Hacker News new | past | comments | ask | show | jobs | submit login
Increase: Banking API (increase.com)
556 points by pen2l on Sept 13, 2022 | hide | past | favorite | 288 comments



I made an API for a bank... I was a third party and made the API by screen scraping their webUI. I sent their devs a link and initially there were positive messages going back and forth.

The API allowed you to see balance, transaction history, and make payments.

Before long, the API got quite popular, and lots of people were using it to make lots of payments automatically.

You know what makes money laundering super easy... a banking API so you can split the million dollars you want to launder into 1 million 1 dollar payments. And an API client which lets you treat each login cookie and account as an object in python.

Before long, the API and all users who had ever used it were perma-banned from the bank, because it was determined they posed too high a fraud/money-laundering risk.

I'm still salty because, after spending a week of my life building and refining that API, they banned me and 6 years later still claim they can't return the $350 that was in the account because they are still 'investigating'.


Heh, you got off easy. I spent six years of actual work learning this lesson the hard way back in 2006-2012.

In retrospect, I should have paid a lot more attention when Patric Collison told me he was spending his days reading up banking regulations. Eh, too boring, I thought, what could possibly be in there that a little code couldn't paper over? That mistake cost me the opportunity to be an early hire at Stripe.


Yup. This is why every attempt to provide developers better access to banking/finance is doomed to fail. Even if you buy your own bank charter, you are still subject to someone elses rules.

Your customers want to be innovative and do things they can't easily do today. On the other side is your financial network that has shut down the three previous attempts to do that exact thing because it causes a random transaction clearing server in France to burst into flames. You are now left holding the bag with both sides upset at you.


I'm am often amazed that the entire world financial system hasn't collapsed yet, considering what I now know about how it is put together.


It's because approximately 100-1000 times more people and resources are used to maintain it than would be needed in any other system of similar size and technical complexity.


To add to my comment: since the financial system is almost impossible to fix, the problem only keeps getting worse and worse. I predict that eventually 99% of the world population is employed in somehow managing the global financial system. After that point, it just collapses and no-one knows what comes next.


That's got some Universal Paperclips energy... It wouldn't collapse, it would evolve into its own artificial intelligence that keeps expanding until it fills the universe and follows it to the heat death of the universe. Can the workings of the second law of thermodynamics be reversed?


I guess credit and undos smooth over most of the problems.


Yes, that certainly helps a lot, but I'm pretty sure that would crumble under certain not-terribly-difficult-to-execute attacks.

The happy fact of the matter is that the vast majority of actors in the economy seem to be pretty well-behaved. The scary thing is that the system seems to depend on this.


I don't think that's specific to the economy. I think that's a succinct description of civilization.


I think of this every once in a while. We trust, a lot. Things would be different if we didn’t. I believe laws generally protect us after the fact, not before.


> The happy fact of the matter is that the vast majority of actors in the economy seem to be pretty well-behaved.

That's mainly because, in most countries, to become a participant in a regulated financial system, you have to meet the 'fit and proper' criteria of qualification [https://www.bis.org/publ/bcbs47c4.pdf].

There are continuous audits and enforcement/disciplinary actions taken to ensure regulatory compliance. Also, digitisation has enabled tech based regulatory/supervisory tooling to reduce the burden of regulatory/supervisory activities.

And, as newer/faster tech based mechanisms/rails have gained adoption older more cumbersome rails are getting retired. This is leading to effective regulatory simplifications.


It's because of mutually assured destruction. It's the same reason why there's a tacit agreement between enemy heads of state to not just assassinate each other. Doing so would just start a new world order that wouldn't be in anyone's interest. Sort of like nuking an enemy isn't a good idea either because of the retaliatory consequences it would necessarily cause.


Sounds like bitcoin's 51% attack issues.

Only I'm guessing it doesn't take half as much to create crumble the banking system.


> considering what I now know about how it is put together

As someone who doesn't, I'd love to hear more.


Lots of CSV files of transactions sent between banks by sftp servers and processed by big COBOL mainframes.

Any part of this process that is modernized still has to emulate the old...


Ah yes the old BAI format which is totally not a CSV file with a bunch of insane rules that differ per bank and are passed around via sftp server that are on the internet.

I'm glad I quit that job. The only problem is when I tell people how the bank actually move money they don't believe me.


Yep, a shocking amount of ad-hoc processes and standards held over from the 70s and earlier. Also, most surprising to me, very few people in the industry actually understand how it works. Most people have never met an actual banker. The people in your local bank branch are sales people and technicians. It is nearly impossible even to find someone who really knows what is going on under the hood, let alone get a meeting with them. And there is no documentation, no primer you can read to bring you up to speed the way you can learn about emacs or Javascript. It's all a good-old-boy network, and even finding an actual member of the club to talk to is nearly impossible.


Almost no rules within crypto, if you want to experiment. It's one of the selling points of the scene. OTOH regulation is slowly but steadily making its way over there as well.


Examples of what you discovered? This isn’t clicking for me…


The biggest surprise was how hard it was to find anyone who actually understood how the system works. I think it is safe to say that the vast majority of people have never met an actual banker. All of the people you interact with at your local bank branch are either sales people or technicians. They know about as much about banking as the guy working the Jiffy Lube knows about cars.

Not only that, but getting a meeting with someone who understands how banking actually works under the hood is nearly impossible. In fact, even finding such a person is nearly impossible. Not only do the front-line people in banks not understand how their industry works, they don't even know who does understand.

There is also a huge disconnect between banking and IT. I once had half a million dollars go missing for two weeks because of a wire transfer snafu. No one could figure out where the money was. The only reason it was recovered is that the person to whom the money had been wired incorrectly noticed and sent it back.


Meanwhile the USAA app told me one time that the amount I was trying to move one time would be subject to additional regulations and suggested breaking breaking up the transfer.

It felt like if Clippy had an addon to it's expert system from Saul.


Suggested breaking up the transfer to evade regs? Isn't that felony structuring? LOL


Not if you are doing legitimate transfers. I had to move money from trading account and had to do it over multiple days due to limits. It’s my money moving from one account to another. Zelle also doesn’t allow you to move more than certain amount. Probably for protection reasons.


INAL, but just to give one more example. If you're depositing >$10k cash into a bank, you (or your bank) have to report that to the IRS. If it's legally acquired, that's fine. However, breaking that same transition up into multiple transactions in order to avoid this reporting requirement is called "structuring," and it's a felony, even if the money was totally legitimate.

=> https://www.mybanktracker.com/checking/faq/rules-deposit-100...


But that's Actual Cash.

Moving $20k fully electronic (eg:ACH) doesn't have that requirement.

But lots of systems have limits based on risk windows.


Yes, for example real time NACHA payment event streams are actually windowed by periods governed by each transaction's exposure to risk and corresponding risk classification windows.


Structuring is still a crime if there is a legitimate reason for the transfer


Account transaction limits are different than reporting limits.


> You know what makes money laundering super easy... a banking API so you can split the million dollars you want to launder into 1 million 1 dollar payments.

That would be noticed. It's called "structuring" and is itself illegal. Banks watch for this stuff.


Yes, but when your script splits money into random amounts and puts things like "pizza money", "rent" and "happy birthday" into the reference field, across thousands of accounts, most of whom also have a real user doing real transactions intermingled, suddenly it gets a lot harder for the bank to filter.

The bank typically has a rather simplistic set of rules to decide to investigate transactions (because they need to be able to explain how the rules work in a meeting with the government whenever their rules miss someone). Things like "Transaction was over $1000 to a new payee or the reference contained the word 'bitcoin'". The investigation will typically involve a human calling the customer, and sometimes asking for more evidence of what the transfer was for - for example, please send us the receipt for the car you said you bought. It's quite an expensive process for the bank.

So, when someone via the API sends tens of thousands of transfers, the bank is spending lots of human hours verifying some/all of those. "My script sent $55 to some stranger because I won a fully automated bet on the weather" is far harder to verify with documentation too. And when some slip through the cracks, they get in trouble with the regulator.


This is why every time I send money via Venmo I label it "drugs" (or a specific drug, like "pure Colombian cocaine" or "crystal meth").


I think the IRL version of this is buying cocaine, rubbing it over all yor cash, and then using it as your cash without actually using the cocaine. It'll def just be ignored, as it's on a high percentage of notes[1] for any transaction anyways [2]. Banks use ml scoring algorithms and im not sure mentioning cocaine in notes for a RTP/The Clearing House transaction would actually go unnoticed.

[1] https://en.wikipedia.org/wiki/Contaminated_currency

[2] https://cipherblade.com/blog/tainted-bitcoin-isnt-what-you-t...


> It'll def just be ignored, as it's on a high percentage of notes[1] for any transaction anyways [2].

Cops have used cocaine residue as "cause" to rob people of cash: https://www.youtube.com/watch?v=MkeS_0NQUZs


How do the launderers have access to thousands of accounts? And why wouldn't the actual owners of the accounts report the transactions?


The api seems to let you create new accounts fairly easily. Seems odd to me as the API provider is the bank. Based on KYC I presume they think they are all splits of the same account holder?

I learned the other day that the name on account means shit, because scammers often give $account_details + $catfish_name and receive the money to $bank_details + $real_name.

I don’t see how splitting to 1000 transactions and sending money to yourself helps with money laundering or undercover money sending.


This. They're just "virtual accounts" under a single partner to the bank. If the service groups your payments with some other parties, in some weird mining strategy, then you might have risk. But if your parties grouped together on transactions appear to be cartel money launderers, you can definitely expect some calls from the bank. And the FBI. And your transactions related to that party in any way not to go through. It's a big part of compliance. Neobanks typically take their licenses from very well established banks who trust them and their partners to not expose tons of risk. It's a burgeoning market. They face competitive and regulatory pressures forcing them to strategize on this very well.


> I don’t see how splitting to 1000 transactions and sending money to yourself helps with money laundering or undercover money sending

Banks rely on a fixed set of rules to trigger an investigation for money laundering. One of these rules is the value of the transaction. I worked in retail whilst at Uni in the UK and we often had people who had lot's of money in their accounts unable to make large purchases due to these checks. Their payment would be automatically blocked and you would get a phone number they had to call to be able to make the payment. It was for example when buying a £5000 kitchen (I worked in the equivalent of home depot in the UK). If they could have split that transaction down to say 10 payments of £500 it wouldn't have triggered anything on the bank side.

Overall these banks process a lot of transactions and so heavily rely on these rules to keep them within the law. They don't always work as can be seen here and the bank noticed that users were able to circumvent their crappy ruleset by split big transactions down to lots of small transactions.

Not sure about sending money to yourself I suspect they mean transferring money between two accounts you control which is different in the banking for from sending money to yourself. If you are in control of both accounts you are laundering the money by transferring it to another account when you secretly control both. It's a basic way people like the mafia and such have laundered money for decades. They will do it through facade companies or suchlike. So they have one of the gang be legit and "clean" setup a shop who deposits cash into their bank account from "sales". The shop is a real place that you could technically buy stuff from. They then transfer their profits to this other account that is the gangsters account. The gangsters is part owner and they are receiving money as they "own" the shop and the shop has made money from sales. The sales though are actually the gangster giving money to his own shop and them claiming that as sales to the bank. The bank doesn't know that the money is actually from selling drugs or robbing stores or w/e illegal stuff they have done. The result is that you have taken "dirty" money i.e. money that has came from some illegal activity and with this strange process you have made it into "clean" money that's come from some legal activity.

So basically all money laundering will be transferring money to "yourself" but it will be via a third party that probably takes a small cut for helping. It's worked like this for years and is super common.

The fixed set of rules they have in bank is because it used to be that making money movements was hard so the criminals would transfer say £250k in a single transaction as sales revenue. So banks could easily spot this and take action. Making money movements easier means they can bypass this check.


>Banks rely on a fixed set of rules to trigger an investigation for money laundering.

Mostly, yes. But there are hundreds of those rules.

>One of these rules is the value of the transaction.

That happened, but I doubt that is the most important rule now. From what I've seen in my experience way bigger focus total value of transactions compared to various metrics.

Very large number of transactions on personal accounts is also one of those rules.

>Their payment would be automatically blocked and you would get a phone number they had to call to be able to make the payment. It was for example when buying a £5000 kitchen (I worked in the equivalent of home depot in the UK). If they could have split that transaction down to say 10 payments of £500 it wouldn't have triggered anything on the bank side.

That sounds like fraud, not money laundering rule.


Yes you are correct there are many rules I can't list them all here. The point is they are fixed rules and one is transaction amount.

> Very large number of transactions on personal accounts is also one of those rules.

Yes I suspect 1000's of trx on the accounts is what flag the whole thing to the bank.

> That sounds like fraud, not money laundering rule.

You have to take what I've said in context with the whole comment and not take a single part out of context.

As I said for money laundering you'll get consistent large transactions that don't make sense (say £250k each week from a pizza shop). Banks already know how to spot these large weird transactions so a method to hide them is to split them down into smaller transactions. My example with paying the kitchen was to show that the banks wouldn't notice the £500 transactions rather than the single £5000 transaction.


You normally start an ad campaign across facebook offering discount beauty products but you need to 'enable' this 'security software' onto your bank account...


I also don't buy it, I think GP is just roleplaying today ¯\_(ツ)_/¯


How is one even opening a dozen accounts, much less thousands?


That's silly. You could just as easily to the same thing with checks, or even cards.


Millions of checks or millions of cards is "just as easy" as millions of API calls?


Given enough printers, sure.


I still don't understand how this facilitates money laundering? You send small amounts to a bunch of accounts and then what exactly?

What is the source of the funds to launder and how/why is it already in the bank?


> What is the source of the funds to launder and how/why is it already in the bank?

Money mules; you offer some influentiable kid some money to deposit cash into their account and send it on to someone else. Or an old lady. I'm sure part of the Nigerian prince thing is money laundering.

Second one that is very prevalent is physical stores that never seem to get any customers, e.g. in my neck of the woods there's these mobile phone companies everywhere. I'm sure they sell phones, simcards and accessories on occasion, but I can't see how it would cover the cost of rent, let alone make a profit. Unless once a month someone comes in with a few thousand in cash that then gets added to the books over time.

Oh, there actually was an article on HN about that recently, that was "american" candy shops in london: https://www.standard.co.uk/news/london/london-news-american-...


I don't think OP knows what he is talking about? You also need "thousands" of accounts, and unless you are opening these remotely, I don't know how you can get this many people to co-operate with your scheme. That also doesn't cover the first part: Laundering the money into the bank. (if the money is already in the banking system, there is nothing to launder).

To be honest, I don't think money laundering is real, or significant. I see most money laundering rules as hidden or mislabeled sanctions on other countries, group of individuals or institutions.


Money laundering is real, but for some reason everything that I read online (e.g. in news articles or comments) about it is complete nonsense.

E.g. here the nonsense is why money that you already have in a bank account needs to be sent to someone else via 1000s of random small transactions. At best that would add a layer of confusion, but you still have the money laundering problems for the sending and final receiving person.


It is complete non-sense. Banks don’t have a good framework for detecting suspicious transactions. They also happen to not really care and rightfully so: it’s not their job and shouldn’t be their responsibility.

What happens is that banks are trying to cover their ass and please regulators so they don’t get fined.

Of course all regulation does is add complexity. You still have the most common way to launder money: know the top-banker and have connections inside the bank. With the right amount of money you can buy all the KYC you need.

Which means all this regulations is either malicious or plain ignorant. I think it’s malicious.


Yes. It starts with sanctions on countries. Banks are only just starting to correlate payments that may actually be the same party if they are different physical institutions/entities, down to the legal entity (LEI).


Of course it is.

It's just that you and I aren't big enough fish for the banks to look the other way, if we do it.

Gotta be a Mexican drug cartel, or a Russian oligarch to succeed in money laundering.


> To be honest, I don't think money laundering is real, or significant.

Heard it all now time for me to get off this site I think.


Irrespective of your intent, you will get flagged if your total transacted volume in any given period is abnormally high compared to average retail banking user. If increase.com were a bank, they have regulatory reporting requirements to flag such anomalies and do more extended KYC. If they can show this was done intentionally to avoid the CTR reporting, then it can be criminally prosecuted.

More likely scenario is increase will partner with some chartered bank and try to expose this api functionality. They will soon realise the constraints they need to be under to not allow crazy things like this.


Structuring involves currency, not bank transfers. I believe the word you are looking for is layering.


The IRS doesn't seem to make a distinction, calling out bank transfers by bank customers explicitly in it's structuring regulations:

https://www.irs.gov/irm/part4/irm_04-026-013


Check the definition at 4.26.13.3.1. The third element of structuring is conducting a transaction in currency, and the last element is for the purpose of evading specific reporting requirements, where each of those reporting requirements involve transactions in currency. This is from the Bank Secrecy Act.

The other type of transaction they mention in 4.16.13.4 also involves cash payments in the course of a trade or business.

Everything else is what someone might do to try to conceal structuring, but if cash isn't involved, it's not structuring, because there's no covered reporting requirement.


The defintion in 4.26.13.3(1)(f) makes it clear that it covers the evading the "Recordkeeping requirements for transmittal of funds at $3,000 and above, additional records to be made by a dealer in foreign exchange at $1,000 and above, and records to be made by casinos and card clubs" as well.


Correct. It is called layering when money launderers buy other liquid investment instruments using the illegally placed funds.


A part of me really wants you to check in with them every year, to see how long they can claim they're "still investigating" for.

This is great insight though re: money laundering. Something I'd have never expected would be the result of an API.


Don't worry... I do...

The guy assigned to my case retired. As did the next guy. And now there is a lady assigned to the case, but she has been out of the office for all of the last 3 years...

Every time I call, I get told they can't discuss cases over the phone, but that they will send me a paper letter as an update... And it isn't a template letter either... But it always just says I need to keep waiting and there is no action I can take to speed the process up...


What would happen if you took them to small claims court?


Not really worth the 2 days off work it would take (1 to learn the necessary law/rules/procedures, and one to actually attend court).... Although if I'm bored in the future I might.


I heard of a case where a person did this and won their claim in small claims court, the defendant (I think it was Verizon?) never showed up.

They got a default judgement, but still couldn't actually collect the amount owed.

So they ended up filing a foreclosure on the actual building - and it worked! The foreclosure went through, and the company almost lost their brick and mortar store.

Took years for the process, but it was nice to see that the courts can and will defend an individual. This all took place in TX IIRC.


If you're talking about this one: https://abcnews.go.com/Business/bank-america-florida-foreclo...

The threat was enough to fix the failed transaction. The manager was able to call someone and issue a check, rather than have their branch auctioned off.


I wonder how many employees/customers at that branch thought some serious FDIC stuff was going down and BoA was going to go into receivership.


You need to send a request in writing.


Or contact the financial ombudsman assuming this is in the uk.


I hate to be "that guy", but this is why I hate banks and like crypto. Both the fact that crypto is obviously trivial to automate, and that banks can unilaterally ban you and steal your money.


Crypto of course being famously free of fraud and theft, with no tendency at all towards coalescing control around a small, centralised set of decision makers.


It's actually all an elaborate conspiracy to prove that banking regs had a purpose after all.


Doesn't crypto have the same problem, with money laundering and other crimes? If you lose money with crypto, there is no one to sue nor government insurance.


> Doesn't crypto have the same problem, with money laundering and other crimes?

I don't see how that's the same problem? They are clearly separate, distinct problems.

There are obviously both advantages and disadvantages to both crypto and banking. As someone who lives in a country that has been through a lot of bullshit, I highly value the fact that the bank can't just take away my money.


Hackers, on the other hand, can. As can exchanges as repeatedly happened in the last few months.

The only difference is that crypto fraud is irreversible, and that the blame will be put on you.


In my understanding most fraud in the fiat world is similarly irreversible, different actors just absorb the costs of the fraud, in the end consumers foot the bill as increased prices.

Fraud is huge industry, the fraud models and attack vectors in the fiat world is different than in the crypto world. In the end wherever there is enough money, there will be fraud as well.


If I have my money stolen I prefer it to be my fault (got phished or whatever) than be something I have no control over.


Crypto has the money laundering problem, but not the problem that you cannot have APIs because of it.


It's pretty easy to not "ban you and steal your money" when you're not required/able to prevent people from laundering money/evading taxes.


I am not sure that banks can "unilaterally ban you and steal your money", they are regulated and work under the laws of the hosting country. If anything banks can add a level of security and safety for example by adding insurance to your funds and having legal liability to handle them correctly.

If you don't trust "the system" as a whole then you are right, I can't argue with mistrust.


I always wondered why my bank completely blocks any kind of scraping with puppeteer or cheerios. This explains a lot :)


I really doubt this is the problem, many banks offer open APIs and still handle fraud successfully. You can always rate limit the number of transactions and not allow the same user to log in/send APIs from two different locations too fast.


Contact the FDIC rather than the bank next time, I've heard of cases where that helped.


If in the US, file a complaint with the FDIC + if it’s nationally chartered, the OCC (or the relevant state banking regulator), banks do not like uncomfortable questions from their regulators.

https://ask.fdic.gov/fdicinformationandsupportcenter/s/?lang...

https://www.helpwithmybank.gov/file-a-complaint/index-file-a...


> made the API by screen scraping their webUI.

Had fun ideas of improving the finance sector with ideas like this, that for any other industry would be at worst : 'TODO's to fix later.

Finance sector taught me a lot about security, but also about standards.

Standards are a real PITA to code for, from HTTP to PCI payment compliance. They're so worth it in the end though.


I am not sure where are you located but the EU is actively pursuing and pushing for enabling banking APIs, the Swedish bank I work for has an open API all well documented even with a test environment.


No good deed does unpunished.


I think this is one of the most unfortunate memes that people for some reason still continue to share.

Think about what it teaches children when they hear it? What kind of a world view does it instill? By saying the phrase you are explicitly communicating the idea that it is (at least is some sense) better to not do good deeds.


I don't think people are out there teaching kids to live their lives by this mantra. It's not intended to be a life philosophy, more of a bleak and darkly humorous observation. Sure, it's not always true, but it sure does feel like it sometimes.

Kind of like "life's a bitch, and then you die", it's not meant to be taken too seriously.


That's the thing - you don't have to intend to teach kids anything, they just pick up on the stuff you say.

I know this isn't a forum where we are endangering children by writing stuff like this, but it strikes me as a bizarre sentiment to express (of all the things one can say in an unfortunate situation - to choose summarize the whole scenario with that sentence).


Search for “woman murdered while helping motorist”.

There are too many evil people to willfully ignore the dangers of helping others. You should always, always be aware of the risks you’re putting yourself in any situation. In life, in work, in family, it doesn’t matter. And yes, that’s worth teaching children.


Sometimes you get something positive out of helping a stranger too... A new friend, a favour in return, or simply experience of doing something new/different.

As long as the positives outweigh the dangers, it's worth doing.


The potential dangers are death in the examples I gave. The first rule of investing is avoid ruin. We only get chance at life, so what happens on average isn’t meaningful. We have to guard against outlier events.

Strangers should be distrusted by default, which is a lesson taught to children. It shocks me that some adults forget something so simple. This applies to teachers, cops, and anyone else you can think of. Trust is earned and should never be offered freely.


Awhile back I would see someone walking down the road sometimes when I drove home from work. One day he was going the same direction as I was so I stopped and offered him a ride. He then told me how he was a bad person but had been reborn. God had told him that there are great things in store for him, and he was supposed to travel the world and marry Beyonce in New Orleans. It was an interesting experience. He turned down the ride.


and there are people out there telling kids that "good vibes" will make the "universe" "reward them".

It's really not that big of a deal. Smart kids will realise they're wading through a sea of bullshit and the rest are already predisposed to whatever bullshit pleases them.


But why would you want the stupid kids get infected with shitty memes? You're the one choosing which memes (mind viruses) to propagate.


Won't somebody think of the children?! ;)


> "No good deed goes unpunished."

    > "I think this is one of the most unfortunate memes that people for some reason still continue to share."
Even more unfortunate is that so many humans go out of their way to prove it true… Growing up in a small town, I was raised on more wholesome "memes" like "deep down, everyone wants to be a good person" and "sharing is caring" and other such silly lies, but having been out in "the real world" now for several decades, I've learned the error of that sort of thinking (at least here in the USA). The vast majority absolutely do not want to be good. They want to use and abuse everyone around them, and push others down into the gutters of life until they're filled with hatred for humanity. They want to beat every shred of goodness and decency out of everyone they meet, and that's just how life on Planet Earth is… It's a side-effect of having built a society around the idea that money is literally more important than anything else (including even life itself). Humans are mostly monsters and don't even realize it. I'm only happy that we're sure to kill ourselves off as a species before we escape this planet and infect the rest of the Universe with our evil greedy self-centered uncaring ways.

> "Think about what it teaches children when they hear it? What kind of a world view does it instill? By saying the phrase you are explicitly communicating the idea that it is (at least is some sense) better to not do good deeds."

I wish I had been taught that most people cannot be trusted, instead of the foolishness I was taught. I'd have had a much easier life than the ongoing "waking nightmare" that I currently live. A more realistic world-view would have protected me from much / most of the abuse and backstabbery I've suffered in this life. And the worst of it for me is knowing that as bad as my life has gone South on me, I've still got it "lucky" compared to those humanity abuses the worst (those in nations where people cannot even protect themselves against the most vile abuses humanity can perpetrate against other humans). I mean, sure, I'm not able to afford the medical care that I need to get back to a semi-"normal" existence, but at least I'm not starving to death or being worked to death in mines somewhere, barely able to live another day.


I still don’t fully understand the logic behind the banks investigating money laundering and.m withholding money. If I am laundering money, report me to authorities and give me my money back, if I need to be fined or have to respond for a crime, I respond to government not a private entity


> You know what makes money laundering super easy... a banking API so you can split the million dollars you want to launder into 1 million 1 dollar payments.

Technically known as smurfing, and (as you learned) quickly leads to account bans.

Governments take AML/KYC pretty seriously. Just ask TornadoCash.


1 million 1 dollar payments to who? arent your recipients also KYC'd so whats the problem?

i mean i am talking from an indian POV where every banking customer is KYC approved from the get-go. you send someone money or receive money, there is a proper trail to their identities.


so, treasury management systems exist for big corps (FIS, FIServe, GTreasury, etc), and some banks do have legit apis for cash flow mgmt (payments transfers etc). i think problem is most dont want the hassle of supporting it for consumers.


> some banks do have legit apis for cash flow mgmt (payments transfers etc)

I'm interested in learning more about this. Do you have an example of a bank with a cash flow management API I could take a look at?


Theres quite a few examples, it's a space where banks are trying to hold ground against fintechs, or they'll be forced to partner with them

One example i can think of right off the top of my head: INTEGRATIONS Integrate Increase APIs Modern Treasury’s powerful REST API is the easiest way to integrate your Increase bank accounts with your application for payments, reconciliation and reporting. https://www.moderntreasury.com/integrations

And

"Improve Cash Flow

Managing cash flow requires looking at receivables and payables, accessing liquidity and making accurate forecasts. Cash management APIs improve every facet of the treasury operations." https://www.chase.ca/en/support/insights/six-ways-payment-ap....


here's jpmorgans own api: https://www.jpmorgan.com/solutions/treasury-payments/insight...

and the developer portal:

https://developer.jpmorgan.com/

Other big corp banks have similars. A lot of these TMS platforms just integrate into these banks APIs and ERP systems (Oracle Cloud, SAP, etc) and glue workflows together.


Thanks! Just learning about this stuff now, really appreciate it.


I think this is very relevant: https://fintechbusinessweekly.substack.com/p/with-blue-ridge...

TL;DR my understanding is that if you host a banking API you are going to get a lot of scrutiny on who your customers are.

And you can expect an increasing level of compliance regulations heading your way to help regulate and prevent the problems described in the parent.


> Anything that you can achieve with PDFs, presence, and persistence in a bank branch you can do with our API.

Not sure how to take this. With a small tweak like "you can eventually do" I would let it pass without criticism.

I work with bank cores, imaging, BSA and related middleware on a daily basis. The scope and complexity of these systems is incomprehensible to most. Many of our clients don't even try to think about how fucked up their business is. They prefer to hire Deloitte and other vendors like us to be stressed about it for them.

To give you an idea of how comprehensive a "full" banking API is, our combined WSDL and XSD references total ~9 megabytes. This is before codegen. The final reference sources as generated into the .NET codebase total nearly 20 megabytes. This is just the types & method signatures. The actual implementations live in an IBM system manufactured some time during the previous millennium.

But, none of that really matters. Whatever API method you call against a specific bank will have behavior that ultimately depends on a million things specific to them _and the region within which they operate_. So, its not enough to simply integrate with this massive API. You also have to understand a multi-dimensional matrix of regulations, end-customer behaviors, technological constraints, active geopolitical affairs, et. al.


Traditional banks have literally decades of legacy to deal with which drags them down. Many neobanks have shown that it's possible to provide a better and cheaper service when you start from scratch. A few examples of features neobanks i use provide that traditional banks don't have - virtual cards on the fly, for free; SEPA Instant for free; Open API; smart dynamic budgeting and expense sharing.


> legacy to deal with which drags them down

A non-zero amount of that legacy is due to regulations and compliance.

Most of what a bank does is totally invisible to the end customer. A "neobank" is almost always just a shiny consumer-oriented facade in front of a grumpy old bank. Someone still has to follow all of those laws.


> A non-zero amount of that legacy is due to regulations and compliance.

Although there's a kernel of truth there, it's far from accurate. Most of the legacy is due to the assumption of regulations and compliance. The truth is that most of the systems are in fact out of compliance, but as long as you don't touch them the likelihood of a serious audit is small. The complexity is more about erecting an impenetrable wall to make the auditor assume it's probably compliant.

It's essentially about overwhelming auditors with details to fatigue them. Not to dissimilar to when lawyers flood each other with documents in tv shows.


I should have specified that I'm talking about EU-based neobanks, which are all real banks as far as I am aware (some are entities of bigger banking groups, some are standalone startups).

US banking being largely obsolete as a whole (checks? paid wire transfers that take days to arrive?) probably explains why there are no real neobanks in the US and they're all just a UI in front of a legacy bank. I doubt it has much to do with regulations, because I really doubt US banks are more heavily regulated than EU banks, who also have country differences to deal with if they operate in multiple countries (Revolut, N26), and they also have to check if the customers are American tax residents and handle that case too (or simply refuse them to become customers as some banks do).


Most of EU-based neobanks are NOT real banks. 90% of them are just a frontend.

Even Revolut that you cite was just a frontend until January 2021 where it became a bank, but just in the UK: https://en.wikipedia.org/wiki/Revolut#History


> In December 2018, Revolut secured a Challenger bank licence from the European Central Bank, facilitated by the Bank of Lithuania, authorising it to accept deposits and offer consumer credits, but not to provide investment services. At the same time, an Electronic Money Institution licence was also issued by the Bank of Lithuania.

What are you talking about? Revolut is a real bank, same as Monzo, N26, Aumax (part of a larger banking group so it hardly counts), Kard. Specifically regarding Revolut, they are a real bank in multiple countries now - UK, Lithuania, US and a bunch of other European countries.


Revolut does not have a bank license in the UK. They've applied, but it has not yet been granted.


Revolut is not a bank in the UK


Revolut has applied for a UK banking license (PRA and FCA authorisations), but they seem to be encountering difficulties and delays in having them granted.

Revolut's links to Russia are, perhaps, not helping with that.


What about Monzo or Starling in the UK? What is the grumpy old bank behind them?


Literally on index page:

This website is operated by Monzo Inc. Monzo reserves the right to restrict or revoke any and all offers at any time. The Monzo mobile banking app facilitates access to banking services through *Sutton Bank*, Member FDIC. The Monzo Mastercard Debit Card is issued by Sutton Bank, pursuant to a license from Mastercard International Incorporated. Monzo accounts are FDIC insured up to $250,000. Mastercard is a registered trademark, and the circles design is a trademark of Mastercard International Incorporated.

That's for the US branch. Monzo in the UK is a real bank.

> Starling Bank

That one is an actual bank. In the UK, it's easier to open a real bank, than in the US. Bank of England has a special division dedicated to guiding "small" companies in becoming a real bank.


Plaid founder's new startup column is building a bank from scratch for developers.

https://column.com/


This is still just a fancy rebranding of an old bank:

https://www.norcalbank.com/

Their FDIC charter was issued in 2006.


I think they actually bought the bank this time around to use the license. I may be wrong though.


I learned (almost) the hard way how important legacy features are.

For me it was buying a house and realizing that you must be able to wire money.

When the stakes were high, Varo failed me (they promised they could do it, but on the day I needed it they refused) and I had to scramble at my traditional bank to make the payment in time to avoid $20k on penalties.

Other than the most important transaction of my life, though, they've been great!


>Other than the most important transaction of my life, though, they've been great!

I don't know Varo but would you imagine continuing using them for other transactions and using the traditional bank for traditional purchases (house, etc.) After all, people don't go through the most important transaction of their life frequently.


Conventional banks provide all of the above (including open banking API) except instant virtual cards here in Scandinavia, so nothing to do with building from scratch. Just a matter of priorities and healthy competition.

The neobanks are all very incremental improvements, and is largely just packaging. E.g., Lunar being app-only obviously has a somewhat more modern app than the average bank.


I happen to work in a bank in Scandinavia, and you're both sort of right. We did at one point provide "open banking APIs" although we only ever approved one partner to use it, and have since shuttered it.

The truth of the matter is that banking is horribly entrenched. Actual business decisions are mostly driven by arbitrary considerations of which laws to follow that day. Although we provide a ton of functionality and business capability, we are still woefully behind on any sort of compliance measure, not because compliance is hard or impossible, but because nobody is actually critically examining the systems.

The problem for the "neobank" is not one of building technology to catch up. It's in cultivating an image where they are seen as systemically critical such that they will be afforded the same leniency in policing that the established sector already has.


Open banking is really something that needs to be mandated by regulators. That's what happened in the UK, and now you have a wide choice of financial apps that can access accounts at any bank that implements the standard UK Open Banking APIs: https://www.openbanking.org.uk


I worked with this in the UK - the regulation needs standards with regards to uptime, functionality, data quality and frequent audits to ensure banks are actually compliant. At the moment, besides the neobanks that somewhat know what they’re doing, everyone else’s Open Banking APIs have significant problems that make them unusable for anything serious.


Uptime and performance seems to be monitored pretty closely since 2020:

https://www.openbanking.org.uk/api-performance/

These figures only include the “top 9” UK banks that are required to implement open banking, not smaller banks like Monzo.

I’d argue that open banking is already being used for lots of serious stuff. Credit checking, for example. And of course pretty much any accounting/financial software supports open banking now days.


Ironically the smaller banks like Monzo are the only ones that actually do a decent job.

By serious stuff I meant stuff that requires perfect accuracy and integrity - credit checking wouldn't care if you're missing one transaction here or there, or if the timestamps are a little off.

But for accountancy, perfect accuracy is required and OB with legacy banks is far from perfect in that regard - the data quality is bad, you get missing/duplicate transactions, timestamps are off (due to TZ issues). Modern banks are the only ones where the data is any good. For accountancy services, this ends up causing significant support overhead to companies where customers complain their numbers are off and the company can't do anything because the bank sends incorrect data, not to mention engineering overhead where you have to try and clean up the data in-house (the problems are different for each bank, so you have to essentially reverse-engineer how each bank mangles the data and implement bank-specific workarounds).

> Uptime and performance seems to be monitored pretty closely since 2020

Uptime, sure. I too can make a 100% uptime API that returns random data.

When it comes to data quality, there didn't seem to be any authority (in terms of real, practical outcomes - not theoretical powers that never end up being used like the GDPR for example) to complain to - which I find to be a fatal mistake in a situation where banks otherwise have zero incentive to provide a functional & usable OB API (in fact, OB is detrimental to their business as it would allow customers to use a third-party's - often better - service over the bank's own one). Even the OB "gateways" like Plaid, TrueLayer, etc have their hands tied when it comes to this - once the issue is confirmed to be with the bank, the lead time on getting any kind of resolution is often months, during which you have a disgruntled customer breathing down your neck and blaming you for the problem.


You're missing part of my point. Here in Denmark it supposedly already is a legal requirement. The point is that the legal obligation means nothing, because the banks are so entangled with the government that no actual policing is done.

Here's the api documentation of 25 Danish banks, including the one I'm a part of: https://apiportal.prod.bec.dk/openbanking/sandbox/product/17...


Open Banking is a great concept. Also Turkey has an own local version of it and improving.

It's in Turkish but translate will help you get the idea: https://ohvps.github.io/v1.0.2/contents/odeme-emri-baslatma-...


Except "neobanks" legally not allowed to call themselves banks because they aren't banks. They are white-label service on top of someone who provides a banking API, and those usually sit on top of someone who provides them with some other API. There are like 3.5 real banks with "public" API that have bank chapter, if not less.

Like this Increase, "build your own bank", but themselves it isn't a bank. It's just an API to their partner banks.


A better, cheaper and much more limited service. For many people and businesses, most of the time this is indeed enough but this legacy is being used and needed.

As others have mentioned legacy banks here in Scandinavia are slowly catching up, the main reason being the slow trickle of custeos to neobanks.


LOL I had to change bank accounts because of a neobank that managed to get clumsy barely working IT taped together systems and pathetic app worse than any "traditional" bank. They achieved in 2 years the same crap it took the incumbent 2 centuries to do.


Bank of America has had virtual cards for a long time now.


Obviously the word "anything that you can achieve ..." in your quote is an exaggeration. It is quite obvious that fintech wants to simplify the banking process to basic daily procedures most of the people need (like money transfer and accounting), and ignore the rest. It won't be the first FinTech doing so and it won't be the last. But it is one where "we want to have a high quality API" is the unique selling point.


Thanks @op! Increase employee here:

We're early days and not quite ready for open sign-ups yet (sorry, known bug). We'll be more public over the coming weeks and months.

We're banking for developers; you can programatically create accounts, cards, and move money.

Our users are primarily financial technology companies.

We're a small team from Stripe, Robinhood, and Visa building the bank we always wanted. If this sounds interesting to you we're hiring: jobs@increase.com

If I can be helpful, I'm at darragh@increase.com.


heya! i'm casually interested in the space, and also have been tracking Column (https://column.com/)

to a distant observer, you look similar, but i'm sure there are real differences between you, so I'd love something like a "top 3 things to note" about Increase vs Column, in a least-getting-you-in-trouble way as possible - its hard to compare because i dont know what I don't know.


Yes! We're obviously not the first to see the need!

I think there are many engineers who are frustrated knowing the data and capabilities that exist in banking that aren't exposed programmatically.

There are at least four (and I'm undoubtedly missing many!) interesting companies aiming to combine technology and a bank charter:

- Luna[0].

- M1 Finance[1].

- Column[2].

- Increase[3].

Building a bank involves reading, understanding, and respecting regulation. It invovles integrating with large financial networks. It involves rallying a team for a years-long adventure. Each of these is early days and it'll be a few years before any of us understands how this super large and important problem will be solved.

0. https://www.americanbanker.com/news/former-square-exec-leads...

1. https://m1.com/blog/bank-and-board

2. https://column.com/

3. https://increase.com/


If Increase has a bank charter why does the site say "Bank accounts and banking services are provided by Increase’s partner banks"?


For one, Column is a bank.


This is super important – if you are a chartered/regulated bank that's functioning currently then whatever you claim has merit. Otherwise it is just another software project that's going to struggle to get adoption because they won't have thought through all the regulatory and compliance issues.


And can easily violate myriads of laws that can quickly land you long prison sentences.


Teller (https://teller.io/) is another one I noticed a few years ago. Seems very similar.


No, Teller is more of a competitor to Plaid (https://plaid.com/). Plaid offers an API to perform a variety of actions with existing banks, and charges through the wazoo for it as a middleware.

Column is an actual bank, and offers exhaustive developer-first APIs. I suspect you can do a lot of things with them you cannot do with Plaid, and at highly reduced cost comparatively. Increase doesn't seem to be a bank but is a much lower-level API than Plaid and allows things like opening accounts, FWICT.

BTW, bunq (https://www.bunq.com/) is a cool nl-based bank which offers an incredibly in-depth API. But I would not call it dev-centric, the DX is awful.


Sorry, yes, I was trying to say Teller is similar to Increase, not Column.


> Our users are primarily financial technology companies.

As a developer, I'd love to have some more information about the typical problems that inspired Increase's value proposition. If I was meeting with a financial tech CEO tomorrow, should I assume that they probably have these problems or need this service? Are there resources that I could peruse to learn more about these common problems?


Our users are financial technology companies. They build things like payroll, loan servicing, business payments, consumer payments, investment platforms, and neo-banks.

When we built Stripe, one of the largest points of friction was getting a banking partner. It took months and only after signing were we even able to start assessing the technology. There are so many potential companies that simply don't make it past the partnership step. We want to fix that.

The US needs a bank (holding a bank charter) that's also a technology company. Increase certainly isn't there yet (patches welcome: jobs@increase.com) but we already have integrations with the Federal Reserve, Visa, and The Clearing House. Our API already serves businesses you know and love.


Do you really have an integration with the Federal Reserve and the Clearing House or do you have an integration to a bank that has it? Last time I checked at least one of them required participants to be a chartered financial institution.


> The US needs a bank (holding a bank charter) that's also a technology company.

Do you have plans on becoming a bank and getting a bank charter then? I've worked with several payment processors and BaaS providers that are most definitely not on that path. (CTO at neo bank).


Could a solo dev, using your platform, basically roll their own Sofi competitor? Minus the investing bits?

Or something like credit karma has?

Do you need a large amount of money upfront?


Do you have a jobs page? Or a description what you're looking for and what tech you're using?


Small world - been a while, darragh. I’ll drop you a note and let’s catch up?


Did you guys acquire the domain or did the founders always have it ?


(Increase employee)

We took the approach of starting with an intentionally bad name (in our case, bnk.dev) and using it until a good domain became available to purchase for a reasonable price.

Related: http://www.paulgraham.com/name.html


Interesting article, thanks for sharing!


do you have anyone on your enterprise BD/sales team? or is it too early for that type of role?


Do you consider non-US remote?


Certainly!


So non-US actors will have access to what banking data and source code?


What’s the problem with that? If non-US actors wanted to wreak havoc in the country there are much lower hanging fruits (that would also provide better “returns” on investment) than infiltrating a banking startup.


But few as thoroughly regulated. Wait until the regulators fall off of influence from those capitalizing on the outsourcing take. See PPP as an example of the system turning to new ventures to actually get anything done and the zenith of offshoring in general.


Do you really think your US banks have no overseas operations / outsourcing centers?


These will be increasingly attacked politically as the extent of identity and fraud on cloud become more common knowledge.


It sounds cool, but I don't fully understand: is this a fully-fledged US bank (with a banking license, FDIC insurance, audited,...) that allows you to do all banking transactions through an API, or is this a framework that you can use if you are already a bank to expose all your transactions through an API, or something else?


I think they provide a backend so you can issue your own cards, with bank accounts routable through normal banking systems. Payoneer famously rely on third party "back-end" banks for their services, as they issue cards, offer routable bank accounts, cash withdrawal, etc.

This is an extremely niche use case of course, but it's not the first time they popped up on HN at least.

In mobile ISPs, MVNOs are quite common, and there is a large amount of customer base because they simplify KYC, sales, and customer on-boarding. Technically, this API should provide the platform to build a similar "Virtual bank". I do not think anybody without a significant technical and financial resources will be able to pull it off.

Another use case I can think of are market places like ebay, Amazon, Aliexpress, etc. Each seller receive a bank account that they get their payments deposited to, and can be withdrawn from their branded card. I do not see this being a commercially viable option for many, because pretty much every country has free or almost free systems in place to simply transfer money, and not take the unnecessary burden of issue cards, maintaining bank accounts, etc. Payoneer used to run a similar program, with branded cards, custom fee structures, etc, but it eventually failed as far as I know.


    curl -X "POST" \
      --url https://api.increase.com/check_transfers \
      -H "Authorization: Bearer ${INCREASE_API_KEY}" \
      -H "Content-Type: application/json" \
      -d $'{
        "account_id": "account0",
        "address_line1": "33 Liberty Street",
        "address_city": "New York",
        "address_state": "NY",
        "address_zip": "10045",
        "amount": 1000,
        "message": "Check payment",
        "recipient_name": "Ian Crease"
      }'
Well it would certainly be nice if I can send a rent check from my command line!


> Well it would certainly be nice if I can send a rent check from my command line!

...until you accidentally do it again when trying to re-invoke some other command from your command history.


It would also be nice to pay only 1k in rent at 33 Liberty St. :)


you do not have an address line 2

you do not have an address line 3

the amount data type is not clear (is that an integer representing pennies, is it a floating point? shouldnt be using floating point for banking)

recipient name is not broken up into first name, middle name, last name. are you users going to be putting "last, first" as well as "first last"?

if you sent that from the command line, then your banking information would be in your bash history, saved on disk

etc etc etc etc


They have good docs, and return good error messages.

Bash history can be cleared about as easily as other places people routinely put similar information.


They are not a full-fledged bank, they partner with banks to provide the FDIC insurance, etc.

There are a number of competitors in this "Banking as a Service" API space like Treasury Prime and Galileo.


There's always a real bank backing this, and they are going to throw up requirements. Seems Increase is calling them "partner banks" (Blue Ridge, First Internet). If you're using this API, presumably you would have to get KYB'd, give insight into your books, and commit to certain minimum volumes. This is not Stripe. But maybe I'm wrong (very possible).


Their lead UI guy was previously the UI lead at Stripe. I think of him as someone who appreciates and understands the importance of well-thought-out UI so I'm looking forward to how Increase pans out for that reason in particular.


That's Benjamin De Cock. For the folks interested he documents a lot of his process on Twitter.

https://twitter.com/bdc/status/1546866502225346560



There appear to be some ex-Stripe people, some from Visa and some from other fintech places.


Now it makes sense how their landing page is so impressive, and also reminds me of Stripe design.


Thank you, means a lot :)


Oh hey, I'm a big fan!

I think while others have commented on how beautiful your creations are, I rather admire you for the care and detail you put on UI. Beautiful things are not always easy to use, and things that are well-laid-out and easy-to-use are not always beautiful. You have somehow arrived at the magical place where you've got them both down.


Thank you, I'm glad you like it! I try to find a good balance between form and function, and create a consistent environment for the customer. The homepage is definitely more "artistic" than the dashboard, for instance, but hopefully they clearly belong to the same brand and give you a similar look and feel.

(For the anecdote and because you mentioned it, it always annoyed me that we had a pretty different visual language at Stripe between the site and the dashboard. I designed Stripe's homepage but not its dashboard, whereas I did both at the same time for Increase. Consistency is really hard to achieve between multiple products as the optimal visual treatment is different for a site and an information-dense UI.)


From reading the comments there are two groups of people. People who don't know what a banking API is and why you'd need one. And people who do but don't understand how Increase is different from existing Banking API / Banking As A Service solutions. I'm in the latter.


I think by the amount of "what is this" questions in this thread it's pretty clear the messaging is confusing to say the least. I'm going to pile on because even with the explanations in this thread I don't really understand what this is. Is this for B2C or B2B? Is this something I, the average consumer who happens to be a developer, could use to build my own personal finance tools?


It's a B2B2C product (sold to businesses that are building consumer fintech products). There are a bunch of neobank fintech startups whose offering is "Banking for X", where X is some segment of the population with specific needs that are not well served by traditional banks. (Here for example is X = "Spanish speakers in the US".) [0]

To build a startup like that, you need to build a product layer on top of a banking API, which lets you avoid having to write code that hooks into payment rails, interfaces with credit card manufacturers, stores credit card numbers, etc. Now you can focus on the differentiating aspects of your user base instead of building common banking infra.

There are a bunch of companies that offer banking APIs as a service already. The most popular of these is Galileo, a 20 year old company that was recently acquired by SoFi [1]. The developer experience of Galileo is absolute trash. I haven't used any other companies first hand but I've heard they're not much better. So presumably Increase is trying to provide an actually good developer experience for devs building banking products.

[0] https://www.ycombinator.com/companies/seis [1] https://www.sofi.com/press/sofi-to-acquire-galileo


Would love to chat with you about your experience with Galileo. About two years back we decided to NOT go with Galileo and went with another provider. Absolute trash too and now we're going to go looking around again - which at our current scale is not going to be pleasant. Would be great to trade notes (email in my profile).


Funnily enough the company I worked at also switched to Galileo from another provider that was even worse.

Shooting you an email now.


ok so followup question - lets say i buy this message and want to start "Banking for Medical Students" (well known gap, they have terrible credit history but are about to be good credits).

The precise segment doesnt matter, my question is - how much of the banking capital requirements do i need to put up? because a bank isn't just about payment rails and credit cards, its also about having literal cash in the bank right?


These startups are not actually banks—they will partner with banks that fulfill those capital requirements. For example, the Robinhood debit card is issued by Sutton Bank [0], a 100 year old bank in Ohio that very successfully provided the backing bank to a bunch of hot new fintech products.

So you would have to go through Sutton bank or another bank, but I think there are enough of these companies now that there's a fairly tried and true path. If you're seriously investigating this I can connect you to people who know more about it than I do.

[0] https://robinhood.com/us/en/support/articles/robinhood-debit... and ctrl+f "Sutton"


Increase will have to partner with banks to provide the service, so you won't have to be an actual capitalized bank yourself, and you won't have to go find one. You can see in the fine print at the bottom of their page:

"Bank accounts and banking services are provided by Increase’s partner banks, members FDIC."

The only way they can provide all this functionality is to do all the hard work of integrating with whatever legacy junk the partner bank is running (along with all the Visa stuff, Stripe stuff, and whatever else they are using here). You could actually do this yourself, and some fintechs are attempting that, but it's very hard and expensive due to the PCI-DSS requirements, among other things.

I'll be curious to see if they will require their customers to have PCI-DSS or if they'll be able to tokenize everything in a way that doesn't require it. When I worked at Visa the big issue was that handling card data, even after tokenization, required PCI-DSS, which of course makes no sense, but the immune systems around the payments industry takes a long time to change.


None, you won't be a bank. You'll need to work with another bank (directly) or via some BaaS that has a pre-existing relationship with a bank.

Depending on who "manages the program" you'll probably still have significant work to do our your side related to KYC and Compliance. You can offload this to the BaaS if they have a pre-existing relationship with a sponsoring bank but then you have very limited latitude to change how your perform KYC etc.

For context, when we started, straight out of YC we worked with a company called Synapse (synapsefi.com) who had a pre-existing relationship with Evolve (sponsor bank) and managed our entire program. They were responsible for KYC, fraud, compliance etc. We basically built an app on top of their APIs.

As we grew we needed more control and a direct relationship with a bank (this also improves the unit economics). We now manage the entire program and the payment rails part and banking APIs are maybe only 5% of the work involved (even within engineering a huge portion of our time is on fraud/compliance/kyc etc).


> how much of the banking capital requirements do i need to put up? because a bank isn't just about payment rails and credit cards, its also about having literal cash in the bank right?

If you want to start an actual bank, you need a charter from the FDIC. This is commonly referred to as a De Novo bank. Also known as "virtually impossible".


What I imagine is that there is either some kind of delegation of lending here, or that you get the backing/start a bank on your own and utilize this service to do the needful around account servicing more easily


or is it like a Plaid in the sense that you could build a Robinhood ontop of Plaid... or are you meant to be starting like an "MVNO Bank"... so many questions

honestly i dont think its their fault, this is such an alien space to most of us that we just need more handholding than normal


Is there any service like this for individuals? Specifically, I want to be able to open and close checking accounts at will with different card numbers, with different spending limits. The purpose would be to serve as an envelope system and budgeting tool.


If you're an enterprising individuals you can "kinda" do this but it's not easy and definitely 100% a headache.

Neobanks sometimes use this notion of a virtual bank account. My understanding is that it's a single FDIC insured account that they subdivide using their own ledger.

For cards, you can use Stripe Treasury or Lithic to issue your own virtual cards and their dev limits are pretty friendly. I think privacy.com does this as a consumer experience really well. Note you said `checking accounts at will with different card numbers`. Depository accounts are a totally different notion and resource than cards.

However should you do this? I can't think of a reason why you'd want to for your own purposes. The reason fintech is so annoying is not because banks/tech players don't want you to have nice things, is that there is a ridiculous amount of regulatory overhead.


> I can't think of a reason why you'd want to for your own purposes.

It's quite simple. For argument's sake let's say I am an individual with limited willpower. Say I budget $200 per month on restaurants, and I need to stick to this to meet some other financial goal. How, as someone with limited willpower, do I enforce this?

Option 1 is to keep track of and categorize all bank transactions, either manually or via a third party budgeting app, and check my "restaurant" balance each time before I order food. This is unlikely to happen because I am lazy and assume I have the money.

Option 2 is to keep a physical envelope of cash that I put $200 in. When the money runs out, I don't have any to buy restaurant food. This works, but is very inconvenient. How can I use Doordash, Venmo a friend, etc with this?

Option 3 is to have a debit card that only has restaurant money on it. Now the card simply doesn't work anymore when I'm out of money. It's effectively the same as the envelope, but now I can use it online as well.


Try privacy.com. Seems to be built for exactly this use case (disclosure: have not used it).

(On a related note, to GP comment, Lithic was actually spun out of Privacy.com)


If you have at least 2 credit cards from the same bank (eg one card with $20k limit and 5% cashback on restaurants and another card with $10k limit and 2% cashback on all purchases), you can call the bank and tell them to move $19,800 of the credit limit from one card to the other. That way you can't spend over $200 without using the wrong card.

Virtual debit cards are another ubiquitous solution, but they cost a lot more despite being free. Your option 3 subsidizes smarter consumers when you pay full price (which has interchange fees built-in) on everything without getting any fees returned to you in the form of cashback.

(One issue with my solution is that a lot of banks let you spend 2x your credit limit on visa signature and similar tier cards. In that case you'll have to reduce the limit to $100)


What you're describing sounds like what most people refer to as virtual cards. Three of my banks provide that for free, even though only two allow setting up a per-card limit.


I’m currently building this at envelopemoney.com


I led a team building a similar thing for one of the existing big three bank technology companies. Hope you've got backpressure and all the compliance work locked-in. Outages and some serious audits are in your future integrating with those more legacy bank cores.

Wish your team all the best! This sort of innovation / competition is needed in that space.


It's notable that Monzo (UK fintech bank, but now in many countries) has a fairly complete but not really advertised API. Their mobile app uses the same API.

If you need to know which emoji is most representative of the shop where you used your card 7 seconds ago, you can get sent that (and a lot of other data) in a webhook...


Not sure about Monzo specifically, but all the major UK banks are required by the UK regulators to provide standard open banking APIs: https://www.openbanking.org.uk

In practice this means that any UK financial app that supports open banking should be able to connect to an account at any UK bank that implements open banking.


Open banking is really just an automated way to view your statement.

It doesn't allow sending money to someone, creating a new bank account, closing an account, changing your email or postal address, setting up a pension or credit card, or any of the other actions you might want to do at your bank.


Transaction data via API is much more than just viewing a statement. Being able to access this in a standardised way is a huge win for all sorts of financial and accounting apps, as well as certain specialised industries (credit checking, rental agents, etc)

And open banking does support "sending money to someone" (variable recurring payments), subject of course to some security constraints. You wouldn't want to just let every random app that you let access your bank account initiate any transaction it wanted without an additional authorisation step, would you?

Everything else you mention is a pretty infrequent and specialised transaction and the benefit to having an API would be minimal. (OK, I could see value in an app that automatically updated your address etc with every company you have a relationship with, but that would require a common API across many industries, not just banking)


> It doesn't allow sending money to someone

Interesting. I use an app called JamDoughnut [1] and I can top up through Google Pay or from my bank. I tried the other day to do it from my bank and it then opened a modal asking me which bank I'm with. I selected Starling and then my Starling app opened asking if it would be OK to share information with Jam Doughnut and send a payment to them.

As this was allowing me to use any bank (not just Starling), I assumed that it must be using Open Banking. Is there some other API out there that would allow them to take payment from any bank? I guess its possible that if I selected a different bank then it would just come up with a message like 'coming soon...'. But it seems surprising that they'd implement for Starling which is one of the smaller banks and not the others.

1. https://jamdoughnut.com/


Revolut also [1]

[1]. https://developer.revolut.com/


from TOS [0]:

Increase is not a chartered depository institution. We work with our partner banks to provide depository and payment services. When you open an Increase account, you agree to the Increase Terms of Service below. When you use the Increase service to set up a deposit account, the account is with First Internet Bank or Blue Ridge Bank and is subject to your agreement with the Bank Terms below. Finally, Increase's use of your personal information is described in the Privacy Policy below.

[0] https://increase.com/terms


Seems like bbaas, banking backend as a service, solves a significant need in the world, considering existing alternatives. For example in Europe there’s Mambu that seems to do something similar.

Not sure what the exact customer pain is here, could be that banks were the first to adopt IT and now have a large legacy where there is little value in rebuilding it with modern stacks, as it offers little competitive differentiation.

Or maybe there’s a need to quickly bring new banking products to market, and the backend stuff is so standardized that it’s best to buy it off the shelve.


There are lots of companies that are providing these BaaS in the US. Stripe, Modern Treasury, Treasury Prime, Lithic, SynapseFi, Gallileo, I2C come to mind. Probably another 20 more.

Then there's of course many CBS providers including the more modern ones like Mambu.


I'm in the banking API space. Yes, the current technology is decrepit and garbage. It's not the bottleneck though. Risk management and underwriting is. If you want to build a SaaS in this space, the hard part is figuring out how to vet customers cheaply and quickly. Every customer you sign up is a potential OFAC (Office of Foreign Access Control), BSA (Banking Secrecy Act), or AML (Anti-Money Laundering) violation.


> Accounts are eligible to receive interest on balances. The interest rate is the Federal Funds Target Rate less 50 basis points with a floor of 0%.

Target rate right now is 2.25-2.50%, so i'm guessing that you are subtracting 50 BP from the lower end, so that's 1.75%. That's actually pretty good for a bank right now (not the highest, but certainly on the higher end.

One thing that's unclear... is this a checking account, savings, etc.?


German banking is in such a bad place right now, because of, mildly put, overregulation by the EU. In reality it's them trying to create arbitrary markets. You can no longer use the old API that worked well, where you login once and can do whatever. Every single action now has to be authorized with an OTP ( tan ). If you're building a shop and would like to automate payments, incoming or outgoing, you can't do that anymore without a) exposing your account data to 3rd parties and b) for free.

This is one of the reasons why I say that the EU is corrupt.

Ok so I tried to play their game, and asked the BAFIN what I had to do in order to become such an entity. I wrote 5 mails back and forth over the course of 3 months, not a single response had clear, concrete instructions on who to wrote to and what to send them.

I had to read some hard to find article about PSD2 to know that I have to pay the Bundesdruckerei for a certificate, x509, every year, in order to be able to query the XS2A api.

It's dirty, exclusive and corrupt and no one is doing anything about it.


Its not the EU. Banks just do not want do deal with individuals using their API. That is not their business. Support is too expensive.


> “Our API faithfully exposes the data and capabilities of the Federal Reserve, Visa, The Clearing House, depository networks, and accounting tools. It’s lovingly boring and exceptionally powerful.”

Two questions:

1. How is this different than Open Banking?

2. Why is Visa referenced / why isn’t Mastercard included? (Is it because Mastercard owns Finicity, and Open Banking service)


Looks cool, but having trouble wrapping my head around a potential use case for this.


I have a real-life scenario that applies to my business: we employee 50+ freelancers ee pay every month. I dread when it comes time to pay them, because I have to log into multiple bank account and manually send each transfer using clunky web UIs. I am just copy-pasting all this data from a spreadsheet where it's already been verified. If I could automate payments to a sizeable portion of the freelancers, it would save me a lot of time and reduce potential for mistakes during data entry


Is a payroll company not an option? I'm not from the US but presumably there are companies that can do this for you at a relatively low cost per employee?


These are not employees, they're freelancers from all around the world.


Even so, surely must be an equivalent of a payroll company that can make all these payments for you? We use Deel and upwork for our freelancers


I think the difference is that the freelancers in our business can be paid very different amounts in a month, from ~$10-5000 in range. Deel is probably fine for you with what you're paying freelancers with its price, but imagine we have a freelancer only do, let's say, $30 worth of work in a month. Deel's cheapest plan is $49/mo. That is more than we're paying the FL! If you're paying the FL e.g. $3000/mo it's worth your money, but for us this would be a 163% fee. And with 50+ freelancers, that's at least ~$2.5k per month. At that price I might as well hire someone to click the buttons for me.


Have you looked at Upwork? We pay some of our offshore Customer Service people through Upwork. I'm not directly involved in that but presumably the economics work as their hourly rates are between $5-$15 per hour.


I think I wasn't clear enough in my initial post, but we personally reach out to and recruit and manage the freelancers ourselves, not through a jobs platform. Our business needs very specialized people you can't really find on Upwork


I've never used them but Wise might work if the freelancers are all over the world: https://wise.com/gb/business/api


Have you seen https://www.deel.com? Might be a solution for this problem.


$49/contract per month is just way way too much, sorry. Some freelancers don't even get paid that much in a month with the work they are doing. And with the churn we have as well, at a per contract rate we'd be pouring insane amounts of money into this solution. And they also aren't open about what payout payment methods they offer, that is not a good start.


That, Payoneer (which has a sufficiently extensive API), and I think Stripe can also handle payouts: https://stripe.com/connect/marketplaces

(possibly I'm misreading Stripe marketplaces' offerings, please correct me if I am)


Payoneer is one of the options we use to pay freelancers, in fact many of them quite like it, but for the freelancers' sake, I prefer 100% free methods like Zelle or ACH where possible because you have to pay a fee to take money out of payoneer you receive. At least it's better than paypal


Zelle takes a considerable percentage cut for non-personal transactions.

Do you make use of Payoneer API for payouts? How do you find it?


I use Zelle through the BoA small business account's web interface, there is no charge. I tried getting Zelle API access through US Bank but they never replied so I'm stuck with BoA web.

Payoneer is really cagey about how you unlock better features, our account got upgraded to VIP though because we pay a lot through it. We still use their interface, maybe I'll figure out how to get their API someday


Is TransferWise an option?


I'm considering it for foreign payments, but what I'm looking for is really a good API for ACH, Wire etc. because different freelancers want to use different payment methods. Honestly if Mercury (which we have an account with) would just let us do International Wires through their API it would already make life easier, but for whatever reason they only condone ACH transfers through their API (even though the web UI uses an API for wires...). Even then though, I still have to deal with other freelancers who want to use another payment method. That's why I'm looking for the most complete service out there in terms of financial system integration. The OP's service looks appealing to me because it says "ACH transfers", "Wire transfers", and "Real-Time Payments". That covers quite a portion of what freelancers want, unlike e.g. Wise, which is a single method. I'll keep doing my research for now.


All fair points! My apologies I could not be more helpful.


I think it's possible to automate it with a browser extension or something like Selenium


ah ok. so this is a workaround of the traditional banks having crappy UI/APIs? what about using Stripe/Braintree/Paypal/etc (i know those are not exact matches, but just enquiring about the general problem space)


This is completely different. Stripe/Braintree are ways to charge customers on their credit/debit card on your website, completely unwieldy for paying freelancers. You'd have to have freelancers set up Stripe merchant accounts and receive card payments, that would be very weird and broken use case, especially considering Stripe's fees. I can send a freelancer an ACH transfer for $0, why would I want to pay 3+%?

As for PayPal, some freelancer (especially outside US) do get paid using it, but paypal's fees are outrageous and we try to get anyone we can on an alternative like zelle, ach etc.


> Stripe/Braintree are ways to charge customers on their credit/debit card on your website

Stripe has a banking as a service segment now -

https://stripe.com/treasury


That looks reasonable, having worked with Stripe's APIs before I know that part would at least be nice. But I am worried about pricing with the "contact sales". If they charged per transfer initiated that would be a dealbreaker.


Check out mallo.io or feel free to email me ronak [at] mallo.io


Hit me up, colton@routefusion.com, happy to chat around this :)


How do you plan to compete against https://column.com/?


Agree. Seems crazy at this point, especially without an about us page. Going this route vs Column would seem like career suicide, at first glance.


Doesn't look like they provide an API for any sort of brokerage services. I have written a lot of sqlite to track my progress with buying/selling stock options but the biggest pain point for me is transcribing my transactions into my sqlite database. If they expand their API to brokerage services then this could be a killer feature for me.


Does anyone else have the feeling that Plaid is some house of cards that is all going to come crashing down sooner or later?


Does this change KYC requirements or similar regulatory constraints that exist for implementing ACH transactions directly?


The underlying banks are Blue Ridge Bank and First Internet Bank terms. Blue ridge is popular for powering BAAS companies like Unit. Not sure of First Internet Bank, but both of these are legit, and the fact that they got two banks to start with is a great accomplishment.


Is there any information on the website about the company providing the service, and/or its founder(s)? I found the official name "Increase, Inc" in the privacy policy page, but nothing more.

Aren't these fundamentals to build trust, especially for a B2B banking product?


is this like Column?


https://column.com/

For those that don’t know what Column is.


It appears to be virtually the same service as Column, but they lack their own bank.


Looks more like a Bond, Unit, Synapse.


All you need already is at Solid Financial at https://www.solidfi.com/docs/introduction (Developer Center). Recently raised $63M Series B.


Is this like Vodeno in europe? When looking at job listings, I realized that Aion Bank appears to be just a marketing wrapper around Vodeno, which handles all the administration, technical stuff and even banking license and customer support.


Really curious who does the design for Increase! Do you guys have a founding designer?


Benjamin de Cock. Formerly Stripe's homepage designer.



Seems to be similar to Modern Treasury [1]. Are the use-cases similar between Increase and [1]?

[1]: https://www.moderntreasury.com/


Modern Treasury don't offer any card rails.


How is this different than

Column

Stripe Treasury

Treasury Prime

Unit

Cross River Bank

Any BaaS I'm missing?

???


Synapse FI (https://synapsefi.com) -- They have been around for awhile.


They use MongoDB for their ledger. Was not fun for us.


but isn't MongoDB webscale?


Webscale != bank-tegrity, bank-regulation scale, maytee.


My alma mater Moov Financial [0]. They also have a bunch of neat OSS libraries on GitHub [1].

[0] https://moov.io

[1] https://github.com/moov-io


Two questions:

1) What does this provide over other BaaS vendors, for example Treasury Prime, Unit, Synapse, Lithic, etc?

2) Why are the ACH fees so horrifically high? Even a fifth of that is really on the high end.



I wonder if these banking startups are part of the fallout of the leadership exodus at Stripe that has been happening recently?


How is this different from Stripe Treasury?


Who are the target customers of Stripe Treasury? Existing banks who are fully ultra integrated with legacy mainframe offerings?

Who is looking into open a new bank/credit union and like... how much money is needed? How do you compete with Ally or any other "online" bank? How do you build trust and get people to give you their money, and for what benefit to them?


I don't see how this addresses the problem of building trust, though.


see also: http://unit.co

you can programatically create accounts & cards and test with real money - in minutes!

https://www.unit.co/how-to-build


How is this different to Stripe's Banking-as-a-Service product?


How can Canadian developers use this to gain access to US markets?


If you want international banking APIs just use routefusion.com


fwiw, bnk.dev was a dope name, I think it has more virility :). Congrats on the launch.


Only in USA ? Or what


How is this different


Stripe for neobanks


Stripe are already in the game themselves with Stripe Issuing and Treasury


I'm a bit confused about why one would want to do this! If you become your own bank, what are the pieces you have to do yourself? (I imagine things like fraud?)


You're not actually becoming a bank. They are just providing an API so you can act like a bank. Your money is still going to be held by an actual bank. The banking services are still being provided by an actual bank.


Yeah, accounts are with First Internet Bank or Blue Ridge Bank:

https://increase.com/terms


Submitted title was "Increase: Become your own bank". Since that seems to be a bit confusing and I don't see that text on the page, I've reverted the title to what the page says.


Yeah it's one of those things where it's not technically correct, but it's probably correct from the user's point of view. Customers of Increase will look a lot like a bank to an end user, but they'll be 2 layers removed from the actual bank, and everything they do will mention the actual bank's name on it for FDIC/regulatory purposes.


FWIW, you won't be allowed to advertise yourself as a bank either.


It seems like a great tool for financial fraud, phising schemes, laundering. What non-nefarious uses would it have?


It's white-label banking, allows non-bank businesses to have a bank account product with their name on it, confusing everybody in the process. It's naff but not nefarious.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: