This is why a standard API is needed, like Open Banking in the UK. When I use a third party app, the access request is redirected to my bank app and authorisation is granted there. At this point it is explicit what data the third party will require. Once authorised, I’m redirected back to the third party’s app. At no point have I given my credentials. This must be renewed every 90 days. Furthermore I can view what apps have access to my account and can revoke this access at any time.
PS Yes I know people like Ben Thompson [1] and even the US Treasury (mentioned in the same link) advocated for a private solution like Plaid (and nearly by extension Visa), but seriously this seems like something that needs to be government regulated to prevent incentives for selling user data.
PS Yes I know people like Ben Thompson [1] and even the US Treasury (mentioned in the same link) advocated for a private solution like Plaid (and nearly by extension Visa), but seriously this seems like something that needs to be government regulated to prevent incentives for selling user data.
[1] https://stratechery.com/2020/visa-plaid-networks-and-jobs/