undefined | Better HN

0 pointsdiggan1y ago0 comments

> but would love the auto importing / screen scraping features that Mint.com had

I never used it, but didn't that ask you for the username/password in order to do its job? If so, I wouldn't touch it with a ten-foot pole.

> cause the program to send your data elsewhere -- or worse, deplete accounts' funds.

Again, seemingly because their shitty architecture would that even be possible.

There are modern (possibly only European?) standards nowadays that forces the banks to expose proper APIs for doing things like that. Would require a business entity to deploy to production (I think that's one of the requirements?) but otherwise wouldn't be a huge task compared to manually scraping stuff.

0 comments

3 comments · 2 top-level

nightski1y ago· 1 in thread

Some banks allow you to create separate limited read only credentials at least that can be revoked at any time. But not all of them allow this.

al_borland1y ago

I used Every Dollar for budgeting for a while. It seemed mixed. Some banks used auth through the bank that would create a token for the site/app, which could be revoked through my account when the bank. Others used a 3rd party service which required the user enter their bank creds, and seemingly trust them.

I was in the market for a new bank, so I ended up coming up with my short list of banks I’d look at moving to, then went to Every Dollar to try adding accounts to see what kind of prompt I was met with. Anything that required the 3rd party to store my creds was out of the running. I ended up ending a 20+ year relationship with a bank of this. There were other things too, but this was the straw that got me to actually cut ties.

I assume Mint was similar. I used it a long time ago, probably when I was more trusting in my youth.

j-a-a-p1y ago

I suppose you mean PSD2. That is mandatory for EU banks that do payments. I don't think your stock and crypto trading services need to comply.

j / k navigate · click thread line to collapse