Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Please note this sub-forum does not provide professional finance advice. You should seek advice from a licensed financial advisor. If investing please consider our affiliate links for new accounts: Sharesies or Hatch. To post in this sub-forum you must have made 100 posts or have Trust status or have completed our ID Verification



View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
Behodar
8369 posts

Uber Geek

Trusted
Lifetime subscriber

  #2855369 24-Jan-2022 11:10
Send private message

Good grief!

 

"Well over half our clients provide us their bank statements through this service."

 

Isn't it, at the very least, a violation of most banks' terms of service to give your password to a third party?

 

Edit: Ah, yes. Further down the article:

 

"New Zealand Bankers’ Association chief executive Roger Beaumont​ said bank terms and conditions generally include not sharing your bank account access details with anyone else."


Affiliate link
 
 
 

Affiliate link: Buy anything now at AliExpress.
Handsomedan
4854 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #2855372 24-Jan-2022 11:11
Send private message

Samuel Cavanaugh​, the owner of loan company Better.co.nz, stood by the request for customer bank passwords as “industry standard”.

 

 

 

NO. It's not industry standard practice and it's in breach of all banks' T&C's. 

 

Idiotic to say that it's normal, fair or even acceptable. 

 

 





Handsome Dan Has Spoken.
Handsome Dan needs to stop adding three dots to every sentence...

 

Handsome Dan does not currently have a side hustle as the mascot for Yale 

 

 

 

*Gladly accepting donations...


Handsomedan
4854 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #2855373 24-Jan-2022 11:12
Send private message

Behodar:

 

Good grief!

 

"Well over half our clients provide us their bank statements through this service."

 

Isn't it, at the very least, a violation of most banks' terms of service to give your password to a third party?

 

 

Banks even tell you not to disclose passwords to them! 





Handsome Dan Has Spoken.
Handsome Dan needs to stop adding three dots to every sentence...

 

Handsome Dan does not currently have a side hustle as the mascot for Yale 

 

 

 

*Gladly accepting donations...




michaelmurfy
/dev/ttys0
11027 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2855377 24-Jan-2022 11:15
Send private message

Alan did the right thing here. If you enter your banking password on any third party site (POLi and Account2Account included) you’re breaching the terms of your internet banking agreement meaning your bank will not cover you for any fraud via internet banking.

This is not industry standard. I got a home loan topup literally the other week under the new CCCFA regulations and my bank asked for statements from all my bank accounts and manually went through and categorised my purchases. Yes, an automated tool to scrape and do this is great and all but it is not at all secure and if anything happens you can lose it all and your bank won’t cover it.

So do what Alan did. Run for the hills if anyone asks you to do this and find a new lending provider.




Michael Murphy | https://murfy.nz | https://keybase.io/michaelmurfy - Referral Links: Sharesies | Electric Kiwi
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation.


nzkc
1066 posts

Uber Geek


  #2855378 24-Jan-2022 11:15
Send private message

I actually blame our banks in part for this practice (it does go on!).

 

If they provided the following:

 

  • Ability to create read-only logins (ideally choosing which bank accounts it can see)
  • (Open) APIs that 3rd parties can use that provide appropriate permissions (obviously with your permission to access your accounts)

Then this wouldn't be needed at all. Or even exist I imagine. POLi could also be abandoned by companies with a bit of thought!


Handsomedan
4854 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #2855494 24-Jan-2022 12:04
Send private message

nzkc:

 

I actually blame our banks in part for this practice (it does go on!).

 

If they provided the following:

 

  • Ability to create read-only logins (ideally choosing which bank accounts it can see)
  • (Open) APIs that 3rd parties can use that provide appropriate permissions (obviously with your permission to access your accounts)

Then this wouldn't be needed at all. Or even exist I imagine. POLi could also be abandoned by companies with a bit of thought!

 

 

Open Banking is supposed to address this with API's but it's a hard and expensive slog to get there for most of the banks. 

 

 





Handsome Dan Has Spoken.
Handsome Dan needs to stop adding three dots to every sentence...

 

Handsome Dan does not currently have a side hustle as the mascot for Yale 

 

 

 

*Gladly accepting donations...


antonknee
1102 posts

Uber Geek

Subscriber

  #2855497 24-Jan-2022 12:11
Send private message

This is really, really common. A lot of mortgage brokers will have you do this. I was asked by several when I was buying this time last year.

 

It's appalling and shouldn't be allowed. I believe this particular service is run by one of the credit agencies, so who knows what else they do with your information once they have it.




Behodar
8369 posts

Uber Geek

Trusted
Lifetime subscriber

  #2855499 24-Jan-2022 12:17
Send private message

In an amazing coincidence, just a few minutes ago I got an email at work talking about wanting to integrate POLi onto our website. For those unfamiliar, it's another 'service' where you give them your username and password.

 

I have a suspicion that my response may have put the cat amongst the pigeons.


nzkc
1066 posts

Uber Geek


  #2855501 24-Jan-2022 12:21
Send private message

Handsomedan:

 

Open Banking is supposed to address this with API's but it's a hard and expensive slog to get there for most of the banks. 

 

 

They've literally had years to implement something - even just a read only login. TBH: I have no sympathy for them.


MadEngineer
3062 posts

Uber Geek

Trusted

  #2855555 24-Jan-2022 12:48
Send private message

This is what our mortgage broker requested we use. They got a no. Nothing hard about downloading csv files

https://bankstatements.com.au/




You're not on Atlantis anymore, Duncan Idaho.

MartinGZ
229 posts

Master Geek

Subscriber

  #2855842 24-Jan-2022 18:26
Send private message

MadEngineer: This is what our mortgage broker requested we use. They got a no. Nothing hard about downloading csv files

https://bankstatements.com.au/

 

A bit ambiguous, but I read it that illion/bankstatements is the agency your broker wanted you to use. I would not go there either. It all looks really nice with loads of bank logos splashed everywhere.

 

From their video:

 

"bankstatement is a user authorised service so your customer is effectively authorisation us to log in on their behalf securely to retrieve their transaction data and send it straight to their broker."

 

He then goes on to say it is encrypted, and all login info is deleted as soon as the process is completed. Etc etc. All nice weasel words.

 

Some of the issues

 

     

  1. You are entering your bank login details into their website, which then retrieves the data from the bank account(s). There is nothing in my bank's T&C that give Illion an exception allowing this to happen.
  2. They say their software is security checked etc etc, so completely trustworthy. See point 1.
  3. “authorised service”. Authorised by whom? The customer? See point 1. By the bank? See point 1.
  4. Illion is a credit check agency.  Nuf said.




Nokia 6110, 6210, 6234, Sony Ericsson XPERIA X1, Huawei Ideos X5 (Windows Mobile), Samsung Galaxy SIII, LG G4, OnePlus 5, iPhone Xs Max (briefly), S21 Ultra. And I thought I hadn't had many phones - but the first one around 1997.


DjShadow
3853 posts

Uber Geek

ID Verified
Trusted

  #2855844 24-Jan-2022 18:35
Send private message

Purple Visa (The Warehouse Money) use this site also


MadEngineer
3062 posts

Uber Geek

Trusted

  #2855855 24-Jan-2022 19:42
Send private message

Yeah like I said, they got a no from me. Mortgage broker wasn’t all that surprised by my response but simply reiterated how it makes things easier.




You're not on Atlantis anymore, Duncan Idaho.

andysh
188 posts

Master Geek


  #2855887 24-Jan-2022 22:47
Send private message

Handsomedan:

 

nzkc:

 

I actually blame our banks in part for this practice (it does go on!).

 

If they provided the following:

 

  • Ability to create read-only logins (ideally choosing which bank accounts it can see)
  • (Open) APIs that 3rd parties can use that provide appropriate permissions (obviously with your permission to access your accounts)

Then this wouldn't be needed at all. Or even exist I imagine. POLi could also be abandoned by companies with a bit of thought!

 

 

Open Banking is supposed to address this with API's but it's a hard and expensive slog to get there for most of the banks. 

 

 

 

 

HSBC & Barclays managed in the UK, sure they could manage it here.


colinuu
237 posts

Master Geek


  #2855891 24-Jan-2022 23:08
Send private message

michaelmurfy: Alan did the right thing here. If you enter your banking password on any third party site (POLi and Account2Account included) you’re breaching the terms of your internet banking agreement meaning your bank will not cover you for any fraud via internet banking.

 

Which makes me wonder where do password managers (Lastpass etc) fit in here? Technically a 3rd party site has my banking login but I feel the strong password he generated for me is more secure than anything I could dream up.


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Belkin Screenforce Tempered Glass Screen Protector and Bumper - Apple Watch
Posted 15-Aug-2022 17:20


Samsung Introducing Galaxy Z Flip4 and Galaxy Z Fold4
Posted 11-Aug-2022 01:00


Samsung Unveils Health Innovations with Galaxy Watch5 and Galaxy Watch5 Pro
Posted 11-Aug-2022 01:00


Google Bringing First Cloud Region to Aotearoa New Zealand
Posted 10-Aug-2022 08:51


ANZ To Move to FIS Modern Banking Platform
Posted 10-Aug-2022 08:28


GoPro Hero10 Black Review
Posted 8-Aug-2022 17:41


Amazon to Acquire iRobot
Posted 6-Aug-2022 11:41


Samsung x LIFE Picture Collection Brings Iconic Moments in History to The Frame
Posted 4-Aug-2022 17:04


Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media
Posted 4-Aug-2022 16:50


Microsoft Announces New Solutions for Threat Intelligence and Attack Surface Management
Posted 3-Aug-2022 21:54


Seagate Addresses Hyperscale Workloads with Enterprise-Class Nytro SSDs
Posted 3-Aug-2022 21:50


Visa Launching Eco-friendly Payment Solutions in New Zealand
Posted 3-Aug-2022 21:48


NCR Delivers Services to Run Bank of New Zealand ATM Network
Posted 30-Jul-2022 11:06


New HP Portfolio Supports New Era of Hybrid Work
Posted 28-Jul-2022 17:14


Harman Kardon Launches Citation MultiBeam 1100 Soundbar
Posted 28-Jul-2022 17:10









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







GoodSync is the easiest file sync and backup for Windows and Mac