| ▲ | syllogism 6 days ago |
| In Europe there are legitimate and extremely established services that require you to input your bank login details into something other than your bank's website. It's madness. |
|
| ▲ | dtech 6 days ago | parent | next [-] |
| There's no legitimate case for that since PSD2 (mandatory since 2020). Are you not confused by that? PSD2 doesn't share your credentials. I'm an European and have never needed to use nor encountered those services. |
| |
| ▲ | siva7 6 days ago | parent | next [-] | | PSD2 is just MFA, it doesn't prevent shady companies still asking your login credentials, even if you must authorize that login from your official banking app. Klarna is one of many examples - they ask me for my bank credentials on their own website so they can crawl all my finance data . | | |
| ▲ | bradfa 6 days ago | parent | next [-] | | Plaid and Finicity do this in the USA for some linking of banking to other financial products. Feels SO insecure. Connecting my credit union checking account through Plaid even ironically brought me to a login page which explicitly states I should never give my banking password to any other entity. If I need to link my accounts and these services are the only choice then I change my banking passwords immediately after. | | |
| ▲ | chrisweekly 6 days ago | parent [-] | | I thought Plaid used OAuth2. Hmm. | | |
| ▲ | karel-3d 6 days ago | parent | next [-] | | Plaid whole business model is that it uses OAuth2 on banks that support it and export the data through APIs; and for the banks that don't, they ask for name/password and scrape it through "fake" web browser that mimick user behavior on the backend. (I worked for a Plaid competitor. The long-term goal for all similar companies is of course to use OAuth and APIs, because it breaks less often; but since the banks don't offer that, scraping it is!) | | | |
| ▲ | cpburns2009 6 days ago | parent | prev [-] | | Plaid asks for your raw bank credentials so that it can scrape up data. That's why I've always refused to use it. | | |
|
| |
| ▲ | StopDisinfo910 6 days ago | parent | prev | next [-] | | I have a Klarna account I opened when their flex account rate was amongst the best you could get and I don't remember them ever asking for my bank credential. I think Bankin' used to before PSD2 and to get a bit more information from some banks but then again Bankin' is a financial agreggator whose explicit purpose is crawling your banking data so it's not too surprising to see them asking for your credentials. | | | |
| ▲ | FinnKuhn 5 days ago | parent | prev [-] | | So does Paypal nowadays when you want to open a new account... |
| |
| ▲ | dcminter 6 days ago | parent | prev [-] | | Where a bank doesn't offer compliant APIs, screen-scraping integrations are explicitly allowed. Not sure how common that is at this point. | | |
| ▲ | _boffin_ 6 days ago | parent [-] | | Thousands and thousands of institutions, they scrape. | | |
| ▲ | dcminter 6 days ago | parent [-] | | Not sure what you mean specifically, but generally the organisations doing screen-scraping¹ would prefer to use compliant APIs as they don't require anything like as much maintenance (bank adds a button to the login flow? Kaboom! Integration is broken...) or resources (e.g. running headless browsers). Some markets are pretty much exclusively compliant - I don't think there are any Nordic banks that don't have fully PSD2 compliant APIs for example whereas, if I remember rightly, the Spanish banks were all over the place. I'm fairly out of date though, so things may have improved or exceptions for scraping expired. ¹ Note that I'm talking exclusively about banking integrations here, not AI nonsense. |
|
|
|
|
| ▲ | fancyfredbot 6 days ago | parent | prev | next [-] |
| Care to mention what these legitimate and established services are? |
| |
| ▲ | JLCarveth 6 days ago | parent | next [-] | | Plaid is used by a lot of the major Canadian banks. | | |
| ▲ | raudette 6 days ago | parent [-] | | Flinks is also an often-used aggregator in Canada. "Connecting" savings accounts from EQ Bank or Wealthsimple to an account at TD Bank requires providing TD credentials to Flinks. |
| |
| ▲ | joshuaissac 6 days ago | parent | prev | next [-] | | Sofort used to do this. I don't know if they still do. | |
| ▲ | 6 days ago | parent | prev | next [-] | | [deleted] | |
| ▲ | FinnKuhn 5 days ago | parent | prev [-] | | Paypal, Klarna |
|
|
| ▲ | didsomeonesay 6 days ago | parent | prev | next [-] |
| Name and shame: Klarna did this. Not sure if they still do because i stay well clear of them. |
|
| ▲ | BlindEyeHalo 6 days ago | parent | prev | next [-] |
| I find this hard to believe and have never seen that ever. |
| |
| ▲ | jeltz 6 days ago | parent | next [-] | | It used to be common 5 years ago before PSD2. | |
| ▲ | brettermeier 6 days ago | parent | prev [-] | | Don't understand the downvotes, i never saw that too, and i am shopping online very often. | | |
| ▲ | consp 6 days ago | parent [-] | | If you used the first gen "pay later" services they'd scrape you for "compliance checking" or simply mask it as a transaction which is actually just personal information scraping. Most of the times you did not see it, as it's obfuscated as a part of the transaction. They are also the companies complaining a lot about the "failure" of the PSD standards since it limits how much and how obfuscated they can scrape everything (and there are records). |
|
|
|
| ▲ | BrandoElFollito 6 days ago | parent | prev | next [-] |
| Are you talking about the possibility to pay via your bank account directly on a checkout page? If so this is the bank page you are using. Can you give some examples? |
|
| ▲ | bombcar 6 days ago | parent | prev | next [-] |
| Multiple US hospitals and insurance companies use genuine links like doctor-services-for-u.biz - infuriating. |
|
| ▲ | PeterStuer 6 days ago | parent | prev [-] |
| Are you sure? Never seen any such thing. |
| |
| ▲ | jeltz 6 days ago | parent [-] | | It used to be common before PSD2 but I have personally not seen it for some years. | | |
|
