Hacker News new | past | comments | ask | show | jobs | submit login

> and does not work if you have 2FA enabled

Certainly false, at least for Bank Of America. Just yesterday I connected BofA to privacy.com using Plaid and it asked me to enter the SMS 2fa code.






It works only once as they relay the code for verifying account numbers. But it doesn't always work (both with BofA and Wells Fargo) and certainly not for continuous pulling of data.

Which is how 2FA is supposed to work. Perhaps they try to keep the session from timing out, but that is bound to break.

The solution is regulation to force Banks to provide customer data over an API to an authorized third party (preferably with 2FA on that too, and other security mechanisms, like mutual auth, auditing the security and probity of the subscriber etc).

Scraping is such a 1990s solution, and Plaid's Uber-like disregard for rules made it a non-starter for anyone sensible.

Ironically, while it might get systematic integration with VISA, the privacy implications are far worse.


It doesn't - I tried again just to see if I was imagining things: https://ibb.co/KGMhFXF



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: