Hacker News new | past | comments | ask | show | jobs | submit login

It works only once as they relay the code for verifying account numbers. But it doesn't always work (both with BofA and Wells Fargo) and certainly not for continuous pulling of data.

Which is how 2FA is supposed to work. Perhaps they try to keep the session from timing out, but that is bound to break.

The solution is regulation to force Banks to provide customer data over an API to an authorized third party (preferably with 2FA on that too, and other security mechanisms, like mutual auth, auditing the security and probity of the subscriber etc).

Scraping is such a 1990s solution, and Plaid's Uber-like disregard for rules made it a non-starter for anyone sensible.

Ironically, while it might get systematic integration with VISA, the privacy implications are far worse.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact