Hacker News new | past | comments | ask | show | jobs | submit login

FinTS does not solve the problem of (scoped) authentication and authorization at all.

It merely provides a standardized interface to access account data or initiate transactions, but it still uses a plain username/password login to authenticate.

Even that it does not do particularly well – the protocol is horrendously outdated and does not support "recent" inventions like credit cards on many popular banks, which means that banking aggregators have to fall back to screenscraping anyway.

However, this will hopefully change soon with PSD2/SCA, which does mandate such secure account access (based on OAuth2, if I understand it correctly).

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact