Just six months after pressure from regulators made Visa call off its deal to buy California-based fintech Plaid, the credit card issuer’s Tink acquisition will help Visa enter the growing open banking market. A press release from Tink reads, “the combination of Visa’s proven infrastructure and sustained investment in resilience, cybersecurity and fraud prevention with Tink’s APIs…is expected to help accelerate the adoption of open banking.”

The move is part of a global trend toward API-based open banking, a secure and convenient framework for consumers who wish to share their banking information between firms—including fintechs.

Visa bought the Swedish fintech for relatively cheap at €1.8 billion—$2.1 billion at today’s exchange rate—when compared to its previous valuation of Plaid at $5.3 billion. Visa will retain the Tink brand—which was founded in 2012 and connects over 3,400 banks and institutions—as well as its headquarters in Stockholm and its management team.

Screen scraping and application programming interfaces (APIs)

Early forms of open banking leaned on a process called screen scraping. Users would provide login credentials to an aggregator which would then access authenticated site consumer data via robo-login. The risk here came in that firms would have access to all of a consumer’s data for any given account, not just the data necessary for open banking. And banks, not a unanimous bunch, have yet to come to a consensus regarding the issue of protecting consumer data.

Data aggregation and open banking on the other hand accommodate modern money management. Banks and fintechs—Venmo included—use open banking solutions for instant money movement, circumventing the traditional multi-day trial deposit process.

Either way, consumer-provided login credentials allow fintechs access to consumer bank information.

Today, fintechs collect delicate account information to accommodate data aggregation in two ways: with screen scraping, which often happens through unofficial means, and through formal arrangements with firms that allow APIs to pass through their systems upon regulated terms. Either way, consumer-provided login credentials allow fintechs access to consumer bank information: recent transactions, routing and account numbers, user profile information, and other priceless consumer data.

APIs are a way for a client—a web browser or an outside server, for example—to request and receive data from the original server. The process usually involves a secret string—much like a key—supplied by the API provider .

For example, Chase builds an API for accessing user data, then Plaid registers with Chase to access that API and gets a secret key. Chase requires that every time Plaid makes a request to the API, it includes that secret key to ensure that it is actually Plaid making the request.

APIs and the U.S. market

United States regulators and the U.S. market have been slow on the uptake of API banking. Firms take varying approaches to money movement and data aggregation. Some create their own APIs or partner with third-party data aggregators, while some still lean heavily on clearing houses and screen scraping.

Regulatory pressure may soon force these firms to act. In July, the White House expressed interest in streamlined consumer data sharing as part of a broader initiative to increase competition. The announcement encouraged the CFPB to step in to make it “easier and cheaper” for consumers to take their banking business to other firms by allowing consumers to download their own banking information.

This announcement comes six years after countries in the EU and the UK were first required by PSD2 to offer open banking platforms. Despite this head start, there is no single standard—in the EU, the UK or the U.S.

Plaid and its impact on the U.S. open banking market

Plaid’s growth in the past few years is magnificent. The fintech exploded in size when it discovered a hole in the market: the need for secure, unified banking. One article describes Plaid as “an interloper…providing the electronic plumbing that connects financial upstarts to consumer bank accounts.”

For financial institutions, the message is clear: work with us, buy us, or we will work around you.

Despite widespread criticism, many U.S.-based firms are still screen scraping, though some have become legitimized. Plaid, one of the largest APIs on the market, professionalized screen scraping. Clients include Venmo, Acorns, Robinhood, JPMorgan Chase and Capital One, among other banking giants.

For financial institutions, the message is clear: work with us, buy us, or we will work around you. And banks responded:

  • In 2018, JPMorgan signed an agreement with Plaid, moving from screen scraping to an API. The switch required legal agreements and limited the number of times third parties can use the API key code. Many startups outsource to third-party data aggregators like Plaid—a separation of concerns—but now banks and networks are in the loop.
  • In February 2020, JPMC announced plans to block screen scraping altogether. While Plaid maintains the ability to screen scrape, partnerships with banks allow for a more secure customer experience. The firm maintains a partnership with several third-party data aggregators, thus allowing specific partners through its servers to avoid endangering information.
  • In September 2020, Wells Fargo signed a data exchange agreement to join the ranks of firms partnering with Plaid.
  • U.S. Bank then signed agreements with seven leading data aggregator and fintech companies—Plaid not among them—to design its own API.
  • In December 2020, PNC acknowledged its rejection of Plaid following months of complications for customers seeking to connect their bank accounts—and restore prior connections—to Venmo, Plaid’s biggest customer. The firm, which recently updated its security systems, now prohibits Plaid from accessing customers’ account and routing numbers, even if those customers had already granted Venmo access to their accounts.

Amid the tussle, Visa—the largest U.S. card network and issuer of credit, debit and prepaid cards—boldly set the tone, announcing plans to purchase Plaid for $5.3 billion in January 2020. In January 2021, Visa called off its proposed acquisition of Plaid, citing increasing regulatory hurdles from the Justice Department. The DOJ—which sued to block the deal in November 2020—argued that the merger would violate antitrust laws and inhibit innovation.

How the Tink acquisition will help Visa enter the growing open banking market

After the Plaid deal fell through, Visa unsurprisingly went forward in acquiring a similar firm—particularly one from Europe where open banking mandates are more robust. As a dominant player in the payment processing space, Visa must ensure it is ready to support new payment methods as they catch on. And Plaid’s plans to facilitate direct debits with account and routing numbers as an alternative to payment cards forces Visa and other payment networks to at least be ready to offer a similar solution. The issuer’s Tink acquisition will help Visa venture into this growing market.

With vast resources, Visa has the potential to pose a real threat to incumbents and fintechs alike. Although, it may not be able to operate as nimbly as newcomers who are already ahead of the game. Visa’s interest also foretells how open banking is likely to become more prevalent as banks must react to pressure from consumers, regulators and other industries where API-based solutions are common. With support from a major payment processor and renewed focus from regulators, a standard open banking framework in the U.S. no longer seems as far off as it once did.

Rosalie Goldberg
All Author Posts