> This is also why I can’t imagine ever using Plaid/Mint/etc that require my bank credentials just to do minor stuff like make payments or read transactions.
That's the fault of banks. We need open banking, with APIs using OAuth or similar with scopes or some way for per-action/item access.
They could have started simpler with app passwords that provide read only access. They purposefully drug their feet under the false principal that they own their clients' data.
What if the bank were collectively owned and operated, and used a clever cryptographic scheme to simultaneously allow full transparency and full monetary autonomy?
Then I guess that multiple bad actors would jump at the chance to irreparably scam thousands of accounts out of millions of dollars. Or something like that.
Things are improving bit by bit. BofA and Chase both have OAuth and pretty granular permissions now. Citi and Wells Fargo have OAuth APIs too, though I haven't worked with them personally. That's the top 4 consumer banks, but many credit unions are stuck in the past. Credit unions in general need to wake up about how far behind they are in IT investment, and use a common IT vendor to modernize.
Exactly. I should be able to create read only tokens. I think banks don’t really want us getting our own data without going through their marketing interface.
unfortunately, individuals are not allowed to make use of it for private purposes. You must be a registered business and then be entered in a register before you get any keys.
That's the fault of banks. We need open banking, with APIs using OAuth or similar with scopes or some way for per-action/item access.