer" target="_blank">https://cyberphone.github.io/d<wbr>oc/saturn/saturn-authorization<wbr>.pdf</a> <<a href="https://cyberphone.github.io/doc/saturn/saturn-authorization.pdf" rel="noreferrer" target="_blank">https://cyberphone.github.io/<wbr>doc/saturn/saturn-authorizatio<wbr>n.pdf</a>><span class=""><br>
    which address the same use case.<br>
<br>
    As far as I can tell there is no wallet concept in the FAPI, STET or OpenBanking schemes, whereas the Saturn architecture does away with the PISP altogether since it doesn't depend on direct account access (Banking <<>> Consumer Payments).<br>
<br>
        Peace ..tom<br>
<br>
<br>
    Cheers,<br>
    Anders<br>
<br>
<br></span><span class="">
        On Fri, Nov 10, 2017 at 10:28 PM, Anders Rundgren via Openid-specs-fapi <<a href="mailto:openid-specs-fapi@lists.openid.net" target="_blank">openid-specs-fapi@lists.openi<wbr>d.net</a> <mailto:<a href="mailto:openid-specs-fapi@lists.openid.net" target="_blank">openid-specs-fapi@list<wbr>s.openid.net</a>> <mailto:<a href="mailto:openid-specs-fapi@lists.openid.net" target="_blank">openid-specs-fapi@list<wbr>s.openid.net</a> <mailto:<a href="mailto:openid-specs-fapi@lists.openid.net" target="_blank">openid-specs-fapi@list<wbr>s.openid.net</a>>>> wrote:<br>
<br>
             Dear payment aficionados,<br>
<br>
              From what I can deduct, FAPI currently supports a single payment method ("transfer"):<br></span>
        <a href="https://bitbucket.org/openid/fapi/src/master/Financial_API_WD_005.md?fileviewer=file-view-default" rel="noreferrer" target="_blank">https://bitbucket.org/openid/f<wbr>api/src/master/Financial_API_W<wbr>D_005.md?fileviewer=file-view-<wbr>default</a> <<a href="https://bitbucket.org/openid/fapi/src/master/Financial_API_WD_005.md?fileviewer=file-view-default" rel="noreferrer" target="_blank">https://bitbucket.org/openid/<wbr>fapi/src/master/Financial_API_<wbr>WD_005.md?fileviewer=file-view<wbr>-default</a>> <<a href="https://bitbucket.org/openid/fapi/src/master/Financial_API_WD_005.md?fileviewer=file-view-default" rel="noreferrer" target="_blank">https://bitbucket.org/openid/<wbr>fapi/src/master/Financial_API_<wbr>WD_005.md?fileviewer=file-view<wbr>-default</a> <<a href="https://bitbucket.org/openid/fapi/src/master/Financial_API_WD_005.md?fileviewer=file-view-default" rel="noreferrer" target="_blank">https://bitbucket.org/openid/<wbr>fapi/src/master/Financial_API_<wbr>WD_005.md?fileviewer=file-view<wbr>-default</a>>><br>
<br>
             After going a bit deeper into the matter including a brief study of the STET PSD2 API (<a href="https://www.stet.eu/en/news/news1/stet-psd2-api-is-now-available.html" rel="noreferrer" target="_blank">https://www.stet.eu/en/news/n<wbr>ews1/stet-psd2-api-is-now-avai<wbr>lable.html</a> <<a href="https://www.stet.eu/en/news/news1/stet-psd2-api-is-now-available.html" rel="noreferrer" target="_blank">https://www.stet.eu/en/news/n<wbr>ews1/stet-psd2-api-is-now-avai<wbr>lable.html</a>> <<a href="https://www.stet.eu/en/news/news1/stet-psd2-api-is-now-available.html" rel="noreferrer" target="_blank">https://www.stet.eu/en/news/n<wbr>ews1/stet-psd2-api-is-now-avai<wbr>lable.html</a> <<a href="https://www.stet.eu/en/news/news1/stet-psd2-api-is-now-available.html" rel="noreferrer" target="_blank">https://www.stet.eu/en/news/n<wbr>ews1/stet-psd2-api-is-now-avai<wbr>lable.html</a>>>), it seems that FAPI and its "cousins" indeed properly address payments when performed in the context of "Banking", but somewhat less so for "ordinary" payment operations like performed at a POS terminal or automated gas station.<span class=""><br>
<br>
             Comments?<br>
<br>
             Thanx,<br>
             Anders Rundgren<br>
             ______________________________<wbr>_________________<br>
             Openid-specs-fapi mailing list<br></span>
        <a href="mailto:Openid-specs-fapi@lists.openid.net" target="_blank">Openid-specs-fapi@lists.openid<wbr>.net</a> <mailto:<a href="mailto:Openid-specs-fapi@lists.openid.net" target="_blank">Openid-specs-fapi@list<wbr>s.openid.net</a>> <mailto:<a href="mailto:Openid-specs-fapi@lists.openid.net" target="_blank">Openid-specs-fapi@list<wbr>s.openid.net</a> <mailto:<a href="mailto:Openid-specs-fapi@lists.openid.net" target="_blank">Openid-specs-fapi@list<wbr>s.openid.net</a>>><br>
        <a href="http://lists.openid.net/mailman/listinfo/openid-specs-fapi" rel="noreferrer" target="_blank">http://lists.openid.net/mailma<wbr>n/listinfo/openid-specs-fapi</a> <<a href="http://lists.openid.net/mailman/listinfo/openid-specs-fapi" rel="noreferrer" target="_blank">http://lists.openid.net/mailm<wbr>an/listinfo/openid-specs-fapi</a>> <<a href="http://lists.openid.net/mailman/listinfo/openid-specs-fapi" rel="noreferrer" target="_blank">http://lists.openid.net/mailm<wbr>an/listinfo/openid-specs-fapi</a> <<a href="http://lists.openid.net/mailman/listinfo/openid-specs-fapi" rel="noreferrer" target="_blank">http://lists.openid.net/mailm<wbr>an/listinfo/openid-specs-fapi</a>><wbr>><br>
<br>
<br>
<br>
<br>
</blockquote>
<br>
</blockquote></div><br></div>