|
|
|
|
|
|
by insomniacity
3285 days ago
|
|
|
I emailed a bit with sjtgraham on this a while back. It was my understanding back then that even when Teller does more advanced authentication with the bank, eg EMV CAP, that that does still grant them the rights to move money, even though Teller doesn't yet support it. To me that paints a big target on Teller's back - all those juicy downstream credentials. sjtgraham's point was that setting up new payees typically (always?) requires additional authentication. But I can think of a number of scenarios where a hacker might send all my money to all my existing payees just to mess with me/Teller/my bank... causing fees and stress. Obviously it's going down the route that Teller won't need your full credentials, you will grant them access via something like EMV CAP, which I applaud. But I would call on Teller to publicly commit to not integrate more 'advanced' auth methods if they don't include the ability to grant read-only access, if the user wishes! |
|
|