Hachyderm @hachyderm

0 posts0 participants0 posts today

Continued thread

**rugk** @rugk@chaos.social · Jan 7

In Germany, #finanzguru is e.g. a very popular proprietary product that is mostly an app.

Apparently they got their own #PSD2 respectively (as I learned) #XS2A API (access to account API).

The thing is you need to get approved to use that, so for a customer, you cannot easily get access without a third-party or what?

https://hilfe.finanzguru.de/de/articles/1332482

hilfe.finanzguru.dePSD2 im ÜberblickSeit September 2019 gilt die sogenannte PSD2-Richtlinie (Payment Services Directive 2) europaweit. Sie regelt, wie du deine Bankdaten sicher mit Dri...

Replied in thread

**rugk** @rugk@chaos.social · Jan 7

Jan 7

rugk @rugk@chaos.social

@Xavier Well… in an ideal world we would have a standarized (and obviously secure) API that (nearly) all banks use. Or maybe even a few per region or so.

Of course, we don't. So apparently #fintech 's grew, which is their whole job to handle this (and maybe legal/complaint stuff).

In the #EU we have regulation (#PSD2) which then allows such fintechs access to bank APIs and maybe this is somewhat standardized (?), but yet again… end-customers cannot access that?

see:
https://chaos.social/@rugk/113788438170275630

chaos.socialrugk (@rugk@chaos.social)@kresus@tutut.delire.party ah uhm whyy? So they were only regulation for #fintech's? Does one need to ask for access or what is required? I mean these third-parties like #gocardless, #saltedge or #SimpleFIN bridge (#SimpleFINBridge) do need to get access to these, too? Are there more resources to learn here?

Replied in thread

**rugk** @rugk@chaos.social · Jan 7

Jan 7

rugk @rugk@chaos.social

@kresus Ah thanks! I wonder why this is not easier at least in the #EU as we have mandatory API access for bank data via #PSD2?

Apparently, they can all make up their own API?

**aerique** @aerique@genart.social · Dec 9, 2024 *

Dec 9, 2024 *

aerique @aerique@genart.social

Here's my periodical lamentation on the (Dutch) banking system and the fact that in the year of (almost) 2025 I still cannot get easy API access to my own transaction data. Even not read-only.

I have to either scrape their website for a shitty CSV format file (or worse) or go through some skimming, #PSD2 middle-man asshole service.

Say what you want about crypto but the centralized exchanges have had this covered for more than a decade.

(Next, ask me about IBAN.)

**HALLOWIEGEHTS** @dalu@goeppingen.social · Nov 14, 2024 *

Nov 14, 2024 *

HALLOWIEGEHTS @dalu@goeppingen.social

PSD2 oder wie die Bundesdruckerei mit etwas das nichts kostet den Leuten Geld aus der Tasche zieht.
Die vermieten tatsächlich x509 Zertifikate, die nur 2 Jahre halten, und lassen sich das richtig gut kosten.
So ein Zertifikat zu erstellen ist ein Einzeiler in der Linux Konsole.

#EU #Bank #psd2

**Kevin Karhan** @kkarhan@infosec.space · Nov 8, 2024 *

Nov 8, 2024 *

Kevin Karhan @kkarhan@infosec.space

@lucasmz I guess you never had to do payments within #EU / #EFTA / #SEPA where #PSD2 applies...

Cuz #3Dsecure is #VISA's implementation of it!

Basically it boils down to mandating #2FA via #App or #SMS for any substantial online transaction...

Continued thread

**Quincy** @quincy@chaos.social · Oct 25, 2024 *

Oct 25, 2024 *

Quincy @quincy@chaos.social

rant, absichtlich falsch verstandene technik

Replied in thread

**dreiwert** @dreiwert@digitalcourage.social · Oct 6, 2024 *

Oct 6, 2024 *

dreiwert @dreiwert@digitalcourage.social

@kuketzblog Gibt es empfehlenswerte (idealerweise quelloffene) Authenticator-Apps, die als #psd2 Authentifizierungsfaktor zulaessig sind?

#appzwang

Replied in thread

**__Knut_** @__Knut_@mastodon.online · Sep 17, 2024

Sep 17, 2024

__Knut_ @__Knut_@mastodon.online

@jalogisch Leider kann es (MoneyMoney) bei N26 nicht ohne ein Abo für die #PSD2 Schnittstelle die Salden abrufen.

#Finanzguru ist nur fürs iPhone und nicht für MacOS, oder?

Replied in thread

**Kevin Karhan** @kkarhan@infosec.space · Aug 29, 2024

Aug 29, 2024

Kevin Karhan @kkarhan@infosec.space

@GrapheneOS +9001%

The sheer amount of liabilities if not legal through #GDPR & #BDSG, but indirectly through.mandated #standards like #PCIDSS & #PSD2 are the reason one should avoid storing them at all costs!

**dorotaC** @dcz@fosstodon.org · Aug 14, 2024

Aug 14, 2024

dorotaC @dcz@fosstodon.org

@iron_bug I don't know the case here, but the #bank regulation imposing the #PSD2 interoperability requirement is widely known as "third party access" and if you ask your bank for the #API to access your own data (I'm the first party, not third! I even wrote the software), then they will get confused.

**Lukas Rotermund** @lukasrotermund@social.tchncs.de · Aug 9, 2024

Aug 9, 2024

Lukas Rotermund @lukasrotermund@social.tchncs.de

Does anyone know of a German bank that provides a #BankingApp for various #Linux operating systems, e.g. via #flatpak? Alternatively, I would also be interested in a generic banking app that connects to #PSD2 interfaces, including payment initiation - which can be installed via flatpak :-)

I'd like to switch productively from #Android to a #PureOS or #postmarketOS, I'm fed up with Google's crap.

Replied in thread

**pink** @pink@norden.social · Aug 8, 2024

Aug 8, 2024

pink @pink@norden.social

@fell
I am not overly familiar with #PSD2 but there is an open standard for verifying arbitrary data in a challenge-response procedure based on a shared secret (like TOTP) called OCRA: https://www.rfc-editor.org/rfc/rfc6287
@Caroline @didek @kaia

www.rfc-editor.orgRFC 6287: OCRA: OATH Challenge-Response Algorithm

**Sandro Santilli** @strk@floss.social · Jul 23, 2024

Jul 23, 2024

Sandro Santilli @strk@floss.social

A european directive effective from 2021 requires banks to open up their API ( #PSD2 ).
This should theoretically allow for independent development of user agents to manage bank accounts.
Do you have any experiences about that to share ? Any #OpenSource such client ?

#OpenBanking

**Sandro Santilli** @strk@mastodon.uno · Jul 23, 2024

Jul 23, 2024

Sandro Santilli @strk@mastodon.uno

La seconda direttiva europea sui sistemi di pagamento ( #PSD2 ) operativa dal 2021, obbliga le banche ad aprire le proprie API consentendo la gestione di qualunque conto da una qualunque app di propria scelta.

Quanti di voi hanno trovato ostacoli nella realizzazione di questo obiettivo ? Quali app consigliereste per una gestione centralizzata ? App #OpenSource ne abbiamo ?

#OpenBanking

Continued thread

**Erik van Straten** @ErikvanStraten@infosec.exchange · Jun 30, 2024

Jun 30, 2024

Erik van Straten @ErikvanStraten@infosec.exchange

After reading more in https://developer.mastercard.com/open-banking-europe/documentation/licensed/aiia-enterprise/production/tpp-certs/ I noted:

<<< We do not require a pass-phrase for the private key.
[...]
The requirement to set hostname on QWAC certificates is somewhat confusing, as this is a requirement for TLS server certificates, whereas QWAC certificates are TLS client certificates. >>>

WHAT?

From https://crt.sh/?id=12752024628:

<<< X509v3 Extended Key Usage:
TLS Web Client Authentication, TLS Web Server Authentication >>>

If my understanding is correct, an attacker who obtains access to the private key, sends a phishing mail asking to open https:⁄⁄bunq-com.aiiaclient.com and is able to inject falsified DNS replies (or some other possible network-based attacks), can trick users by showing them a fake bunq website - notably using a QWAC?

I surely hope that I misunderstand all of this.

If not: which idiot decided to put a domain name (instead of, for example, an email address) in a QWAC intended for client authentication?

@agl @Tarah @ScottHelme @dangoodin

developer.mastercard.comMastercard Developers

#QWAC #ClientAuthentication #ClientCertificate

**Dźwiedziu** @dzwiedziu@mastodon.social · Jun 24, 2024

Jun 24, 2024

Dźwiedziu @dzwiedziu@mastodon.social

#PSD2 #OpenAPI is very “open” when the access is only available for “certified institutions”.

Getting your own account ballance? Eff you.

Replied in thread

**https://purl.org/rzr#** @rzr@mastodon.social · Jun 1, 2024

Jun 1, 2024

https://purl.org/rzr# @rzr@mastodon.social

https://talk.maemo.org/showthread.php?p=1572325#post1572325# #PSD2 : Yea I have been using a #JP1 with #AndroidRuntime but will it be future proof ? to support "forced intrusive apps" from banks , state etc ? @cyberlyra

talk.maemo.org Are you ready for PSD2 ? - maemo.org - Talk Are you ready for PSD2 ? Off Topic

**Marwe** @Marwe@troet.cafe · May 1, 2024

May 1, 2024

Marwe @Marwe@troet.cafe

Die #DB hasst ihre Kunden zunehmend und nennt den erzwungenen Vollzugriff aufs Bankkonto auch noch "Openbanking". Das ist nicht die Art von "open" wie sie sein sollte. Leider sind solche namenlosen Zecken im Business durch die #psd2 geadelt worden, jetzt sieht man, wohin das führt.
Buchung eines Tickets wird jetzt zuverlässig verhindert, habe das > 30 min. versucht, danach kommt leider nichts oder maximal Fehlermeldungen. eID wäre ja OK zur Prüfung der Identität, Kontoverlauf nicht
#dbnavigator

**Ellen Timmer** @ellent@mastodon.nl · Apr 21, 2024

Apr 21, 2024

Ellen Timmer @ellent@mastodon.nl

Rekeninginformatiediensten zijn in Nederland mislukt en #openfinance/ #FIDA hoort er niet te komen | #PSD2

https://ellentimmer.com/2024/04/19/psd2-34/

Ellen Timmer - juridische artikelen en berichten · Apr 19, 2024Rekeninginformatiediensten zijn in Nederland mislukt en open finance/FIDA hoort er niet te komen | PSD2Ondanks alle tamtam rondom PSD2, de voorloper van ‘open finance’, tegenwoordig ook wel ‘FIDA’ genoemd, zijn de veelgeprezen ‘rekeninginformatiediensten’ in Neder…

Recent searches

Search options

Administered by:

Server stats:

#psd2