I wasn’t sure where to ask this, so please feel free to direct me to a different community if there’s a good one for this question.

Are there any US banks that allow their clients programmatic access to their own data? As far as I’m aware, that’s not really a thing in the US, but I might be willing to switch banks if there are any that provide access.

  • krayj@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Many 3rd party services such as “Mint Financial” (part of Intuit) offer the ability to connect to a vast number of US banking and financial institutions to ingest your transaction information as it happens, so I assume there must be APIs they are using for it. The number of institutions they support is greater than the number of institutions they don’t.

    • SomeoneSomewhere@lemmy.nz
      link
      fedilink
      arrow-up
      6
      arrow-down
      2
      ·
      1 year ago

      Unfortunately, my understanding is that they mostly use screen-scraping.

      Giving your account username/password to anyone but your bank is usually a breach of ToS, and they can use it to deny you compensation if something goes wrong and someone cleans out your bank account using internet banking.

      They also get to datamine everything.

      • ritswd@lemmy.world
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        1
        ·
        1 year ago

        Mint uses an OAuth token (I think through Plaid). This is not the same thing as sharing a username/password, and is authorized by your bank, since they provide the OAuth flow; otherwise OAuth wouldn’t work in the first place.

        • Falmarri@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Fyi plaid does screen scraping to get a lot of their data. At least they did 6 years ago or so when I worked in the sector

      • Chozo@kbin.social
        link
        fedilink
        arrow-up
        7
        arrow-down
        1
        ·
        1 year ago

        I believe Mint uses Plaid’s API and a login token from your bank to connect to your account; they’re not doing web scraping or actually logging in with your account credentials.

        • amos@lemmy.world
          link
          fedilink
          arrow-up
          9
          ·
          1 year ago

          Plaid just settled a $58 million class action lawsuit for a) collecting people’s usernames and passwords then b) scraping their transaction history without their consent and selling it to data brokers.

          From the complaint:

          1. First, Plaid induces consumers to hand over their private bank login credentials to Plaid by making it appear those credentials are being communicated directly to consumers’ banks. Consumers are informed the connection is “private” and “secure,” and their banking credentials will “never be made accessible” to the app. They are then directed to a login screen that looks like it is coming from their bank, complete with the bank’s logo and branding. In reality, however, though Plaid does not disclose this, the login screen is created by, controlled by, and connected to Plaid. Plaid executives have acknowledged this process was “optimized” to increase “user conversions”—in other words, to provide a false sense of comfort to consumers by concealing Plaid’s role as an unaffiliated third party.
          1. Second, Plaid uses consumers’ login credentials to obtain direct and full access to consumers’ personal financial banking information for Plaid’s own commercial purposes wholly unrelated to consumers’ use of the apps. For each consumer, Plaid downloads years’ worth of transaction history for every single account they have connected to that bank (such as checking, savings, credit card, and brokerage accounts), regardless of whether the data in any of the accounts bears any relationship to the app for which the consumer signed up. Thus, a consumer who makes a single mobile payment on an app from a checking account unwittingly gives Plaid years’ worth of private, granular financial information from every account the consumer maintains with the bank, including accounts maintained for others such as relatives and children. To date, Plaid has amassed this trove of data from over 200 million distinct financial accounts.
          1. Plaid exploits its ill-gotten information in a variety of ways, including marketing the data to its app customers, analyzing the data to derive insights into consumer behavior, and, most recently, selling its collection of data to Visa as part of a multi-billion dollar acquisition. Plaid has unfairly benefited from the personal information of millions of Americans and wrongfully intruded upon their private financial affairs.