I'm working with a fintech company in Germany at the moment that asks users for their internet banking credentials. Apparently it's quite common in Germany.
That's very strange. Here in Norway we have a unified login system for banks and state services that lets you set up the login with your own bank then any other service that needs you to log in will delegate the login process to your bank and never needs any of your details except for your personnummer (social security number in US/UK I suppose). Then your bank either asks for a code from a one time pad or sends a message to the sim card on your mobile and asks you to confirm with a pin code. It then tells the other entity that you are who you say you are and you are connected. It's called BankID. Beats me why practically everywhere else is so primitive.
Yeah, I heard from a colleague (so anecdotal) that apparently it's because Germany in general is quite behind in terms of digital services, which in part is due to still very patchy broadband in large parts of the country.
Yep, same in Denmark. NemID. But it works with any bank, public service etc. The govt runs the IDP and any company or public institution that wants to utilize trusted user login will delegate authentification to the govt idp
Sofort? When it got introduced in Poland everyone was bewildered as it seemed to stupid to be true. But after some EU nagging banks that support advanced and secured interfaces must tolerate this abomination. Ah, and if you need a US visa you have to use it to pay for your application. Suspicious.
We're taking about end-users utilizing a third party service to get some kind of visualisation for their Bank accounts.
While German banks have a standardized API (FinTS), the normal authentication details are still necessary in order to use it, so basically all third party services demand them for that.
The only place where oauth2 is used is for single sign on between services of the same company and maybe - very rarely - you also get social auth from Facebook or similar.
No bank I've ever seen ever provided a public oauth API with which you could fetch data.
I'm working with a fintech company in Germany at the moment that asks users for their internet banking credentials. Apparently it's quite common in Germany.