Banks and OAuth support
For fun, I decided to ping all of my financial companies (Bank Of America, CapitalOne, Chase, EmigrantDirect, INGDirect, Vanguard) about their plans for OAuth support. I don't know how many of you use the wonderful service known as Mint, but I like it a lot. Unfortunately, a part of me died when I gave them my username/password for my banking sites. And INGDirect is secure enough that Mint can't even interface with them! Sorta cool.
Anyway, here's what the institutions said:
Company | Response |
---|---|
Bank Of America |
Thank you for your suggestions regarding Online Banking. We value your opinion. The information you provided us will be forwarded to the appropriate department for ongoing evaluations of Online Banking. |
CapitalOne |
Thanks for your message. |
Chase |
In response to your inquiry, I will forward your suggestion to our development team for further consideration. |
EmigrantDirect |
Thank you for your feedback. We will certainly share your comments with the appropriate people within the organization. |
INGDirect |
We appreciate your feedback! Your suggestion will be forwarded to the appropriate area for review. |
Vanguard |
Thank you for your recent feedback concerning the OAuth protocol. At this time, we do not have any immediate plans to support OAuth. Your thoughts have been forwarded to the appropriate area for review. We are constantly accepting ideas for improvement on our site, and it's often through recommendations such as yours that enhancements are made. |
Originally this was going to be a more exciting post...but I guess I was too optimistic
On the bright side, it makes me happy to be a customer of Vanguard's, now. Their response was the only one that wasn't simply "thanks, we'll forward that to the appropriate party". Even though their answer was pretty much "no", it came back quickly and concisely -- it took only like two hours turnaround, whereas most of the others took 2-3 days.
Also, Bank of America/CapitalOne/Chase sort of piss me off in that they *require* you to use their crappy internal messaging system, even for interacting with the company in as mundane a way as this. Not only that, but I wasn't even notified when they'd replied. Am I really supposed to sign into my bank website every day to check for messages?
Does your bank plan on supporting OAuth? Let's raise the awareness a bit so we can get even more cool online tools for managing finances!
August 25th, 2009 - 21:35
Good for you to check this out!
November 30th, 2009 - 08:36
US Banks prefer a company like Mint to know about their clients’ credentials than to spend a relatively tiny amount of money to implement OAuth… Weird.
Anyway, that’s good to know! Thanks.
November 30th, 2009 - 16:47
Well, given the current state of Bank of America’s internal site in Washington state at least, it seems like the webdev budget for that bank at least is rather low! Which is a pity, given the website is the most frequent avenue for interaction for many.
It seems unlikely that banks really care what sites like Mint are doing — but they should! If our only choice is to give our credentials to a site like Mint in order to use it, banks should see this as a red flag and get to work coming up with new ways to keep their clients safe. I guess it’s easier for them to say “ha, that’s why you should never give your username and password out to sketchy people like Mint” instead of actually solving the problem on their end.
February 16th, 2011 - 13:03
This seriously needs to be done, even if it’s just an OAuth token to add read-only access, banks need to jump on this.
March 28th, 2013 - 12:49
I would love to see this, but it is going to be so hard to get all the various banks to add the functionality.
February 23rd, 2014 - 11:57
The current state of affairs is profoundly stupid. http://un-trusted.net/2014/02/23/banking-technology-silliness/
March 17th, 2016 - 13:35
Here is the response I got from Alaska USA
Thank you for your inquiry, John. We’re always interested in learning what products and services our members are interested in. Although we do not have immediate plans to support oAuth, we do take the security of your account very seriously. I have forwarded your inquiry to our development team for additional consideration. In the meantime, you can learn more about how we protect your account by visiting http://www.alaskausa.org/security.