Hacker News new | past | comments | ask | show | jobs | submit login

To me that depends on where the fraud risk lies.

In the UK banks (in an attempt to encourage online banking) have a fraud guarantee related to losses from unauthorised access to online banking systems as long as you haven't given your credentials to a 3rd party

Screen scraping, like plaid, obviously breaks that concept.

In that case it seems reasonable for the banks to have a ToS that says "no giving your credentials to third parties".

If there's no such guarantee and the user is on their own from a fraud loss perspective then I don't see a reason for enforcing that kind of ToS.

All that said, the idea of a transactional banking system being online with purely static credentials in 2020 is scary one. Decent 2FA should be used for any system that has a financial impact.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact