[elric]

> allowed to wall in their data with no API access

There's PSD2 in the EU (or Eurozone? Not sure actually). Basically forces banks to open common APIs to encourage interopability and competition. However, it's not aimed at users but rather at companies in fintech building applications.

Some banks (Bunq comes to mind) offer APIs to their customers for direct use, but most don't. The reason is obviously security. People still fall for phishing, people still give fake bank staff their access codes on the phone. Giving normal users a way to have API access to their bank account would be disastrous for many of those users.

Now, it would be nice if things like PSD2 were a little more accessible and transparent. Currently you need permission from an institution like The National Bank to gain access. It's expensive and bureaucratic.

[dahcryn]

It's a great idea, but it's been killed off by the small print that was lobbied into the requirements

Basically, banks force apps or users to require you fully revalidate user consent every 90 days. And it's quite an annoying process. That means any app or integration you want to build, requires 10 minutes of your time every 90 days or they stop working. It's killed many Fintech's.

It all works on paper, but is drafted into law by politicians who have no clue about technical challenges and user experience. So in the end, it works exactly as designed by the banks: it doesn't

[elric]

Requiring up to date authentication in order to access a bank account makes sense though. Do you get annoyed at having to enter your PIN when using an ATM?

[zaptheimpaler]

The method I use now (SimpleFIN) requires me to reauth with a text based OTP every single day, for each of my bank accounts/cards. It also voids some consumer protections. In practice I only sync once in a few days to avoid that pain. A somewhat supported way with auth once every 90 days sounds like a dream.

[lucketone]

180 days (changed recently)

[eitau_1]

I'd be more than happy with read-only access. Still potentially bad for 'normal users' but not disastrous.

[kkfx]

It's for SEPA area BUT it's mandatory open only for PSPs/financial institutions cutting out end customers... Also most banks have a terribly limited support. Personally I use OpenBank APUs (PSD2/DSP2) for some banks (ironically via a Canadian operator, GoCardless) and well... generic accounts are supported, stocks are not, bank cards are not etc, most exports have very poor quality.

Long story short I can auto-import in Firefly III from EU banks only via a Canadian company and the quality of the process NOT due to GoCardless but due to local banks is terrible...

That's why stablecoins are booming...

[nicbou]

I was really disappointed by that. I still can't easily retrieve a list of my transactions.

[moi2388]

I am very happy with that, because it means the PSD2 providers have their security tested before they are accepted.

[nicbou]

Yes, PSD2 is overall an excellent thing. I used to be able to scrape my data with just a username and a password. This is a massive improvement.