How Online Banking works in software?

Believe it or not, in year 2015 there are no standards that banks follow when it comes to data exchange. It means that every bank does things their own way. Or doesn’t do them at all. For that reason, there are companies that have just one purpose – to connect to multiple banks and aggregate their data in a unified format.

Developers on the other hand, can integrate with such aggregation platforms to provide Online Banking services to their customers.

This is what we did with MoneyWiz – we’ve integrated with SaltEdge which allowed us to support over 2400 banks in 43 countries. Starting in MoneyWiz 2.0.4, we’re also adding integration with Yodlee, to add more than 12,000 new banks. The total number of banks we’ll support is over 15,000 when MoneyWiz 2.0.4 is released (which we hope will happen around April 7). No other software integrates with multiple platforms, which means that MoneyWiz will be the finance software with widest range of banks support.

Why does it break every now and then?

The way data aggregation platforms get their data from the banks is most often by a method called “screen-scraping”. This means that the platform simulates user behavior in a browser and relies that the bank’s website contains this data where the platform is looking for it. Every time the bank makes a change to their website though, the platform needs to be re-educated how to read it. That creates a period of a day or two when the data aggregation platform will be unable to read the data and unable to provide it to the finance software.

Nothing Free In Rome

As a waiter in Rome once told me when I asked if they had free wifi – “Nothing free in Rome. Just water and only if it rains.”. The same principle applies to online banking. Data aggregation platforms tend to charge a lot!

We are often asked why we charge $5 when SaltEdge charges us $1… let us explain the basic math here:

1. SaltEdge charges us $1 for up to 3 banks. If you add a 4th bank, then it’s $2 for up to 6 banks etc. Regardless of how many banks you connect, we still charge you a static fee of $5.

2. Once we add Yodlee, they will start charging us too. Then if you add banks from Yodlee and SaltEdge, we’ll be charged twice. We still charge you a static fee of $5.

3. Let’s look at things from our perspective… we charge you $5. Apple (and Google) takes 30% of it. We’re left with $3.5. Most people add around 5 banks. That means that we’ll be paying to the aggregation platforms around $2 for you. That means we’re left with around $1.5. From that amount, subtract around 40% in taxes and we’re actually left with around $0.9. That $0.9 covers our increased expenses for support and development. Also, in case you added more than 3 banks in SaltEdge and at least one in Yodlee, we’re actually working at a loss.

How some services do it for free?

There are finance services/apps that provide online banking for free. Don’t be so quick on celebrating though. Step back and think. Have you ever heard of either of those:

1. Charity organization that’s in the business of providing free finance software?

2. Any business that works for free, all of their employees work for free, and the business doesn’t pay bills?

If you haven’t heard of any of these two, it’s for a good reason. They don’t exist.
Now that we’ve established that every business needs money to pay their salaries and bills, assuming that this business gives you the online banking for free, you have to ask yourself – how do they make money?

It’s actually simple. Your finance data costs more than you would pay for an app. Over the past year only, we’ve been approached multiple times by companies who offered us a lot of money to sell our clients’ data. We didn’t even bother replying to these companies. But while we have the integrity to keep a promise – keep your data secure – others might not.

So the next time you are offered something for free, remember that every business needs money, and know that they are making it one way or another. Would you risk handing your finance data to a company like that?

Security? Don’t fool yourself!

Every finance software company makes claims that they keep your data secured. Let’s look into this!

If you’ve tried multiple finance apps/services, you would’ve noticed that some of them send you weekly reports of your transactions. Ask yourself this – how on earth do they know this? If your data is encrypted with your password, then how can they decrypt it, read it, put it in an email and send it back to you?

Well, the truth is – if that happens, your data is most certainly not encrypted properly.

Let us give you an example…

The way encryption works is that it takes some data (let’s assume text), and encrypts it with a private key. The only way this data is secure, is if the private key is your own password. If that is so, it means 2 things:

1. Your data can’t be mailed back to you, because the finance product would need your password to decrypt and read it. They are not supposed to have your password in plain text, so they are not supposed to be able to decrypt your data and mail it back to you.

2. You cannot restore your password…if you can, then it means it’s stored somewhere unsecured. Just think of it this way – how can you restore something that’s unknown? You can’t! The only way you would be able to get back from losing your password would be to reset it to a brand new one.

While we can’t mention names (for legal reasons), we can tell you this – after a thorough research we’ve found out that MoneyWiz is one of very very few finance products that encrypts your data properly, with your password.

Be Responsible!

MoneyWiz is all about promoting and enabling financial health. We hope this article will help you take responsible decisions when it comes to Online Banking! If you think your friends and family may be fooling themselves about the security of their financial data, share this article and help educating them on the subject. It may save them tons of headaches in the future!

14 Comments. Leave new

  • It’s all understandable and great.

    But living in Eastern Europe (where we currently really lack personal finance programs that would have Online Banking) we _cannot_ use Yodlee. And there is barely anyone with more than 2 accounts or 3, at most. So the chance of anyone from around here (or may other countries of the region) going above 3 banks is very unlikely.

    And at the same time, the price for the application and/or the subscription is a whooping 5.45 euros! That is over 6 USD. This seems very unfair, especially considering that people in this region earn significantly less.

    Of course, demand dictates the price, but with this kind of policy I will pay, but as soon as there is any alternative solution, even if slightly weaker – I will switch. Even if with a competition being created you will drop your price. I think that prices have to be fair.

    Of course, that is my personal opinion. But the program is great. Keep it up!

    Reply
    • Hi Stanislav,

      We support a lot of banks in Eastern Europe through SaltEdge (our other data provider…we use both Yodlee & SaltEdge).
      As for the price – you make a valid point, but let me give you 2 more valid points:
      1. We are technically unable to set prices per region… i.e. this is how the App Store works – you set a price and it applies to all countries. No such thing as “make it cheaper here, and more expensive there”, Apple just doesn’t allow us to do it.
      2. If we lowered the price of online banking, we’ll be working at a loss…that is obviously unsustainable and the end result will be that one day we’ll simply close doors and MW will no longer be supported. We don’t want that, do we? I urge you to take into account the 30% that we pay to Apple/Google, our own taxes, and the extensive fees we pay to Yodlee, SaltEdge + additional salaries in terms of support and development team so we can maintain this functionality.

      Reply
      • Thank you for the response, Iliya.

        It would’ve been sufficient to mention that you don’t have control over per-region charges. That answers all my questions at once and is something that I was not aware of. Then it is a flaw of Google and Apple Stores.
        If majority of your users reside in US or Western Europe and prices have to be “same” for everyone then that is what defines it.

        In this case, I hope that Google / Apple review their policies to make them more flexible, since at the present moment it’s discriminating us.

        Again, thank you for a great product!

        Reply
        • Hi again,

          Actually Google does allow different prices in different countries. Apple doesn’t. But it would be unfair to people if we charged differently for Apple and for Google users. Also again, point 2 stays valid and the fact is that out of these $4.99 that we charge (EU implies additional 20% tax), Apple/Google take 30%, we pay fees and taxes, and the end result is that this is the minimum we should charge in order to be profitable.

          Reply
  • Thank you for educating me with this blog article! I’ve been in contact with your support staff (Marina is super helpful:) about Yodlee and SaltEdge bank omissions. I understand their limitations now, but I’m pretty nervous about trusting those companies to protect my login credentials and banking data!

    Have you looked at eWise? I found their website while looking for info about how banking data aggregation works (same list of search results your blog link was in), and they seem to have a more secure approach—albeit with the same bank coverage problem the others share. I asked them about their data integration services for software developers and their reply was interesting (and alarming). Email me and I’ll forward it to you.

    Reply
  • Hello iliya, what about the security of Yodlee and SaltEdge? For me, I don’t trust them.
    I am from Germany, and most of the banks here have a standardized way to retrieve data of them. Check the protocol HBCI. This is completely free to use.

    Reply
    • Hi Paul,

      Yodlee is a publicly traded multi billion dollar company. If they managed to grow so much I believe they should be good on the security front. SaltEdge is a smaller company but is certified to handle personal data which means that they must comply to international security standards as well. More about data handling here:
      http://moneywizapp.com/support/privacy-policy/

      As for HBCI – SaltEdge makes the connection via HBCI actually 🙂

      Reply
  • Hi! I want to know which banks are supported in Mexico!! Thank you

    Reply
    • Hi Dan,

      It seems that we support these banks in Mexico:
      * American Express Bank Mexico
      * BBVA Bancomer
      * HSBC Mexico
      * Liverpool Mexico
      * Santander Mexico
      * Banamex Bank

      Reply
  • Please consider what I am saying bellow is not concerned to Moneywizapp itself, but rather to these large third party providers. I would pretty much like to hear an answer from you, since I actually want to believe on the solution and benefit from it.

    I am not concerned at all about the monthly costs since the solution would be worth much more for anyone really concerned to financial planning. I am not concerned either on having my financial data exposed as this would be bad but there is nothing so special about it.

    The real nightmare scenario here would be to find out the 3rd party providers, like saltedge or yodlee, causing a unsolicited money transfer or payment either because of a mistake (software is not perfect everytime, actually it is a complex, fast evolving technology far from that most of the time) during an update, or through some malicious action inside these companies.

    Lets not forget as soon as you handle your bank login and password to someone else you are in breach of their terms of service. They are not responsible. The government is not responsible. You are on your own, potentially exposed to a third party on the other side of the world.

    Lets consider these 3 scenarios and very concrete risks:

    (1) no privacy or security policy will prevent malicious action undertaken by a determined malicious employee.

    (2) no security measures will ever stay in the path of a government agency that could benefit from detailed financial information from tens or hundreds of thousands of accounts, that is even more true if all this information is sitting in a central place, which is precisely what happens on these cases, since they do hold your credentials and possibly keep a copy of all syncronized statements they send to our desktop Moneywiz software.

    (3) when it comes to actually having access to so many financial accounts, these thirdy party providers are actually having access to a heck lot of money, a lot, lot more than their revenues or net worth, and with no regulations or external audits over them, as banks do have. It is a little difficult to believe this kind of situation can go on forever with no issues whatsoever.

    If only one of these 3 issues materialize into a real issue, the impact to the users of this service would be a disaster.

    I am not saying Moneywiz is a bad idea, actually I love it and would like to believe on the implementation, just would like a little more input on the thoughts above.

    Reply
    • Hi Roberto,

      Thank you for expressing your concerns.
      While I can’t speak for Yodlee or SaltEdge as they are not our companies, I can speak from my perspective of someone working with them and someone who knows the technology and business.
      The thing with money transfers is that you can’t just initiate them for most banks. You need some extra form of credential – be it a TAN code, an RSA key code or something else, usually (most banks) require additional form of authentication in order to initiate a money transfer. That being said – neither Yodlee nor SaltEdge has that information.
      Both these platforms operate in purely ‘read-only’ mode. You must also consider the fact that if any of these providers abuses the access or information they have, that will mean that they will be prosecuted and out of business. And they are a US and a Canadian company, which means that laws can really be enforced.

      I know I can’t give you anything more specific, and if you feel uncomfortable using the online banking feature – know that you can use MoneyWiz in manual mode where you enter your data manually. But I hope the above comment will give you a perspective on why we, at MoneyWiz, think that online banking is not any riskier than any other internet activity.

      Reply
  • Hi, I can see this is an older thread, but I did want to bring up something that I can see being an issue. These free apps (such as Mint) sell our data to research companies. It’s one of the ways that they can make it free to us. Are we certain that Yodlee doesn’t do the same?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.
You need to agree with the terms to proceed

Menu