Bank account linking to services

So the 'preferred' method for systems to allow you to connect your bank account to their service for the last few years has been to select your bank, then ask you to enter your user name and password into their website. This goes against all security precautions as far as I am concerned. Why would I enter my banking user and password anywhere else other than on my bank's website or in my bank's phone app.

No, no no. I am told that only a token is passed and somehow this is safe. However this is usually done by a 3rd party service, so you're actually giving your login to an unknown 3rd party (by all appearances at least). This is so wrong. And why are they involved, anyway? Are they mining all your transactions going forward from that point? This I will never do, regardless of any assurances from anyone.

The long standing method prior to that is to deposit two small amounts adding up to $1.00 into your account then ask you to later enter those amounts on your website (later to be withdrawn again). This method, although silly at heart, is at least workable.

To the designers of the financial system, here's how it should work.

I must initiate the process. I can generate a signed key using a feature on my bank's web site, and enter it at the website of the prospective service, along with my account and routing number (alternately this could be securely encoded in the transaction key I paste in). They initiate a request to my bank. I log into the bank's web site and approve the request.  So there must be a secure method of communication between the banks and the service.

To the companies using the existing method- it's not ok. Please stop.

Comments

Post a Comment

Popular posts from this blog

Bluetooth - don't get me started

Too late. OK let's just say it's grossly premature to remove the analog headphone jack. I have heard a glimmer of hope that there is a new bluetooth standard. That said, here's the typical experience now, colored by my experience of traveling with a 10 year old (on different trips). With headphone jack: Hand headphones and tablet to 10 year old.  10 y.o. plugs in and starts listening, happy for the entire 7 hour trip. With bluetooth headphones Hand headphones and tablet to 10 year old.  Explain that they need to be synced first.  Explain where the menu is (much pain without being able to refer to it while driving).  Tell him to turn on the phones and hold down until the sync button is started.  But is the tablet looking for them first?  Is Bluetooth even enabled on the tablet?  Tablet not syncing.  What's wrong.  Did we get it within the sync period?  Try again?  Were the batteries charged?  Eventually have to pull over and sync at the next stop. Batteries en
Read more

Why I don't like Apple

1/20/2022 This isn't really about the UI. I do have gripes with it, more recently. 2010 to 2015 I think it was actually pretty good. With so many apps out there I prefer to navigate by typing the first few letters of an app, rather than by swiping through pages of apps. This is exceedingly difficult in Appleland. No this is more about attitude. Here are the principles I feel like Apple abides by now, as if they had been written by management. 1. Overcharge as much as possible on storage. Despite advances in storage technology and ever dropping prices, we can make people pay a huge amount extra for more storage.  Never ever ever put in a MicroSD card interface, which would allow 1 Terabyte of easily purchasable and high transfer speed storage and possibly more in the future. When we can charge so much for 32 or 64 GB or 128 GB of onboard storage, why allow people to buy storage from somewhere else. 2. Tie people into our product by whatever means necessary. Make it impossible for th
Read more