[Openid-specs-fapi] FAPI - The elephant in the room

Anders Rundgren anders.rundgren.net at gmail.com
Mon Apr 29 08:40:06 UTC 2019

Dear list,
I hope you don't get too annoyed by my sometimes slightly "deviating" postings.

Anyway, this article
triggered me to once again reiterate what I consider a core problem with the FAPI vision.

In my opinion (supported by massive amounts of real-world deployments), payment transaction requests are rendered and authorized on mobile devices which seems to be at odds with the server-centric OAuth way of doing things.

It all really boils down to the question: do "Financial Services" and "Consumer Payments" actually benefit from using the same technology?

A related question is the value of a Payment Initiation Service.  As far as I can see it is essentially a "firewall" between the merchant and the user's bank.  The need for such a firewall is not evident.

I believe this part of Open Banking needs a refresh where the PIS concept is replaced by something else like e-money institutions issuing virtual payment cards.  Performing bank selection in the PIS and (optionally) account selection in the bank seems very fuzzy compared to simply selecting a card in a consistent user interface. That there is no generally accepted "Wallet" out there is of course a snag.


More information about the Openid-specs-fapi mailing list