The last time Hackerfall tried to access this page, it returned a not found error. A cached version of the page is below, or clickhereto continue anyway

Banking APIs, or, how fraudulent are you? Stephen Whitworth

I recently signed up with my friends' company, Mondo, who are building a new type of bank from the ground up - technology and all. This enables them to do lots of very cool stuff - like giving you API keys, allowing you to register webhooks to receive user data in real time, and an OAuth2 flow on which to build applications. This allows us to build many types of applications and integrations that simply weren't possible before - a very exciting prospect.

I work at a company called Ravelin. We ingest real time data from our clients to protect them against fraudulent users by utilising machine learning to learn the facets of what create fraudulent users. Our API is very simple - send some data to it, we do some magic in the background and return a probability of fraudulence, and an action you should take such as preventing a user, or allowing them.

To dogfood our integration process, and in turn take the Mondo API for a spin, I created a small service, hosted on Heroku to send my data to Ravelin. It ingests the webhooks from Mondo which are sent instantly every time I pay for something. This rich data is then sent to Ravelin, and a score is returned. If I am told to PREVENT my account by Ravelin because of fraud, I post a item into the Mondo application, instantly notifying me of a possible account takeover. It only took me 30 minutes to build a product that taps into massive amounts of user behaviour and intelligence to protect me against fraud in real time. This exemplifies the large amount of value that you can create for users, simply by exposing an API.

Exposing banking data, with sensible and secure authentication process can only be positive. In one day, I've been able to build a library to integrate with Mondo. I suspect the likely reasons within banks for doing this is a mix of technical limitations, worries about security and a refusal to become a 'dumb pipe' for which transactions are processed - they don't want to go the way of mobile operators - as it limits them from selling additional products. The banks have set such a low bar for financial products and apps. In doing so, they have created a big greenfield opportunity for start ups to integrate with banks like Mondo and create fantastic products.

You can grab the Go library at If you're interested in signing up with Ravelin for your own application, please send me a mail at stephen dot whitworth at ravelin dot com and I'll make sure it gets to the right person.

Continue reading on