Hacker News new | past | comments | ask | show | jobs | submit login

It's not ideal, but I wouldn't call it a sham. Vulnerable users' banking details are highly targeted by fraudsters, and I can see the concern from lawmakers that making it mandatorily open to all via some oauth style flow (for ex) would limit the banks from controlling access to scammers.

The law doesn't restrict the banks giving access to non-AISPs and, like you say, many of the modern banks do have personal API access, it just sets a minimum bar you have to reach before they're forced to let you in. It seems like a pragmatic middle ground.

What is bad, in my eyes, is the law currently only applies to the CMA9.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact