[Openid-specs-fapi] FAPI - The elephant in the room
Anders Rundgren
anders.rundgren.net at gmail.com
Mon Apr 29 08:40:06 UTC 2019
Dear list,
I hope you don't get too annoyed by my sometimes slightly "deviating" postings.
Anyway, this article
https://medium.com/oauth-2/transaction-authorization-or-why-we-need-to-re-think-oauth-scopes-2326e2038948
triggered me to once again reiterate what I consider a core problem with the FAPI vision.
In my opinion (supported by massive amounts of real-world deployments), payment transaction requests are rendered and authorized on mobile devices which seems to be at odds with the server-centric OAuth way of doing things.
It all really boils down to the question: do "Financial Services" and "Consumer Payments" actually benefit from using the same technology?
A related question is the value of a Payment Initiation Service. As far as I can see it is essentially a "firewall" between the merchant and the user's bank. The need for such a firewall is not evident.
I believe this part of Open Banking needs a refresh where the PIS concept is replaced by something else like e-money institutions issuing virtual payment cards. Performing bank selection in the PIS and (optionally) account selection in the bank seems very fuzzy compared to simply selecting a card in a consistent user interface. That there is no generally accepted "Wallet" out there is of course a snag.
thanx,
Anders
More information about the Openid-specs-fapi
mailing list