Hacker News new | ask | show | jobs
by lewisl9029 3284 days ago
I believe this is true for most US banks also.

I can't even count how many promising-looking Fintech products I had to pass over because the only auth mechanism they offered was through sharing online banking credentials.

Until bank policies regarding credentials-sharing actually change, I think it's really irresponsible for products to even ask for credentials at all, let alone offer it as the default/only auth option. Users could be unwittingly putting their entire life savings at risk.
2 comments
technofiend 3284 days ago
Yodlee not only wants your credentials but at one point updated their customer agreement to grant them Power of Attorney with each institution they managed on your behalf. I don't know about you but PoA, a binding arbitration clause and their marketing your data to boot is well beyond my comfort level.
link
sillysaurus3 3284 days ago
Users could be unwittingly putting their entire life savings at risk.

Is this a realistic concern? I thought the point of a bank was that situations like that can be reversed 100% of the time.

link
Mtinie 3284 days ago
That reversal is not instantaneous, and by no means is it a guarantee that you'll ever get the whole amount back when overdraft fees, third-party bounced check fees, and all of the other non-monetary impacts are taken into account.

Depending on the scope of your accounts with the financial company that you're banking with it's possible that beyond your day-to-day operating funds and your mid-term savings accounts that you may also have access to your investments and other long-term stores of value. They aren't as liquid, and it would be harder for a thief to shift them into something that can be transferred out of your account, but it certainly is possible for it to happen if sales of stocks/bonds/etc. are conducted without your knowledge and then the funds are wired out.

link
lewisl9029 3284 days ago
In this particular case, yes, because banks tend to deny all liability for fraudulent transactions that result from credentials sharing, so the user is entirely liable for whatever loss that occurs.
link
Jemmeh 3284 days ago
It's a realistic concern. For example, a lot of elderly people are targeted for scams because they A.) Are often little easier to trick and B.) Tend to have more money. Comes up in the news a lot. They don't get it back.
link
EpicEng 3284 days ago
Unless you hand out your credentials to an unauthorized third party, relieving the bank of any liability.
link