54
submitted 8 months ago* (last edited 8 months ago) by avidamoeba@lemmy.ca to c/canada@lemmy.ca

Open banking works by giving consumers the option to share their banking data with other firms. The most common use is granting access to budgeting or money management apps and companies, so that a customer can pool different bank accounts and credit cards into one place.

Ah yes, finally what we've been missing in our financial system! 🤭

you are viewing a single comment's thread
view the rest of the comments
[-] O_i@lemmy.world 7 points 8 months ago* (last edited 8 months ago)

The most common use is granting access to budgeting or money management apps and companies, so that a customer can pool different bank accounts and credit cards into one place.

I’m confused dude, we can already do this?

[-] MajorSauce@sh.itjust.works 9 points 8 months ago* (last edited 8 months ago)

I've known some guys that are working for one of those "Financial data brokers" like the one Mint uses.

I thought that there was something fancy to actually link your bank account and whatever budgeting app you want to use, like some Oauth or API token...

In reality, you basically give your (plaintext) credentials to this entity which then uses them to open a session with your bank and parse the webpage. If there was some MFA used it forwarded the request back to you and if there was some robot check blocking the connection, they would have employees take control of the session and do the physical clicking on the webpage...

Not saying that all Fin data brokers work like that, but I can confirm that's the way one of the major ones did work internally 4-5 years back .

[-] avidamoeba@lemmy.ca 7 points 8 months ago* (last edited 8 months ago)

That was my impression too. Banks don't have such APIs and it seems like they're regulated not to. Terrible, insecure smoke and mirrors. This is why I never gave my credentials to any such company. If I have them my credentials, then they would be me.

[-] deelayman@lemmy.ca 1 points 8 months ago

The regulation is the IIROC Dealer Member Rule (DMR) 3200 A. 1.(b) (i) which prohibits IIROC registrants (brokerages) from allowing their clients to use their own automated order systems to generate orders. So just clarifying that its not illegal because it's unsafe, just that they dont want us to give an app our credentials that does algorithmic trading on our behalf. Their reasons, i dont know.

[-] deelayman@lemmy.ca 5 points 8 months ago

The problem is Plaid et al are forced to scrape webpages because banks dont offer an alternative. Banks currently hold the user liable for sharing their password if theres a breach, but this new open banking legislation will shift that liability to plaid/third parties.

[-] Shadow@lemmy.ca 2 points 8 months ago

Still definitely works like that. It's a massive security issue.

this post was submitted on 13 Mar 2024
54 points (96.6% liked)

Canada

7200 readers
315 users here now

What's going on Canada?



Communities


🍁 Meta


🗺️ Provinces / Territories


🏙️ Cities / Local Communities


🏒 SportsHockey

Football (NFL)

  • List of All Teams: unknown

Football (CFL)

  • List of All Teams: unknown

Baseball

Basketball

Soccer


💻 Universities


💵 Finance / Shopping


🗣️ Politics


🍁 Social and Culture


Rules

Reminder that the rules for lemmy.ca also apply here. See the sidebar on the homepage:

https://lemmy.ca


founded 3 years ago
MODERATORS