The really simple thing that the bank could do is simply email an encrypted XML statement of the days transactions after closing the banking day.
- It saves banks resources as it is done on the banks timescale, not having to handle peak load from customers as happens with on-line banking. It is a traditional batch processing job which banks know and love.
- It does not allow any control of the account just the data, but it is safe as it is encrypted.
- Using XML is easy, extensible, and allows anyone to machine process the data simply. It would allow more data (such as sending sort-code/account) and properly formatted data.
- The data could go to authorised parties such as accountants without giving up on-line banking login details.
Ultimately it will save resources for the bank as it will reduce load on on-line banking.
Of course, this is just a first step. I would like live data of transactions during the day, especially incoming fast payments. That would require a more detailed API where the bank push the data to me. Ultimately, including things like card authorisations, would help tackle fraud and save the bank money. Even if they emailed an encrypted file when transactions come in, it would work well enough. Email is simple and reliable and again a batch processing function, but can also be very quick.
Ultimately, things like account transfers and payments via an API would be useful, but this could even just be a matter of allowing something relatively safe to be automated like inter-account transfers.
Apparently there are third party companies that already screen scrape data feeds from banks. It seems the banks do not approve, and it means giving your on-line banking details to them, breaking terms with the bank and possibly causing problems if there is any fraud later. There are even people that sell anti-screen-scraping systems to help the banks and the like avoid the "problem". The solution is for the banks to provide an official API or data feed and that would put these companies out of business over night.
If there is a bank that does this - someone tell me - I'd be prepared to consider moving all our accounts for a proper API.