Wait until you hear about this company called Plaid (valued at ~13B$) which is used by a lot of FinTech companies to access your bank account. They take your username/password in cleartext and go ahead and scrape and do as they please with the data to prevent fraud (oh and if 2fa blocks them from scraping, they'll ask you to disable it).

How is this even remotely acceptable blows my mind. My alternatives to transfer money into these fintech companies are checks (are we in the 90s?) or wire transfer (20$ each).

In Europe, all 6,000 retail banks have working APIs and it's possible to connect to banks without username/password sharing. The APIs are completely free to use under the PSD2 regulation. This approach of regulated open banking (i.e. regulator asking banks to build APIs) should eventually eradicate any password sharing in Europe. I hope to see this in US at some point as well.

while this is helpful for software acting in users agency (excel sheets), it's used for risk assessment elsewhere - and I'm not sure about credentials: Firms like Klarna ask your credentials (XS2A) to extract insights, before approving even a SEPA payment. While you're informed what details are fetched, it can be substantial - all accounts, balances, transaction history. Their credit business couldn't be happier for PSD2.

https://docs.openbanking.klarna.com/acin/insight-api.html

see last screen in example flow

https://docs.openbanking.klarna.com/acin/quick-start-insight...

This MITM sounds like what Sofort payment in Germany did. Absolutely bonkers.

You know what's funny? Polish banks also have wire-transfer online payments roughly like Sofort since forever, but without MITM - Przelewy24, PayU et al. They seem to use proper methods to pre-fill wire transfer forms and dedicated accounts in each participating bank to settle the payment immediately.

This is why any company that requires me to use Plaid is an immediate hard pass.

I am obviously just such a low roller that I can't even imagine downloading a spreadsheet of recent transactions from my bank's website being a genuine pain point.

My bank makes me download or at least electronically acknowledge (through a button in the online banking) the bank statements it generates every few weeks. If those go unchecked for too long they're sent to me in the post, charging me for it.

As ridiculous as that seems I am completely unsurprised that your bank extracts near-random charges while playing with your money. I can't see how tools like this solve that problem, though...

Right. I also, use checks, if zelle is not supported.

I get the Google sentiment. This tool was built only for those people that are not familiar with how to work with APIs.

In Europe this is a regulated activity and Nordigen is licensed provider for this service by all 31 European financial authorities.

Secure data management and privacy is something we take very seriously.

Roberts, co-founder at Nordigen

> Secure data management and privacy is something we take very seriously.

I'm not doubting your sincerity, but people are going to have to find a different way to say that - those words have come to mean pretty much the opposite in many people's minds: https://techcrunch.com/2019/02/17/we-take-your-privacy-and-s...

Yeah, that gives me the heebie-jeebies.