Hacker News new | past | comments | ask | show | jobs | submit login

What bank allows logging in with a third party app? In the UK they all use secure tokens, SMS codes, etc.



UK and Europe is a lot more advanced than we are in the States.

Some even provide APIs: * https://getmondo.co.uk/docs/ * https://openbankproject.com/ * https://developer.fidor.de/


UK in particular has the worst bankins systems and services I've yet seen in my life. Many European countries, including these from eastern Europe, have a banking industry that's 100 years ahead of UK (on example is where you can't just walk in to a bank and have your thing done - you have to schedule a visit, often weeks in advance. And opening an account - real nightmare, good luck with that, if you're not born&breed brit). However, said that, I do understand that this is the result of UK banks being actually oldest ones and the usual inertia of 'working' things made the changes way slower than the rest of the world.


UK banking is pathetic compared to Australia (and nobody in Austrlia is particularly proud of their bank)


My fiance is Australian, and so far from what I've heard, Australian system is inferior:

* ATM has fees unless you use your own bank's * Transferring money takes quite some time to arrive

There's higher rate of contactless payment adoption in Oz though it's picking up fast here in the UK as well


How so? I don't see anything mentioned here that the UK doesn't have.


I think what they were referring to was the reverse; the banks implementing OAuth plus revocable permissions to third party apps, such as Mint, etc.


yodlee covers uk. i suspect this is a mechanical turk service with humans at the other end logging in


SMS isn't safe.


A while back, I heard about a scam where individuals were targeted by someone at one of the mobile phone providers. They logged in with their bank details, rerouted the authentication messages to their phone, and proceeded to do as they pleased. The "victim" had no idea it was happening as all the auth and notification SMS's being sent to their mobile number were being routed to someone else entirely.


How should the bank handle that. Sounds like one needs to send a crypto signed ACK before the bank enable access with the reauth code. Good companies at least send an ack email after the fact.

Not much seems to have been done about verifying the receiving end of communications - when I call a company on the phone there's no default protocol to confirm their credentials (like per user passwords for the business).




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: