Hacker News new | past | comments | ask | show | jobs | submit login

It is hard to be certain without knowing the particular credit union, but as others have mentioned this data is likely used to counter bot login attempts.

But this is more of a business decision than a security decision likely. It is probably to prevent services like Intuit (Mint.com, Quickbooks, etc), Plaid, Quovo, and other data aggregators from accessing online banking and screen scraping / web crawling. Obviously, there are security reasons to prevent this access as well, but it has historically been a business decision with security as an excuse.

Disclaimer: I'm co-founder of a company that powers online banking, mobile banking, and open banking APIs for credit unions and banks and used to be CTO at a credit union.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact