But does that then imply that users authenticate with their bank via Visa (i.e. Visa becoming an identity provider -- not totally unimaginable given their association with customer-issued cards)? Or instead that banks would implicitly offer this data to Plaid/Visa under their card issuance ToS, without user authentication required?
(I'm not really asking for answers, I don't think we can really know at this point. It just leads to questions like this and I'm curious)
But ya, I bet they're going to push hard on "provide us openid connect" in future contract negotiations to solve the security problem.