Omnibank.io becomes ibanity

Omnibank is dead… Say hi to ibanity!

This is the third article on the progress of ibanity (pka Omnibank.io), you can read more about the genesis of the project and our first introduction of the developer sandbox.

Quite a lot has happened since our last medium post. We’d like to share some of it with you starting with one major update: Omnibank is dead…

Long live ibanity!

Why the name change?

Last november 2016, we gathered to decide what we wanted from this project. We had a working technical solution, support for 6 banks and were already using it to solve our own problems. We asked ourselves if transforming a side project into a real product company was something we truly wanted. We took some time to think about it and we made a decision. In 2017, we plan on working full time on it. Currently, we can only afford to spend at best a couple of days a week which is clearly not enough but we’ll come back to that.

We changed name mostly because of Article 5 in the law of April 25 2014 that states a list of which organisations are allowed to use the word “bank” in their name. Hint: we’re not in that list.

Introducing ibanity

Our mission is to deliver developers a SDK and a bank aggregation API that will let them build awesome products. We want to remove the friction of accessing banking data and provide the best experience possible.

Confirming our involvement in the project and changing name meant for us we needed to step it up a bit. So we decided it was time to make what we had a bit more appealing and more “production-ready”. We have reworked our portal entirely and we have worked on the end-user flow that will allow your customers to link an account to your platform.

The embeddable widget

In order to allow your customers to give you access to their accounts, we needed to have an easy to embed widget.

The amount of code needed to use our embeddable widget in your product.

The developer portal

We have completely revamped our existing portal and included more security features. Authentication is done with login/password + Google Authenticator at the moment. We will add SMS security code as an alternative to Google Authenticator in the future. It is important to us that 2FA is the default authentication model on our developer portal.

Showcase of the developer portal where you can create applications and fake data.

As you can see, per application you create on our portal, you get two sets of credentials. A publishable token and a certificate. We go into more details in the next section.

What does it look like for the end-user, your customers?

Ibanity acts as a trusted intermediate that allows developers to access their customers bank data. That way, the developers can rely on us to protect their customers sensible data while we provide them connection to as many banks as possible.

A demo application where we insert eh ibanity widget.

Onboarding takes only a minute per bank linked. They just need their usual bank credentials (digipass or password or pincode) and a phone number to receive an SMS.

Our API security model

In the previous sections we introduced two different sets of credentials.

• Publishable tokens
• Certificates

Publishable tokens

They are used only to inject the html widget. It is a safe to publish token that makes it possible for us to identify an application on our portal. All connections from the widget go straight to ibanity, they do not go through your services.

Certificates

Those are of course quite sensible. These certificates are what you need to use in order to call our API from your servers. It’s a way to securely identify which application is calling. Those certificates are generated and signed by our very own root certificate authority.

A valid API call from your servers to ibanity will need the certificate. Either you or we can revoke any of those credentials as soon as we identify any unexpected behaviour, rendering all your requests unauthorized.

All the sensible data we need to save in order for the API to function properly is encrypted and decrypted with vault by hashicorp. The whole thing is deployed on several distinct instances of AWS in Frankfurt. Those data centers are PCI, SOC & ISO27001 compliant.

Cloud Compliance - Amazon Web Services (AWS)

Our Roadmap

We know a lot of you are eager to get your hands on ibanity, especially those who have seen a live demo on real banks. However, we’ve only started 6 month ago and there is still quite a lot for us to do to get there. As we are only working at most a couple of days a week on this, we had to decide if we wanted to keep bootstrapping or get funded. We decided to open a seed investment round to move faster and be able to work on ibanity full-time.

Anyone interested can contact us at hey@ibanity.com and ask for our investors pitch deck.

Our current plan is the following:

• Q1 2017: Get funded to work full-time on ibanity. Finish the last developments to make it fully production-ready.
• Q2 2017: Open up the multi-bank sandbox for anyone to try. Get first live banks in production. Launch of our beta program.
• Q3 2017: Focus on customer base growth and improving ibanity based on the feedback received. Add more banks live.
• Q4 2017: End of beta, official launch.

Wanna help?

There are many ways you can help:

• Talk about us to your developer/entrepreneur colleagues.
• Share this blogpost to any person that might be interested.
• Introduce us to investors or funds if you know any that would like what we’re trying to do.
• Send an email to your banks support center asking them to speed up discussions with ibanity.

We are more than ever convinced that this is the perfect timing to change the status-quo around access to banking data here in Belgium. We’re doing the best we can to make it happen and with your help, we will.

Feel free to contact us with feedback and questions at our new email address hey@ibanity.com