Hacker News new | past | comments | ask | show | jobs | submit login

I must say I was quite surprised when I read this comment. In Germany we have FinTS [1] with an open specification and I'm not aware of a single bank that doesn't support it. It's been around since 2002 [2] and is based on HBCI, which became available in 1998 [3].

I suspected it might be different elsewhere, but I had no idea that the situation was so dire that you had to actively go looking for a bank with an API.

[1] https://en.m.wikipedia.org/wiki/FinTS

[2] https://de.wikipedia.org/wiki/Financial_Transaction_Services (German)

[3] https://de.wikipedia.org/wiki/Homebanking_Computer_Interface (German)

FinTS does not solve the problem of (scoped) authentication and authorization at all.

It merely provides a standardized interface to access account data or initiate transactions, but it still uses a plain username/password login to authenticate.

Even that it does not do particularly well – the protocol is horrendously outdated and does not support "recent" inventions like credit cards on many popular banks, which means that banking aggregators have to fall back to screenscraping anyway.

However, this will hopefully change soon with PSD2/SCA, which does mandate such secure account access (based on OAuth2, if I understand it correctly).

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact