54
A long-awaited change to Canadian banking is coming
(globalnews.ca)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 13 Mar 2024
54 points (96.6% liked)
Canada
7200 readers
304 users here now
What's going on Canada?
Communities
๐ Meta
๐บ๏ธ Provinces / Territories
- Alberta
- British Columbia
- Manitoba
- New Brunswick
- Newfoundland and Labrador
- Northwest Territories
- Nova Scotia
- Nunavut
- Ontario
- Prince Edward Island
- Quebec
- Saskatchewan
- Yukon
๐๏ธ Cities / Local Communities
- Calgary (AB)
- Edmonton (AB)
- Greater Sudbury (ON)
- Halifax (NS)
- Hamilton (ON)
- Kootenays (BC)
- London (ON)
- Mississauga (ON)
- Montreal (QC)
- Nanaimo (BC)
- Oceanside (BC)
- Ottawa (ON)
- Port Alberni (BC)
- Regina (SK)
- Saskatoon (SK)
- Thunder Bay (ON)
- Toronto (ON)
- Vancouver (BC)
- Vancouver Island (BC)
- Victoria (BC)
- Waterloo (ON)
- Winnipeg (MB)
๐ Sports
Hockey
- List of All Teams: Post on /c/hockey
- General Community: /c/Hockey
- Calgary Flames
- Edmonton Oilers
- Montrรฉal Canadiens
- Ottawa Senators
- Toronto Maple Leafs
- Vancouver Canucks
- Winnipeg Jets
Football (NFL)
- List of All Teams:
unknown
Football (CFL)
- List of All Teams:
unknown
Baseball
- List of All Teams:
unknown - Toronto Blue Jays
Basketball
- List of All Teams:
unknown - Toronto Raptors
Soccer
- List of All Teams:
unknown - General Community: /c/CanadaSoccer
- Toronto FC
๐ป Universities
๐ต Finance / Shopping
- Personal Finance Canada
- BAPCSalesCanada
- Canadian Investor
- Buy Canadian
- Quebec Finance
- Churning Canada
๐ฃ๏ธ Politics
- Canada Politics
- General:
- By Province:
๐ Social and Culture
Rules
Reminder that the rules for lemmy.ca also apply here. See the sidebar on the homepage:
founded 3 years ago
MODERATORS
I've known some guys that are working for one of those "Financial data brokers" like the one Mint uses.
I thought that there was something fancy to actually link your bank account and whatever budgeting app you want to use, like some Oauth or API token...
In reality, you basically give your (plaintext) credentials to this entity which then uses them to open a session with your bank and parse the webpage. If there was some MFA used it forwarded the request back to you and if there was some robot check blocking the connection, they would have employees take control of the session and do the physical clicking on the webpage...
Not saying that all Fin data brokers work like that, but I can confirm that's the way one of the major ones did work internally 4-5 years back .
That was my impression too. Banks don't have such APIs and it seems like they're regulated not to. Terrible, insecure smoke and mirrors. This is why I never gave my credentials to any such company. If I have them my credentials, then they would be me.
The regulation is the IIROC Dealer Member Rule (DMR) 3200 A. 1.(b) (i) which prohibits IIROC registrants (brokerages) from allowing their clients to use their own automated order systems to generate orders. So just clarifying that its not illegal because it's unsafe, just that they dont want us to give an app our credentials that does algorithmic trading on our behalf. Their reasons, i dont know.
The problem is Plaid et al are forced to scrape webpages because banks dont offer an alternative. Banks currently hold the user liable for sharing their password if theres a breach, but this new open banking legislation will shift that liability to plaid/third parties.
Still definitely works like that. It's a massive security issue.