Banking

[JJ Hornblass, BankNet360.com]

The new online banking startups have been barking about the need for
more data portability privileges from the nation's traditional banks.
Has anyone seen any action on this front? Have banks even begun to
even consider DP? I would be curious about any ideas from other group
members for getting banks to embrace DP, particularly considering
banks' historical reluctance to open their business models (in other
words, information) to any foreign element.

I see banks are as a key linchpin in the portability debate because so
much of a consumer's data is tied up in his/her financial institution.
Wondering what others think.

JJ

[Elias Bizannes]

No one to date has suggested it, but there is no reason why we can't.
Current active participants are stretched dealing with social
networing data portability, but certainly, the work we are doing
particularly with Policy does have application to other industries.

Along with health and government, banking is certainly an interesting
area. I'd be happy to explain to you what needs to be done to drive
something like this within the Project, but as I alude to above, it
requires someone from the community to drive this particular angle.

You can contact me on skype via elias.bizannes or my my gmail above
and we can explore further.

Regards,
Elias

[danielabarbosa]

Thanks for posting JJ- I wonder if the conversation has taken place as
he BarCamp Banks events? http://barcamp.org/BarCampBank . They seem to
have a bunch of meeting coming up (not sure where you are located)-
and the format of BarCamp is to propose topics such as this- so that
might be a good way to get feedback.engage.

I took a quick look at the Wikis but couldn't find anything
specifically. In the last SF meeting (http://barcamp.org/
BarCampBankSF- with good list of contacts) someone did post that they
wanted to here about "data-portability and personal financial data"- i
could not find the references and didn't look very deep.

I would definitely be interested in the information you dig up.

Will you be so kind as to post it here as you find more information
and who is talking about it?

thanks!
-daniela

[max engel]

There was discussion about this at the IIW today, and I think a new
working group might emerge. i would recommend checking the identity
commons site in the coming days to check for notes and further info.

_max

[Mary Trigiani]

Max, welcome to the DataPortability Project! Perhaps you can join the
emerging banking group here on the wiki. Mary

[danielabarbosa]

Thanks Max- are you part of the group that is pushing for a working
group for IIW on the topic? If not who are some of the folks that you
can reference? Just would help us interested in the topic to start
listening and participating in their conversations as well.

Also, if you get to the reference before it is posted here will you be
so kind as to post it here- to direct folks there ;-)

thanks!
-daniela

[max engel]

i wasn't at the session, but it was mentioned during the closing debrief.  kaliya might have the info/people if you want to ping her.  i imagine it will get posted here: http://iiw.idcommons.net/index.php/Iiw2008a

i'll share anything if i get the link in advance.

_max

[Erling Wegger Linde]

In Norway there have been a debate over whether it should be possible
to keep the same account number when you move from one bank to
another. It doesn't seem that the Government have the guts to create
such a law just yet. But I think different regulations to increase
competition might be a door-opener for dataportability in the banking
sector. Do you agree? Are there such regulations in other countries?

Btw. which public/wide-spread ontologies could be relevant to start
with? I'm thinking FOAF and SIOC, but if anyone knows of any good
ontologies for the banking domain, please let me know.

- Erling

--
Med vennlig hilsen
Erling Wegger Linde

[JJ Hornblass, BankNet360.com]

I did a quick check. I didn't see anything at BarCampBank,
unfortunately.

On May 15, 12:03 am, danielabarbosa <danielaVbarb...@gmail.com> wrote:
> Thanks for posting JJ- I wonder if the conversation has taken place as

> he BarCamp Banks events?http://barcamp.org/BarCampBank. They seem to

[JJ Hornblass, BankNet360.com]

The portability of account numbers would be a great start. The
parallel in the US, where I am located, is the portability of mobile
phone numbers. That was a major battle here, and really its successful
implementation was due to the particular will of legislators. I
believe it took two separate acts of legislation to insure that mobile
phone numbers became portable. I imagine the fight for account-number
portability would make the mobile-phone fight look tame in comparison.
Banks are not going to go for it -- unless consumers demand it.

JJ

[Aaron Cheung]

"Mandatory Data Portability" vs. "Voluntary Data Portability" at work!!
btw re that "MDP", I did not coin that phrase, see, for example --
http://uchicagolaw.typepad.com/faculty/2007/03/mandatory_data_.html

MNP is in fact easier to achieve, because of regulations via legislations. Do we
want legislators to look into "Data Portability across Social Networks" :-), ie.,
if our Data Portability group is not doing enough to be like a "grassroot Interpol"
keeping an eye on the social network operators, and even to the point of publicly
condemning some "non-compliant" providers.. day in and day out.. :-| Well,
you can laugh at this analogy, but this is pretty close to what some of us have
been doing, lately, openly, and in my humble opinion, quite sadly..

Anyway.. back to something more interesting... what's good about porting
account numbers across banks?? :-) I'm really lost on this one!

Regards,
/ac.

[Erling Wegger Linde]

We have had the phone number battle here too, but now everyone just
take it for granted. I agree with you that the road to account number
portability would be even tougher :)

[Erling Wegger Linde]

On Mon, May 19, 2008 at 6:03 PM, Aaron Cheung <a...@mymesh.com> wrote:
>
> "Mandatory Data Portability" vs. "Voluntary Data Portability" at work!!
> btw re that "MDP", I did not coin that phrase, see, for example --
> http://uchicagolaw.typepad.com/faculty/2007/03/mandatory_data_.html
>
> MNP is in fact easier to achieve, because of regulations via legislations. Do we
> want legislators to look into "Data Portability across Social Networks" :-), ie.,
> if our Data Portability group is not doing enough to be like a "grassroot Interpol"
> keeping an eye on the social network operators, and even to the point of publicly
> condemning some "non-compliant" providers.. day in and day out.. :-| Well,
> you can laugh at this analogy, but this is pretty close to what some of us have
> been doing, lately, openly, and in my humble opinion, quite sadly..
>
> Anyway.. back to something more interesting... what's good about porting
> account numbers across banks?? :-) I'm really lost on this one!

Well, wouldn't it be great if you didn't have to tell your employer
etc. about your new account number when you changed bank. However, I
realize that companies that have a lot more money coming in from a
number of different parties would benefit the most from this. I think
the fear of having to tell all your customers about your new account
number could scare a lot of companies away from changing to a new
bank. Hence this probably destroys competition. Don't you agree?

[Aaron Cheung]

Agree.. though, for companies, depends on local culture and method of
payment.. ie., if majority is about receiving cheques (payers don't need
account number) or credit card payments (payers don't need account number)
then less applicable.. but for debit card or automatic teller machine transfers,
yes that would be nice..

That said, if the banks wants to make it easier for their customers (and for
themselves)... the first think to unify (not quite portability) would be the
interbank routing identifiers.. ie., those SWIFT Code, Fedwire Number,
CHIPS number, etc.. they all essentially identify one bank and branch,
but have multiple identifiers to refer to the same thing... very confusing!

Thanks for your insights.. ;-) /ac.

[JJ Hornblass, BankNet360.com]

Erling, I am not sure I understand. Yes, it would be nice for
consumers to maintain their account number across banks (although I
think the underlying transaction data is far more important). I don't
follow your second point. Why would companies be scared? What do you
mean by "changing to a new bank"?

JJ

[Erling Wegger Linde]

Hi,

I'll try to explain what I mean with an example:

Let's say that all your customers have your initial account number
which they use to pay you. Let's hypothetically say you have 1000
customers, if you then open up an account in a new (and possibly
better bank) and close your old account, then you have to notify all
your 1000 customers of your new bank account number. (Unless you use
some other work-around which Aaron Cheoung mentioned in his previous
mail). Wouldn't you have second thoughts about moving your accounts to
a new bank if it would mean a lot of work for you? Wouldn't it be
easier if your 1000 customers could just continue using the same
account number independent of in which bank you have your actual
account?

- Erling

[JJ Hornblass, BankNet360.com]

Ah, yes, of course that would be true. That's the whole point.

I trying to add, however, that the underlying account data is equally
important. You are bringing up a commercial banking reference so I'll
stick with that. Let's say you have been banking with a company for
five years and change to another bank. A year later you are audited by
your government's tax authority. The chore of extracting that data
from your old bank will not be easy, which is why it would be helpful
the underlying account information (who you paid and when, for
example) ports over with you to the new bank.

JJ

[Brady Brim-DeForest]

Was anyone able to dig up any applicable ontologies for the banking domain?

-Brady

--
Brady Brim-DeForest
www.brimdeforest.com

[John Breslin]

Yup - http://schemaweb.info/search/Search.aspx gives me:

http://sigma.ontologyportal.org:4010/sigma/Browse.jsp?kb=SUMO&term=FinancialTransaction

Lots of banking related terms there, but not sure how well it is used.

CCing semanticweb list to see if people know of others...

John.
--

[Erling Wegger Linde]

On Mon, May 19, 2008 at 10:22 PM, JJ Hornblass, BankNet360.com
<horn...@gmail.com> wrote:
>
> Ah, yes, of course that would be true. That's the whole point.
>
> I trying to add, however, that the underlying account data is equally
> important. You are bringing up a commercial banking reference so I'll
> stick with that. Let's say you have been banking with a company for
> five years and change to another bank. A year later you are audited by
> your government's tax authority. The chore of extracting that data
> from your old bank will not be easy, which is why it would be helpful
> the underlying account information (who you paid and when, for
> example) ports over with you to the new bank.

Yes, I totally agree! :D

[Erling Wegger Linde]

I guess you have this one:

http://www.financial-format.com/fef.htm

Although it gives me the impression of being an "offline" ontology if
you see what I mean..

[melvster]

Great post.

It strikes me that the portability of data is close to the core
business of any bank.

On May 14, 10:10 pm, "JJ Hornblass, BankNet360.com"

[Gordon Rae]

I'd expect financial institutions to be a major holdout on Data Portability,
because they are so sensitive about security. If we can start winning
hearts and minds there, it could be very empowering to our cause.

Does anybody have any contacts in online banking startups, so we can begin
to reach out?

Oh, and which nation is "the nation", btw?

Gordon

[JJ Hornblass, BankNet360.com]

You are right that the financial institutions are going to be major
holdouts, but unfortunately they control the playing field here,
dwarfing the online banking startups. We can reach out to the startups
easily, but I don't see them as holding much sway here. My gut feeling
is that we need to approach financial institutions -- but before that
we need a firm idea of what we want from them (scope, details, course
of action).

"The nation" -- that would be my nation, the United States of America.
My apologies for the confusion.

JJ

[Brady Brim-DeForest]

JJ,

I think that is a very valid point. 

My suggestion is this:  Lets reach out to the online banking startups and enlist their help first.  They obviously have an excellent command over the intricacies of banking taxonomy, as well as the pivotal sticking points, and a much clearer picture of both scope and mission.  With these partners on board, any proposal we make to the major financial institutions will be more credible and have a higher likelihood to pass muster.

My two cents,

Brady

[JJ Hornblass, BankNet360.com]

Agreed. I emailed two so far. Hopefully, we'll get a few to join the
dialogue.

On May 20, 2:23 pm, "Brady Brim-DeForest" <brad...@gmail.com> wrote:
> JJ,
> I think that is a very valid point.
>
> My suggestion is this: Lets reach out to the online banking startups
> and enlist their help first. They obviously have an excellent command over
> the intricacies of banking taxonomy, as well as the pivotal sticking points,
> and a much clearer picture of both scope and mission. With these partners
> on board, any proposal we make to the major financial institutions will be
> more credible and have a higher likelihood to pass muster.
>
> My two cents,
> Brady
>
> On Tue, May 20, 2008 at 10:55 AM, JJ Hornblass, BankNet360.com <
>

[Paul Madsen]

I'll venture that the criteria banks will use for choosing a set of
technologies, protocols, trust models, security & privacy policies might
be different than those of a Web 2.0 application protecting my attention
stream.

Is DP ready to consider endorsing multiple combinations of identity
technologies, these combinations optimized for use cases of different
value/sensitivity?

paul

--
Paul Madsen e:paul.madsen @ gmail.com
p:613-482-0432
m:613-282-8647
aim:PaulMdsn5
web:connectid.blogspot.com

[Brady Brim-DeForest]

Honestly Paul, I would say no, not at this time. Please share with me your thoughts, however, if you see differently.  

That being said, the research and networking in this space can and should start now – we have a long road ahead of us. Data portability in banking/financial space in particular has a lot of policy implications that we haven't even scratched the surface of yet.

-Brady

--

Brady Brim-DeForest

www.brimdeforest.com

[Brett McDowell]

Brady, I respectfully disagree.  

Over the last two days I've gotten an idea in my head that I want to raise to this community for consideration... "privacy-respecting Data Portability" vs. "Data Portability".  

I'm increasingly concerned by the (albeit implicit) potential end-game scenario (that DP might eventually be responsible for facilitating) of "all my data, all the time, everywhere" which is cool if we add "subject to my informed consent, in full disclosure of privacy implications".  If we only promote the former at the expense of the later, we are violating the "do no harm" principal (that I hope we also seriously adopt into our DNA here at DP).  

Maybe the DP policy group is all over these issues and I just haven't been paying close enough attention.  But your response to Paul was just the sort of "worst fears confirmed" that I was hoping not to see.  Maybe I have over-interpreted your comment but even if I did it gives us a chance to air these privacy issues as we are (seem to be) re-evaluating our purpose, role, approach, etc.

-- Brett

[mary hodder]

One more thing I could see happening, beyond "informed consent" for distribution of data:

Much like safeway cards, where a can of beans is normally $0.79 at say Trader Joe's or Berkeley Bowl 

but safeway lists it as $1.50 but *with card*, you get the "discounted" price of... $0.79.  Yes.. that's a deal.

In other words, safeway puts you in a position where you have to sell your data in order to pay the regular price.

I know you can shop elsewhere, and I know you can swop cards/ fake the info, but it still feels really bad.

If this isn't the right list for policy, I understand, (don't know where the lists are.. feel confused by the many lists)

but I do think the larger DP mission should be to prevent companies from forcing you to make your data

portable and shared with them, if you don't want to...

If your healthcare/insurance company insists on getting other data on you, and you fear losing health insurance,

it's not like safeway where you can shop elsewhere.  You're trapped.  Same often with bank/mortgage company

etc.  It's a high barrier to change/protest as you have few rights and the imbalance is huge.

My 2cents.

mary

[Nicholas Givotovsky]

You mean to suggest there might actually be the need for some limits to prevent harm from universal unfettered personal data exchange? But if you have nothing to hide...?

Seriously, couldn't agree more Brett.

--
re:defining the digital deal

[Nicholas Givotovsky]

Mary, perhaps membership has its rewards..and its punishments. Again more seriously, the unintended consequences are potentially huge here, and may in fact not all be unintended. N.

[Paul Madsen]

Hi Brady, I think it is legitimate for DP to decide to initially focus
attention on a particular slice of the space (or perhaps even as an long
term explicit scoping decision).

There may be a price to pay for the focus though, as the technologies
you choose as valid & appropriate for one slice (e.g lifestreams,
blogging etc) may not be transferable to another (e.g banking, eHealth,
etc).

Put another way, technologies & policies may determine use case scope -
rather than the other way

paul

p.s. Brett is arguing from the other direction, but I think we both see
the same potential disconnect.

Brady Brim-DeForest wrote:
> Honestly Paul, I would say no, not at this time. Please share with me
> your thoughts, however, if you see differently.
>
> That being said, the research and networking in this space can and
> should start now – we have a long road ahead of us. Data portability
> in banking/financial space in particular has a lot of policy
> implications that we haven't even scratched the surface of yet.
>
> -Brady
>
> --
> Brady Brim-DeForest

> www.brimdeforest.com <http://www.brimdeforest.com>

> <mailto:gor...@premiumadvice.net>> wrote:
> >
> >> I'd expect financial institutions to be a major holdout on Data
> Portability,
> >> because they are so sensitive about security. If we can start
> winning
> >> hearts and minds there, it could be very empowering to our cause.
> >>
> >> Does anybody have any contacts in online banking startups, so
> we can begin
> >> to reach out?
> >>
> >> Oh, and which nation is "the nation", btw?
> >>
> >> Gordon
> >>
> >> -----Original Message-----
> >> From: dataportabi...@googlegroups.com
> <mailto:dataportabi...@googlegroups.com>
> >>

> >> [mailto:dataportabi...@googlegroups.com

> <mailto:dataportabi...@googlegroups.com>] On Behalf Of
> melvster
> >> Sent: 20 May 2008 12:09
> >> To: DataPortability.General
> >> Subject: [DataPortability-Public] Re: Banking
> >>
> >> Great post.
> >>
> >> It strikes me that the portability of data is close to the core
> >> business of any bank.
> >>
> >> On May 14, 10:10 pm, "JJ Hornblass, BankNet360.com"

> >> <hornbl...@gmail.com <mailto:hornbl...@gmail.com>> wrote:
> >>
> >>> The new online banking startups have been barking about the
> need for
> >>> more data portability privileges from the nation's traditional
> banks.
> >>> Has anyone seen any action on this front? Have banks even begun to
> >>> even consider DP? I would be curious about any ideas from
> other group
> >>> members for getting banks to embrace DP, particularly considering
> >>> banks' historical reluctance to open their business models (in
> other
> >>> words, information) to any foreign element.
> >>>
> >>> I see banks are as a key linchpin in the portability debate
> because so
> >>> much of a consumer's data is tied up in his/her financial
> institution.
> >>> Wondering what others think.
> >>>
> >>> JJ
> >>>
> > >
> >
> >
>
> --

> Paul Madsen e:paul.madsen @ gmail.com <http://gmail.com>

> p:613-482-0432
> m:613-282-8647
> aim:PaulMdsn5
> web:connectid.blogspot.com

> <http://connectid.blogspot.com>

[Marc Hedlund, Wesabe]

Hi, all,

Thanks for the invitation to join the group. I'm one of the founders
of Wesabe.

JJ Hornblass wrote:
> The new online banking startups have been barking about the need for
> more data portability privileges from the nation's traditional banks.

We have? I'm not sure -- I consider that sort of a lost cause. The
US banking industry saw a large, if somewhat divided, push for OFX
(open financial exchange) standardization over the last decade, and
I'd guess most banks have already made their call to or not to support
OFX. I doubt there will be a huge amount of movement beyond that any
time soon. I'd love to see it but I wouldn't say we've been barking
about it (nor have our competitors, I think).

I do think it would make sense for banks to support OAuth so that no
third-party site would hold a user's primary account credentials. A
read-only OAuth policy would make a lot of sense, and protect users
from risk of leaked credentials leading to fraudulent bill pay or
transfer transactions. That seems to be very directly in the banks'
interests (and I tell them that every time I meet with them, with
surprisingly positive response).

Paul Madsen wrote:
> I'll venture that the criteria banks will use for choosing a set of
> technologies, protocols, trust models, security & privacy policies might
> be different than those of a Web 2.0 application protecting my attention
> stream.

I can't speak for banks, but Wesabe launched our "Data Bill of Rights"
in November, 2006 in order to address that concern specifically. The
DBOR says:

* You can export and/or delete your data from Wesabe whenever you
want.
* Your data is your data, not ours. Our job is to help you
understand and act on your data.
* We’ll keep all of your data online and accessible for as long as
you have an account. No “archive access” charges.
* Any data you want us to keep private, we will.
* If a question comes up not covered by these rights, we will
answer it remembering that your data belongs to you.

See http://www.wesabe.com/page/security

Wesabe provides a full API for access to any user's financial data
(assuming that user grants permission). See https://www.wesabe.com/page/api

Our API and our site provide data in CSV, OFX, QIF, XLS, and a custom
XML format. We also export to Google Spreadsheets from any
transaction list. We are intending to implement OAuth access for our
API.

If some standard for data portability emerges, we will support it.
I'd be happy to contribute to that effort with the caveat that my time
is extremely limited.

Hope this helps. Let me know what I can answer, if anything.

Marc Hedlund

[Brady Brim-DeForest]

Brett, Paul et. al,

First off, thank you for your responses.

I read back over my comment and realized that it could easily be misinterpreted.  What I intended to communicate was that I feel that DataPortability has to start small.  We need to focus on a particular segment of the marketplace first.  The 'Web 2.0' world (for lack of a better name) is a non-critical, low risk space in which to start.

If we are to take data portability into the banking world, we will absolutely need to endorse multiple combinations of identity technologies, optimized for value and sensitivity. 

That being said, I don't see us having the resources to start out in the financial space at this time.  

I hope that clarified my point.

-Brady

[Aaron Cheung]

Even if we are focusing on some particular initial space, eg., social
networking or social graph portability, it would not be simple to choose
some particular protocols to endorse (while not endorsing others, or
while not endorsing others *in time* -- recall the recent anger, arising
due to people feeling excluded, or what-makes-you-holier sentiments)
for some "unendorsed-by-DP" protocols are still important building
blocks towards a portable data web, even they might not be DP-centric.

Then, regarding the Best Practices documents, there would be so many
to produce, going forward.. thus we are indeed inventing something.. or
to put it fairly, depending on what we mean by the Best Practices docs,
eg., an RFC could be a best practice doc (aka BCP, best current practices)
or a research paper, or conference presentation slide, or a marketing paper..
ie., eg., say, -
- http://www.rfc-editor.org/bcp-index.html
- http://www.slideshare.net/faberNovel/social-network-websites-best-practices-from-leading-services
- http://www.slideshare.net/charleneli/big-brands-facebook-demographics-case-studies-best-practices
and there are just so many so many documents out there called "Best Practices"
stuff -- said with all due respect for their presence..

I just went over to our http://wiki.dataportability.org/display/dpmain/Technical
and to me it's more towards the RFC/BCP type of document, which is good,
save 3 questions: a) is writing an RFC [like document] not inventing something?
b) would existence of a BP doc makes DP a stronger org? c) do people care?

Anyway, getting too long.. my position being, we need to perhaps reconsider
our position, and what we can do best (including, perhaps, writing BP docs --
which is certainly fine and let me fully and unequivocally acknowledge the great
efforts from the dear tech members here, to be sure -- just that I'm not too
comfortable about the claim of, we invent nothing, but you can certainly disagree).

Said more as feedback for your/our reference only, not really a gripe piece.. /ac.

[Brett McDowell]

FWIW, I like an idea Aaron introduced and I'll suggest we expand on it.

DP could scope its work to various categories and parallel tracks,
thus allowing folks interested in difference aspects to work in
parallel if they choose, even if the "founders" are focused on just
one track to ensure progress. For example:

(1) RCP (Recommended Current Practices) - e.g, social networking:
requirement is that the tech is available and the practices are live
and being practiced in production by somebody (or somebodies).

(2) REP (Recommended Emerging Practices) - e.g., Banking:
differentiated from RCP track because the tools may not be in final
form (public draft standards for example) and the practices might only
be visible as Proof of Concepts and not yet in production.

This could play into the previous progress made on our Work Flow that
I believe starts with "laps/experiments" and ends with "Best
Practices". So consider this a recommended modification of the
existing Work Flow that addresses some recent public input.

I for one am more likely to engage with REP (ID-WSF, Higgins,
openLiberty.org, etc.) vs. RCP (rel="me") work. From my point-of-
view, this separation doesn't necessitate slowing down the RCP work,
and the forward-looking REP track might even add synergistic value/
input to the RCP track.

-- Brett

[Brady Brim-DeForest]

Brett, I love it.  I think that makes a good deal of sense.

+1

-Brady

[JJ Hornblass, BankNet360.com]

Marc,

Your submission was appreciated. Thank you.

"Barking" may have been the wrong word, because I didn't mean to imply
that the want for greater data openness was anything but positive. In
terms of who's been vocal on the matter, the lament was a particular
point raised at the Online Banking Summit, a conference I chaired last
year in Charlotte. Unfortunately, Wesabe was not among the 100 or so
participants.

But that is not the point. Let me ask a question, Marc: how many banks
offer OFX, QFX, or QIF downloads to consumers? Has Wesabe been able to
determine that number?

JJ


On May 20, 5:26 pm, "Marc Hedlund, Wesabe" <marcprecip...@gmail.com>
wrote:

> Seehttp://www.wesabe.com/page/security

>
> Wesabe provides a full API for access to any user's financial data

> (assuming that user grants permission). Seehttps://www.wesabe.com/page/api

[Erling Wegger Linde]

@Brett McDowell:

Fantastic!

+1 from me too :D

--

[Boaz]

This is a great discussion. I wanted to chime in with a number of
issues that I think most large banks would have to consider & deal
with before supporting data portability, based on my experience in
consulting to many of them:

-Data security (already covered in the discussion thus far, but
extremely important & probably top-of-mind for most banks)
-Privacy (regardless of what protection you build in, some customers
will always complain that you shared their data without their
permission)
-Higher customer attrition rates (since it will now be easier to
switch banks / accounts)
-Loss of competitive advantage due to having to share "proprietary"
data with competitors (for example--banks now use customer data
heavily in designing and targeting marketing campaigns to their
customer base; if I have banked with Bank A for 5 years, and I now
open another account with Bank B, Bank B would now have access to all
the data, and therefore all the marketing advantages, that Bank A has)
-Potentially large investment in getting existing legacy systems to
comply with new portability standards and maintaining that over time
(both for outbound and inbound data)
-Legal exposure if anything goes wrong at any step along the way

Still from a consumer viewpoint this would be a huge win.


On May 21, 10:45 pm, "JJ Hornblass, BankNet360.com"

[Marc Hedlund, Wesabe]

On May 21, 10:45 pm, "JJ Hornblass, BankNet360.com"

<hornbl...@gmail.com> wrote:
> "Barking" may have been the wrong word, because I didn't mean to imply
> that the want for greater data openness was anything but positive.

Understood -- I only meant to clarify our views, not to complain at
their characterization. :)

> In
> terms of who's been vocal on the matter, the lament was a particular
> point raised at the Online Banking Summit, a conference I chaired last
> year in Charlotte. Unfortunately, Wesabe was not among the 100 or so
> participants.

Sorry, wasn't aware of it. Sounds like a good project.

> But that is not the point. Let me ask a question, Marc: how many banks
> offer OFX, QFX, or QIF downloads to consumers? Has Wesabe been able to
> determine that number?

We don't have any way of determining the full extent. I can say that
it is more than 3,000 and less than 8,000 (in the US at least), but I
don't have a way to know where between that range it falls.

[Mark Shiu]

Hi,

It is wonderful to read all the comments, and suddenly we are moving forward rapidly.

I am not sure if I am right, please feel free to comment.

>
> -Data security (already covered in the discussion thus far, but
> extremely important & probably top-of-mind for most banks)
> -Privacy (regardless of what protection you build in, some customers
> will always complain that you shared their data without their
> permission)

Maybe customers can choose not to share their data?
So customers might provide an URL for their trusted sites to share those data, hopefully this can reduce security risk.

> -Higher customer attrition rates (since it will now be easier to
> switch banks / accounts)
> -Loss of competitive advantage due to having to share "proprietary"
> data with competitors (for example--banks now use customer data
> heavily in designing and targeting marketing campaigns to their
> customer base; if I have banked with Bank A for 5 years, and I now
> open another account with Bank B, Bank B would now have access to all
> the data, and therefore all the marketing advantages, that Bank A has)

Yes, probably, but I think eventually, this will help banks to get more customers, especially for those busy people who cannot go to a bank within business hours.

> -Potentially large investment in getting existing legacy systems to
> comply with new portability standards and maintaining that over time
> (both for outbound and inbound data)

This will probably be the key.  Having a common fields for banks are not easy.

> -Legal exposure if anything goes wrong at any step along the way
>
> Still from a consumer viewpoint this would be a huge win.

I think large banks have the advantages as well.  Reduce cost with extended signup hours.



Meanwhile, I have a question,
what kind of data are we sharing here?

I am working on the reporting part for an investment / forex company, and my very first intention was to send/share reports and financial position for export.
Also, I was thinking if DP is to export your friends and conversation between friends, so would it be like bank's transactions, balance sheets and monthly statements.

So my question is, what kind of data are we sharing here?  Would this include financial position (total investments, tax return data)?
And would it be for the bank to decide what kind of data included in DP?


Please correct me if I am wrong on the above.

Thanks

Mark Shiu

[Erling Wegger Linde]

To get an idea of this, I think we should start with answering "What
(minimal set of) data does another bank need in order to be able to
set you up an account (using your old account number)?

In the long run (if we ever succeed with banking DP :) it sure would
be great if you could see all your transaction history etc. after you
have switched banks too, but I'm not sure if that are realistic?

- Erling

>
>
> Please correct me if I am wrong on the above.
>
> Thanks
>
> Mark Shiu
> >
>

--

[Brady Brim-DeForest]

Interesting cross-post from the IDworkshop list:

-----------------

We proposed a solution for preventing ID-related financial harm in late
2005.  It isn't rocket science; it's based on the assumption that an
identity asset that can't be used is less likely to foster a fraudulent
transaction. A high level overview is located at http:// www.idovos.com

IDovos  permits an identity owner to exercise transaction-level control over
use of any asset related to the identity.  This is achieved using a virtual
on/off switch associated with identity assets like new credit, credit or
debit cards, web accounts and passports. These virtual switches are
controlled by the identity owner using a phone or browser.

One of the primary goals of the system is to DEVALUE identity assets by
rendering them worthless outside owner-controlled transaction windows.
Significantly, no use-enabling information retained or transmitted by the
system. No names, addresses or account numbers.

The system is capable of providing cross-entity asset protection.  A 401K
account at Fidelity could be registered as an asset and enabled for access
between 8:59 and 9:03PM every Thursday night while your Visa® from Chase
could be registered and spot-enabled for shopping using your cell phone or
PDA. Any number of assets can be registered and managed from a single
iDovos  account OR you could have multiple accounts with each containing a
subset of your managed personal asset base. The identifiers for these
accounts can be changed at will without disrupting asset protection
relationships.

Gary


--.  .-  .-.  -.--

Gary Dennis
Mantissa Corporation
1121 Edenton Street
Birmingham, Alabama 35242-9257

p: 205.968-3942
m: 205.218-3937
f: 205.968.3932

gary....@mantissa.com

--
Brady Brim-DeForest
OB&D Global
www.obdglobal.com

CONFIDENTIALITY & LEGAL NOTICE: This electronic message, including any attachments, is for the sole use of the intended recipient(s) and may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not the intended recipient, be aware that any review, disclosure, copying, distribution or use of this transmission or its contents is prohibited. If you have received this transmission in error, please contact the sender by reply e-mail and destroy all copies of the original message. This communication is for general informational purposes only and is not intended to constitute legal advice or a recommended course of action in any given situation. This communication is not intended to be, and should not be, relied upon by the recipient in making decisions of a legal nature. The Recipient is encouraged to consult independent counsel concerning the matters in this communication.

[Erling Wegger Linde]

Have you seen this:
http://www.geospatialsemanticweb.com/2008/05/27/structured-data-representation-of-financial-data
?

- Erling

On Sat, May 24, 2008 at 8:13 PM, Brady Brim-DeForest <bra...@gmail.com> wrote:
> Interesting cross-post from the IDworkshop list:
> -----------------
> We proposed a solution for preventing ID-related financial harm in late
> 2005. It isn't rocket science; it's based on the assumption that an
> identity asset that can't be used is less likely to foster a fraudulent
> transaction. A high level overview is located at http:// www.idovos.com
>
> IDovos permits an identity owner to exercise transaction-level control over
> use of any asset related to the identity. This is achieved using a virtual
> on/off switch associated with identity assets like new credit, credit or
> debit cards, web accounts and passports. These virtual switches are
> controlled by the identity owner using a phone or browser.
>
> One of the primary goals of the system is to DEVALUE identity assets by
> rendering them worthless outside owner-controlled transaction windows.
> Significantly, no use-enabling information retained or transmitted by the
> system. No names, addresses or account numbers.
>
> The system is capable of providing cross-entity asset protection. A 401K
> account at Fidelity could be registered as an asset and enabled for access

> between 8:59 and 9:03PM every Thursday night while your Visa(R) from Chase

[JJ Hornblass, BankNet360.com]

On May 22, 9:47 pm, "Marc Hedlund, Wesabe" <marcprecip...@gmail.com>
wrote:

> On May 21, 10:45 pm, "JJ Hornblass, BankNet360.com"
>
> <hornbl...@gmail.com> wrote:
> > "Barking" may have been the wrong word, because I didn't mean to imply
> > that the want for greater data openness was anything but positive.
>
> Understood -- I only meant to clarify our views, not to complain at
> their characterization. :)
>
> > In
> > terms of who's been vocal on the matter, the lament was a particular
> > point raised at the Online Banking Summit, a conference I chaired last
> > year in Charlotte. Unfortunately, Wesabe was not among the 100 or so
> > participants.
>
> Sorry, wasn't aware of it. Sounds like a good project.

It is. You'll join us in 2009!

>
> > But that is not the point. Let me ask a question, Marc: how many banks
> > offer OFX, QFX, or QIF downloads to consumers? Has Wesabe been able to
> > determine that number?
>
> We don't have any way of determining the full extent. I can say that
> it is more than 3,000 and less than 8,000 (in the US at least), but I
> don't have a way to know where between that range it falls.

It seems as though it makes sense to try to expand this number through
the existing OFX, QFX, or QIF structures, or at least to include such
an effort in the overall DP strategy. Perhaps there is a way to
incentivize those banks on the fence to such downloads available?

[JJ Hornblass, BankNet360.com]

Exactly. Start with account numbers and move on to transaction
history.

On May 23, 2:47 am, "Erling Wegger Linde" <erlin...@gmail.com> wrote:

[Mark Shiu]

So using email to map to account numbers?
And verify with encrypted data of SSN, address, phone, mother's maiden name (like credit card?) and password / pin (optional? just to fit into the financial model / procedure)

If there is any update from user (address, phone), OpenID (DP) ---> banks.
If there is any update from the bank (pin, balance in account), bank ----> DP

I believe if you need detail transaction, you might still need to navigate from the bank site.
Meanwhile you can check the balance or download a soft-copy statement from DP.


How does that sound?  This is just a basic idea, please feel free to comment or include necessary fields.

Thanks

Mark Shiu