occasionally useful ruby, ubuntu, etc

24Aug/097

Banks and OAuth support

For fun, I decided to ping all of my financial companies (Bank Of America, CapitalOne, Chase, EmigrantDirect, INGDirect, Vanguard) about their plans for OAuth support. I don't know how many of you use the wonderful service known as Mint, but I like it a lot. Unfortunately, a part of me died when I gave them my username/password for my banking sites. And INGDirect is secure enough that Mint can't even interface with them! Sorta cool.

Anyway, here's what the institutions said:

Company Response
Bank Of America

Thank you for your suggestions regarding Online Banking. We value your opinion. The information you provided us will be forwarded to the appropriate department for ongoing evaluations of Online Banking.

CapitalOne

Thanks for your message.

Chase

In response to your inquiry, I will forward your suggestion to our development team for further consideration.

EmigrantDirect

Thank you for your feedback. We will certainly share your comments with the appropriate people within the organization.

INGDirect

We appreciate your feedback! Your suggestion will be forwarded to the appropriate area for review.

Vanguard

Thank you for your recent feedback concerning the OAuth protocol. At this time, we do not have any immediate plans to support OAuth.

Your thoughts have been forwarded to the appropriate area for review. We are constantly accepting ideas for improvement on our site, and it's often through recommendations such as yours that enhancements are made.

Originally this was going to be a more exciting post...but I guess I was too optimistic :(

On the bright side, it makes me happy to be a customer of Vanguard's, now. Their response was the only one that wasn't simply "thanks, we'll forward that to the appropriate party". Even though their answer was pretty much "no", it came back quickly and concisely -- it took only like two hours turnaround, whereas most of the others took 2-3 days.

Also, Bank of America/CapitalOne/Chase sort of piss me off in that they *require* you to use their crappy internal messaging system, even for interacting with the company in as mundane a way as this. Not only that, but I wasn't even notified when they'd replied. Am I really supposed to sign into my bank website every day to check for messages?

Does your bank plan on supporting OAuth? Let's raise the awareness a bit so we can get even more cool online tools for managing finances!

Comments (7) Trackbacks (1)
  1. Good for you to check this out!

  2. US Banks prefer a company like Mint to know about their clients’ credentials than to spend a relatively tiny amount of money to implement OAuth… Weird.

    Anyway, that’s good to know! Thanks.

    • Well, given the current state of Bank of America’s internal site in Washington state at least, it seems like the webdev budget for that bank at least is rather low! Which is a pity, given the website is the most frequent avenue for interaction for many.

      It seems unlikely that banks really care what sites like Mint are doing — but they should! If our only choice is to give our credentials to a site like Mint in order to use it, banks should see this as a red flag and get to work coming up with new ways to keep their clients safe. I guess it’s easier for them to say “ha, that’s why you should never give your username and password out to sketchy people like Mint” instead of actually solving the problem on their end.

  3. This seriously needs to be done, even if it’s just an OAuth token to add read-only access, banks need to jump on this.

  4. I would love to see this, but it is going to be so hard to get all the various banks to add the functionality.

  5. Here is the response I got from Alaska USA

    Thank you for your inquiry, John. We’re always interested in learning what products and services our members are interested in. Although we do not have immediate plans to support oAuth, we do take the security of your account very seriously. I have forwarded your inquiry to our development team for additional consideration. In the meantime, you can learn more about how we protect your account by visiting http://www.alaskausa.org/security.


Leave a comment