[Openid-specs-fapi] FAPI - The elephant in the room

[Anders Rundgren]

Dear list,
I hope you don't get too annoyed by my sometimes slightly "deviating" postings.

Anyway, this article
https://medium.com/oauth-2/transaction-authorization-or-why-we-need-to-re-think-oauth-scopes-2326e2038948
triggered me to once again reiterate what I consider a core problem with the FAPI vision.

In my opinion (supported by massive amounts of real-world deployments), payment transaction requests are rendered and authorized on mobile devices which seems to be at odds with the server-centric OAuth way of doing things.

It all really boils down to the question: do "Financial Services" and "Consumer Payments" actually benefit from using the same technology?

A related question is the value of a Payment Initiation Service.  As far as I can see it is essentially a "firewall" between the merchant and the user's bank.  The need for such a firewall is not evident.

I believe this part of Open Banking needs a refresh where the PIS concept is replaced by something else like e-money institutions issuing virtual payment cards.  Performing bank selection in the PIS and (optionally) account selection in the bank seems very fuzzy compared to simply selecting a card in a consistent user interface. That there is no generally accepted "Wallet" out there is of course a snag.

thanx,
Anders