this post was submitted on 13 Mar 2024
52 points (96.4% liked)
Canada
6936 readers
649 users here now
What's going on Canada?
Communities
π Meta
πΊοΈ Provinces / Territories
- Alberta
- British Columbia
- Manitoba
- New Brunswick
- Newfoundland and Labrador
- Northwest Territories
- Nova Scotia
- Nunavut
- Ontario
- Prince Edward Island
- Quebec
- Saskatchewan
- Yukon
ποΈ Cities / Regions
- Calgary (AB)
- Edmonton (AB)
- Greater Sudbury (ON)
- Halifax (NS)
- Hamilton (ON)
- Kootenays (BC)
- London (ON)
- Mississauga (ON)
- Montreal (QC)
- Nanaimo (BC)
- Oceanside (BC)
- Ottawa (ON)
- Port Alberni (BC)
- Regina (SK)
- Saskatoon (SK)
- Thunder Bay (ON)
- Toronto (ON)
- Vancouver (BC)
- Vancouver Island (BC)
- Victoria (BC)
- Waterloo (ON)
- Winnipeg (MB)
π Sports
Hockey
- List of All Teams: Post on /c/hockey
- General Community: /c/Hockey
- Calgary Flames
- Edmonton Oilers
- MontrΓ©al Canadiens
- Ottawa Senators
- Toronto Maple Leafs
- Vancouver Canucks
- Winnipeg Jets
Football (NFL)
- List of All Teams:
unknown
Football (CFL)
- List of All Teams:
unknown
Baseball
- List of All Teams:
unknown - Toronto Blue Jays
Basketball
- List of All Teams:
unknown - Toronto Raptors
Soccer
- List of All Teams:
unknown - General Community: /c/CanadaSoccer
- Toronto FC
π» Universities
π Lifestyle
coming soon
π΅ Finance / Shopping
- Personal Finance Canada
- BAPCSalesCanada
- Canadian Investor
- Buy Canadian
- Quebec Finance
- Churning Canada
π£οΈ Politics
π Other
Rules
Reminder that the rules for lemmy.ca also apply here:
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- Be respectful. Everyone should feel welcome here.
- No porn.
- No Ads / Spamming.
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I've known some guys that are working for one of those "Financial data brokers" like the one Mint uses.
I thought that there was something fancy to actually link your bank account and whatever budgeting app you want to use, like some Oauth or API token...
In reality, you basically give your (plaintext) credentials to this entity which then uses them to open a session with your bank and parse the webpage. If there was some MFA used it forwarded the request back to you and if there was some robot check blocking the connection, they would have employees take control of the session and do the physical clicking on the webpage...
Not saying that all Fin data brokers work like that, but I can confirm that's the way one of the major ones did work internally 4-5 years back .
That was my impression too. Banks don't have such APIs and it seems like they're regulated not to. Terrible, insecure smoke and mirrors. This is why I never gave my credentials to any such company. If I have them my credentials, then they would be me.
The regulation is the IIROC Dealer Member Rule (DMR) 3200 A. 1.(b) (i) which prohibits IIROC registrants (brokerages) from allowing their clients to use their own automated order systems to generate orders. So just clarifying that its not illegal because it's unsafe, just that they dont want us to give an app our credentials that does algorithmic trading on our behalf. Their reasons, i dont know.
The problem is Plaid et al are forced to scrape webpages because banks dont offer an alternative. Banks currently hold the user liable for sharing their password if theres a breach, but this new open banking legislation will shift that liability to plaid/third parties.
Still definitely works like that. It's a massive security issue.