[avianlyric]

> The banks have been lobbying to delay most of the UX improvements for the users because they just make too much money as an issuer to get interchange.

To quote Hanlon’s razor “never attribute to malice that which is adequately explained by stupidity."

Having been involved in these conversations, I can tell you with some confidence, that banks are far more worried about being unable to deliver the technical work on time, than they’re worrying about interchange.

There will be fees to pay for OpenBanking Variable Recurring Payments, it’s not going to be free for merchants to use. Which makes sense, contrary to popular opinion, running a bank account, and transacting, costs quite a bit of money. Every Faster Payment you send costs your bank a couple of pennies, not much on an individual level, but it sure adds up.

[thiscatis]

Having been in some of the same conversations, although I'm a big believer in Hanlon's razor, if someone suggests that for an OpenBanking payment the "authentication" should be the bank calling the user and having them listend to a 45 second message to then key in a confirmation code it's no longer stupidity, it's creating artificial barriers. The same bank can perfectly do quicker ACS with OTP or tap to confirm using a push notification but for OB PISP it requires a phone call...

[avianlyric]

You should see some of the fraud cases that happen via open banking and faster payments.

It’s an extremely difficult problem to deal with because there is no dispute mechanism in the faster payment flow, and Faster Payments are not interested in adding one. As a consequence, once the payment is authorise, the moneys gone, and getting back is almost impossible.

Fraudsters have been taking huge advantage of this, and regulators are demanding that banks protect customers from these scams, or eat the cost of reimbursement.

Having worked on this specific problem, I can say that calling the customer for authentication is one of the most effective ways to prevent these scams. The call normally forces the customer to hang up on the scammer, which is incredibly powerful because it removes the primary source of pressure on the customer, and gives them space to think. Most customers then realise they’re being scammed, and stop there.

You may say that there’s other ways of warning customers, like in app notifications etc. Well I’ve tired all that, they’re not effective, regardless of how big, scary and red you make them. Even when tuned so the false positive rate is almost zero, so most customers only every see them when they’re actually about to be scammed, they still don’t work. Reason why they’re not effective, customer mentions what they see to the scammer on the phone, scammer explains it away and pressures the customer to continue.

This isn’t to say there isn’t some better balance, or that the banks aren’t being lazy. But the fraud question is serious one, and a very difficult one to answer. Simply ignoring it when discussing Open Banking is either naive, or intellectually dishonest (I’m not claiming that you’re intellectually dishonest, but there are plenty of people who like to gloss over the fraud issues, or just victim blame).

[thiscatis]

I'm very happy that the banks take fraud seriously, even if it delays innovation because the current chargeback flow is horribly broken for everyone involved except the schemes.