It's a great idea, but it's been killed off by the small print that was lobbied into the requirements
Basically, banks force apps or users to require you fully revalidate user consent every 90 days. And it's quite an annoying process. That means any app or integration you want to build, requires 10 minutes of your time every 90 days or they stop working. It's killed many Fintech's.
It all works on paper, but is drafted into law by politicians who have no clue about technical challenges and user experience. So in the end, it works exactly as designed by the banks: it doesn't
Requiring up to date authentication in order to access a bank account makes sense though. Do you get annoyed at having to enter your PIN when using an ATM?
The method I use now (SimpleFIN) requires me to reauth with a text based OTP every single day, for each of my bank accounts/cards. It also voids some consumer protections. In practice I only sync once in a few days to avoid that pain. A somewhat supported way with auth once every 90 days sounds like a dream.
Basically, banks force apps or users to require you fully revalidate user consent every 90 days. And it's quite an annoying process. That means any app or integration you want to build, requires 10 minutes of your time every 90 days or they stop working. It's killed many Fintech's.
It all works on paper, but is drafted into law by politicians who have no clue about technical challenges and user experience. So in the end, it works exactly as designed by the banks: it doesn't