Someone please please tell me this is not correct. Reading this link, seem like one can de-crypted https traffic via fiddler. Does it mean if I am doing online banking via https, someone who can intercept this traffic can read my account and pin key information?

Fiddler will act as a Man in the Middle, using its own SSL certificate, and thus triggering browser warnings. If you are suitably deterred by those warnings, nobody will snoop on your online banking sessions.

For more on how this works, you can read about public-key cryptography.

Fiddler requires you to install a special SSL root certificate for it to be able to listen to HTTPS traffic. Once you install it, Fiddler can install itself as a proxy (middleman), faking that it's every HTTPS site on the Internet. In short, yes, it can listen to everything over HTTPS, but you need to manually install the certificate on your machine first to allow it.

In theory, any root certificate you install on your machine - Fiddler or not - will allow the person generating it to impersonate any Internet site, so never do it without considering the ramifications.

In SSL terms, what Fiddler does is that it installs itself as a certificate authority on your machine. When you access a HTTPS site for which it is acting as middleman, it quickly generates a certificate claiming to be the site in question. Since the root certificate is on your machine, it will trust Fiddler's certificate and happily let it decrypt everything.

You have to accept the ssl certificate issued by fiddler but yes you can monitor ssl traffic with fiddler. If you dig a bit deeper there are more sophisticated tools for MITM attacks like: https://www.owasp.org/index.php/Category:OWASP_WebScarab_Project