[Rainymood]

>Why does Penny need my bank login information? >Penny uses your bank login information to establish a connection with your bank, so that she can automatically retrieve and organize >your transactions.

>Does Penny store my bank login information? >Penny never stores your bank login information. After she first establishes the connection to your bank, she gets a separate, secret >access code to retrieve your transactions from your bank. That way, she can access your transactions without ever needing your bank >account credentials again.

How does this work exactly? What about banks that do not have an API. I've been wanting to write a similar app for myself but see NO way to log-in securely if the bank does not offer an API.

[flukus]

They screen scrape the banks website. Absolutely awful from a security perspective. Even if a particular site is trustworthy, it's not a practice that should be encouraged.

[Rainymood]

I did this but when I told people i got my nose pointed on how illegal it is, how do they get around this? I'm seriously curious

[flukus]

I don't think it's illegal anywhere, although it might violate a TOS and a bank may try to block it at any time. They could also block connections from certain IP ranges if the scraping is done one the server.