|
|
|
|
|
|
by _pdp_
3284 days ago
|
|
|
Once you have access to someones banking account you can typically make small transfers (up to ~£200) without second-factor authentication. So if your service get's breached attackers will have potentially the means to extract real cash through mules or wreck havoc. Asking for credentials is no go whatever the bank is. There are ways to get some feeds even now but that requires signing some papers. Besides, I don't want to shoot down the service because this is genuinely a useful service (if it wasn't for the scrapping) but the best way to solve this problem is for banks to implement their own APIs with proper access controls that make sense in the context of the bank and the account. |
|
|