So I applied to rent a new apartment last month and the landlord required income verification which was handled by a 3rd party service. It was actually multiple levels deep as the landlord was contracting with an online rental application service (rentcafe) which was then contracting with a credit worthiness service (Nova Credit) which in turn contracted the income verification part to a company called Finicity. I was alarmed when I saw a very similar screen that asked me for my login credentials to both my payroll system and my bank. Of course I balked at that and told the landlord I wasn't doing it, asked for alternatives including me sending copies of W2s and statements, etc. They actually said they couldn't make an exception because doing so would be a violation of the Fair Housing Act since htey needed to have the same process for everyone. Ultimately they allowed me to recant my application and refunded my fee but the bottom line is that I couldn't rent there.

I looked into the details of it to see what Finicity was and what they were doing. They are now a MasterCard company though my reading suggested they started as part of Fidelity. While the first screen did say they wanted my login credentials the actual process varied depending on whether or not Finicity had an agreement in place with the vendor or payroll system, and they appear to have many such agreements (all the major US banks seemed to be on board). For the ones where they do have agreements the process was actually similar to an SSO login with a referral where you would log in directly to your bank's website with a link that contained their SSO token and that would then prompt the bank to add an API key for their access. I didn't do this of course but it seems as though once you grant the access you can revoke it and maybe even limit it via the bank's interface (similar to authorizations for any 3rd party to do electronic equivalents of ACHs).
So while that is obviously better than handing over actual credentials, Finicity's terms of service make it much much worse:
https://www.finicity.com/terms...
In it they require you to hand them POWER OF ATTORNEY to act on your behalf when dealing with the financial institution. They can and do scrape all of your records. Unsurprisingly Finicity has already been sued for improperly sharing information.

So yeah, really rough.

No one has yet mentioned my favorite podcast, econtalk:
http://econtalk.org/
It's an hour a week and while it can get a bit wonky it's almost always really interesting. I highly recommend the episode on the life of a potato chip:
http://www.econtalk.org/archiv...

-alan

The lecture you went to see will be posted online to the MIT World website in the near future. Everyone will be able to enjoy the content for free, though late.