Pluralistic: Shifting $677m from the banks to the people, every year, forever (01 Nov 2024)

Originally published at: Pluralistic: Shifting $677m from the banks to the people, every year, forever (01 Nov 2024) – Pluralistic: Daily links from Cory Doctorow



Today's links



A painting of Moses parting the Red Sea, with terrified and grateful Israelites around his feet and an onrushing army of charioteers in pursuit. Moses has been replaced with a vintage editorial cartoon depicting Uncle Sam as a stern cop holding out a billyclub, on his breast is the crest of the Consumer Finance Protection Bureau. The roiling Red Sea has been overlaid with a US $100 bill.

Shifting $677m from the banks to the people, every year, forever (permalink)

"Switching costs" are one of the great underappreciated evils in our world: the more it costs you to change from one product or service to another, the worse the vendor, provider, or service you're using today can treat you without risking your business.

Businesses set out to keep switching costs as high as possible. Literally. Mark Zuckerberg's capos send him memos chortling about how Facebook's new photos feature will punish anyone who leaves for a rival service with the loss of all their family photos – meaning Zuck can torment those users for profit and they'll still stick around so long as the abuse is less bad than the loss of all their cherished memories:

https://www.eff.org/deeplinks/2021/08/facebooks-secret-war-switching-costs

It's often hard to quantify switching costs. We can tell when they're high, say, if your landlord ties your internet service to your lease (splitting the profits with a shitty ISP that overcharges and underdelivers), the switching cost of getting a new internet provider is the cost of moving house. We can tell when they're low, too: you can switch from one podcatcher program to another just by exporting your list of subscriptions from the old one and importing it into the new one:

https://pluralistic.net/2024/10/16/keep-it-really-simple-stupid/#read-receipts-are-you-kidding-me-seriously-fuck-that-noise

But sometimes, economists can get a rough idea of the dollar value of high switching costs. For example, a group of economists working for the Consumer Finance Protection Bureau calculated that the hassle of changing banks is costing Americans at least $677m per year (see page 526):

https://files.consumerfinance.gov/f/documents/cfpb_personal-financial-data-rights-final-rule_2024-10.pdf

The CFPB economists used a very conservative methodology, so the number is likely higher, but let's stick with that figure for now. The switching costs of changing banks – determining which bank has the best deal for you, then transfering over your account histories, cards, payees, and automated bill payments – are costing everyday Americans more than half a billion dollars, every year.

Now, the CFPB wasn't gathering this data just to make you mad. They wanted to do something about all this money – to find a way to lower switching costs, and, in so doing, transfer all that money from bank shareholders and executives to the American public.

And that's just what they did. A newly finalized Personal Financial Data Rights rule will allow you to authorize third parties – other banks, comparison shopping sites, brokers, anyone who offer you a better deal, or help you find one – to request your account data from your bank. Your bank will be required to provide that data.

I loved this rule when they first proposed it:

https://pluralistic.net/2024/06/10/getting-things-done/#deliverism

And I like the final rule even better. They've really nailed this one, even down to the fine-grained details where interop wonks like me get very deep into the weeds. For example, a thorny problem with interop rules like this one is "who gets to decide how the interoperability works?" Where will the data-formats come from? How will we know they're fit for purpose?

This is a super-hard problem. If we put the monopolies whose power we're trying to undermine in charge of this, they can easily cheat by delivering data in uselessly obfuscated formats. For example, when I used California's privacy law to force Mailchimp to provide list of all the mailing lists I've been signed up for without my permission, they sent me thousands of folders containing more than 5,900 spreadsheets listing their internal serial numbers for the lists I'm on, with no way to find out what these lists are called or how to get off of them:

https://pluralistic.net/2024/07/22/degoogled/#kafka-as-a-service

So if we're not going to let the companies decide on data formats, who should be in charge of this? One possibility is to require the use of a standard, but again, which standard? We can ask a standards body to make a new standard, which they're often very good at, but not when the stakes are high like this. Standards bodies are very weak institutions that large companies are very good at capturing:

https://pluralistic.net/2023/04/30/weak-institutions/

Here's how the CFPB solved this: they listed out the characteristics of a good standards body, listed out the data types that the standard would have to encompass, and then told banks that so long as they used a standard from a good standards body that covered all the data-types, they'd be in the clear.

Once the rule is in effect, you'll be able to go to a comparison shopping site and authorize it to go to your bank for your transaction history, and then tell you which bank – out of all the banks in America – will pay you the most for your deposits and charge you the least for your debts. Then, after you open a new account, you can authorize the new bank to go back to your old bank and get all your data: payees, scheduled payments, payment history, all of it. Switching banks will be as easy as switching mobile phone carriers – just a few clicks and a few minutes' work to get your old number working on a phone with a new provider.

This will save Americans at least $677 million, every year. Which is to say, it will cost the banks at least $670 million every year.

Naturally, America's largest banks are suing to block the rule:

https://www.americanbanker.com/news/cfpbs-open-banking-rule-faces-suit-from-bank-policy-institute

Of course, the banks claim that they're only suing to protect you, and the $677m annual transfer from their investors to the public has nothing to do with it. The banks claim to be worried about bank-fraud, which is a real thing that we should be worried about. They say that an interoperability rule could make it easier for scammers to get at your data and even transfer your account to a sleazy fly-by-night operation without your consent. This is also true!

It is obviously true that a bad interop rule would be bad. But it doesn't follow that every interop rule is bad, or that it's impossible to make a good one. The CFPB has made a very good one.

For starters, you can't just authorize anyone to get your data. Eligible third parties have to meet stringent criteria and vetting. These third parties are only allowed to ask for the narrowest slice of your data needed to perform the task you've set for them. They aren't allowed to use that data for anything else, and as soon as they've finished, they must delete your data. You can also revoke their access to your data at any time, for any reason, with one click – none of this "call a customer service rep and wait on hold" nonsense.

What's more, if your bank has any doubts about a request for your data, they are empowered to (temporarily) refuse to provide it, until they confirm with you that everything is on the up-and-up.

I wrote about the lawsuit this week for @eff@mastodon.social's Deeplinks blog:

https://www.eff.org/deeplinks/2024/10/no-matter-what-bank-says-its-your-money-your-data-and-your-choice

In that article, I point out the tedious, obvious ruses of securitywashing and privacywashing, where a company insists that its most abusive, exploitative, invasive conduct can't be challenged because that would expose their customers to security and privacy risks. This is such bullshit.

It's bullshit when printer companies say they can't let you use third party ink – for your own good:

https://arstechnica.com/gadgets/2024/01/hp-ceo-blocking-third-party-ink-from-printers-fights-viruses/

It's bullshit when car companies say they can't let you use third party mechanics – for your own good:

https://pluralistic.net/2020/09/03/rip-david-graeber/#rolling-surveillance-platforms

It's bullshit when Apple says they can't let you use third party app stores – for your own good:

https://www.eff.org/document/letter-bruce-schneier-senate-judiciary-regarding-app-store-security

It's bullshit when Facebook says you can't independently monitor the paid disinformation in your feed – for your own good:

https://pluralistic.net/2021/08/05/comprehensive-sex-ed/#quis-custodiet-ipsos-zuck

And it's bullshit when the banks say you can't change to a bank that charges you less, and pays you more – for your own good.

CFPB boss Rohit Chopra is part of a cohort of Biden enforcers who've hit upon a devastatingly effective tactic for fighting corporate power: they read the law and found out what they're allowed to do, and then did it:

https://pluralistic.net/2023/10/23/getting-stuff-done/#praxis

The CFPB was created in 2010 with the passage of the Consumer Financial Protection Act, which specifically empowers the CFPB to make this kind of data-sharing rule. Back when the CFPA was in Congress, the banks howled about this rule, whining that they were being forced to share their data with their competitors.

But your account data isn't your bank's data. It's your data. And the CFPB is gonna let you have it, and they're gonna save you and your fellow Americans at least $677m/year – forever.


Hey look at this (permalink)



A Wayback Machine banner.

This day in history (permalink)

#20yrsago Bhutan: World’s biggest book https://kottke.org/04/10/bhutan-book

#20yrsago Audio/transcript from BBC Creative Archive talk https://web.archive.org/web/20060306155902/http://digital-lifestyles.info/media/audio/2004.10.28-BBC-Creative-Archive-Q&A.mp3

#15yrsago Heavy illegal downloaders buy more music https://www.independent.co.uk/news/uk/crime/illegal-downloaders-spend-the-most-on-music-says-poll-1812776.html

#15yrsago Scenting the Dark: outstanding debut short story collection from Mary Robinette Kowal, exploring our relationship to technology and each other https://memex.craphound.com/2009/11/01/scenting-the-dark-outstanding-debut-short-story-collection-from-mary-robinette-kowal-exploring-our-relationship-to-technology-and-each-other/

#15yrsago Anti-vaccine fear versus science https://web.archive.org/web/20091022235649/https://www.wired.com/magazine/2009/10/ff_waronscience/all/1

#10yrsago Sen Lindsay Graham promises a fine future for “white men in male-only clubs” https://www.politico.com/story/2014/10/sen-lindsey-graham-white-men-joke-112338

#10yrsago Hungary cancels proposed Internet tax in the face of mass opposition https://www.bbc.com/news/world-europe-29846285

#10yrsago David Graeber and Thomas Piketty on whether capitalism will destroy itself https://thebaffler.com/odds-and-ends/soak-the-rich

#10yrsago USPS usage declines, but sloppy postal surveillance is way, way up https://www.politico.com/story/2014/06/snail-mail-snooping-safeguards-not-followed-108056

#10yrsago Surveillance and stalkers: how the Internet supercharges gendered violence https://www.forbes.com/sites/sarahjeong/2014/10/28/surveillance-begins-at-home/

#10yrsago Secret recording of corporate lobbyist is a dirty-tricks playbook https://www.nytimes.com/2014/10/31/us/politics/pr-executives-western-energy-alliance-speech-taped.html

#10yrsago NZ Trade Minister: we keep TPP a secret to prevent “public debate” https://www.techdirt.com/2014/10/31/new-zealands-trade-minister-admits-they-keep-tpp-documents-secret-to-avoid-public-debate/

#5yrsago Blizzard’s corporate president publicly apologizes for bungling players’ Hong Kong protests, never mentions Hong Kong https://www.theverge.com/2019/11/1/20944022/blizzard-blizzcon-hearthstone-china-hong-kong-response-j-allen-brack

#5yrsago My review of Sandworm: an essential guide to the new, reckless world of “cyberwarfare” https://www.latimes.com/entertainment-arts/books/story/2019-11-01/sandworm-andy-greenberg-cybersecurity

#5yrsago Report from a massive Chinese surveillance tech expo, where junk-science “emotion recognition” rules https://twitter.com/suelinwong/status/1190194625572569093

#5yrsago Toronto approves Google’s surveillance city, despite leaks revealing Orwellian plans https://www.cbc.ca/news/canada/toronto/sidewalk-labs-waterfront-toronto-quayside-vote-1.5342294

#5yrsago Chicago teachers declare victory after 11-day strike https://www.usatoday.com/story/news/nation/2019/10/31/chicago-teachers-strike-union-tentative-agreement-makeup-days/4106271002/

#5yrsago Airbnb’s easily gamed reputation system and poor customer service allow scammers to thrive https://www.vice.com/en/article/nationwide-fake-host-scam-on-airbnb/

#5yrsago Suppressed internal emails reveal that the IRS actively helped tax-prep giants suppress Free File https://www.propublica.org/article/the-irs-tried-to-hide-emails-that-show-tax-industry-influence-over-free-file-program

#5yrsago Massive spike in young people registering to vote in the UK https://memex.craphound.com/2019/11/01/massive-spike-in-young-people-registering-to-vote-in-the-uk/

#5yrsago How the British left should seize this moment to strip finance of its political clout https://www.opendemocracy.net/en/oureconomy/thatcher-had-a-battle-plan-for-her-economic-revolution-now-the-left-needs-one-too/

#5yrsago After suing NSO Group for hacking Whatsapp, Facebook kicks NSO employees off its services https://arstechnica.com/information-technology/2019/10/facebook-permanently-deletes-the-accounts-of-nso-workers/

#5yrsago The right is bankrolled by self-interested one-percenters making long-term investments; the left, by one-percenters with “moral whims” https://nymag.com/intelligencer/2019/10/how-did-democrats-lose-the-states-money-money-money.html

#5yrsago Leaked document reveals that Sidewalk Labs’ Toronto plans for private taxation, private roads, charter schools, corporate cops and judges, and punishment for people who choose privacy https://www.theglobeandmail.com/business/article-sidewalk-labs-document-reveals-companys-early-plans-for-data/

#1yrago The impoverished imagination of neoliberal climate "solutions" https://pluralistic.net/2023/10/31/carbon-upsets/#big-tradeoff

#1yrsago Social Security is class war, not intergenerational conflict https://pluralistic.net/2023/11/01/intergenerational-warfare/#five-pound-blocks-of-cheese


Upcoming appearances (permalink)

A photo of me onstage, giving a speech, holding a mic.



A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)



A grid of my books with Will Stahle covers..

Latest books (permalink)



A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • Picks and Shovels: a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books, February 2025
  • Unauthorized Bread: a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2025



Colophon (permalink)

Today's top sources:

Currently writing:

  • Enshittification: a nonfiction book about platform decay for Farrar, Straus, Giroux. Today's progress: 806 words (75407 words total).
  • A Little Brother short story about DIY insulin PLANNING

  • Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. FORTHCOMING TOR BOOKS FEB 2025

Latest podcast: Spill, part four (a Little Brother story) https://craphound.com/littlebrother/2024/10/28/spill-part-four-a-little-brother-story/


This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.


How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Medium (no ads, paywalled):

https://doctorow.medium.com/

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

1 Like

It’s worth contrasting this to the approach taken in the UK, where just the threat of regulation was enough to push the banking system into setting up the Current Account Switch Service, which facilitates moving from one provider to another in a seamless way.

Of course, this was in the context of the 2010s, when a large number of the banks had just been bailed out after the GFC, and banks were already under a lot of scrutiny for their unfair charges. This suggests that the big stick is not always needed, but it has to be a credible threat.

Overall this seems like a win but I have some pretty big hesitation about it.

I care about privacy more than just about anyone I know. Things like this make me worry. When companies have to provide data like this, things get standardized, consolidated, it makes a whole lot of other bad things possible.

Think of the trend of companies verifying your bank accounts by asking you for your password so they can log into them. To me this is batshit crazy and you would have to be insane to consent to this (i.e. giving a company like PayPal complete access to all the data they can scrape from your account, and often for a period of time after the “verification”, e.g. 30 days). I always use the “manual” slow method forcing them to make two deposits, etc. but some services don’t offer it (e.g. Privacy). I created an entirely separate bank account to use there so they got to verify a completely blank account.

My point is that the opportunity for data brokers and other middlemen as well as the banks themselves to make you consent to bullshit to enable this seems high. I argue that legislating they share your data is not as good as legislating they don’t keep it at all and we force the development of standards where people actually have their own banking data. And does your old bank have to DELETE your data once you move?

I guess what I’m saying is I would rather have it be more difficult to move banks and for my old bank to be as dumb and clueless about me as my new bank is as a matter of course.

I will never trust these predators not to cheat at every opportunity and this is just giving them more opportunities.

1 Like

This topic was automatically closed after 15 days. New replies are no longer allowed.