The Book-keepers Forum (BKF)

Post Info TOPIC: Bank Feeds


Senior Member

Status: Offline
Posts: 206
Date:
Bank Feeds


A colleague has raised an issue re using bank feeds which are supplied by Yodlee (as almost all of them are), in

that as you are allowing Yodlee access to your Internet banking login details (i.e. username and password),

you are opening ourself up to the fact that if your account was abused and you ended up out of pocket, you would

have no redress with the bank as you had shared your information with a third party.

We are using Xero, and I really like the bank feeds but don't want to open up the charity I work for to any financial losses.

 

Anyone have any thoughts on this?

 

Eunice



__________________

Eunice Cubbage



Expert

Status: Offline
Posts: 1811
Date:

I didn't realise the bank feeds into Xero are via an external service. (I do have one client using Xero, unfortunately, and they do use the bank feeds function, but it was all set up at their end with no input from me.)

TBH, even if Xero did provide that service themselves, you'd still be providing the bank details to a third party: Xero.

The question, at least in part, hinges on the nature of the set up. I would hope that the banks themselves are aware of Yodlee and the service it provides, and when it is given access it is purely read-only for the bank feeds. And, very importantly, that Yodlee is given its own log-in credentials, and not those used by the account holders, with full access.

If all of that is so, then even if Yodlee is hacked in some way, or has a rogue employee, there should be no way for those log-in credentials to be used to pilfer any money.

If Yodlee is given the account holders' credentials then, quite frankly, all bets are off. There may be some mitigation, depending on the bank's online banking set up (e.g. what level of two factor authorisation it uses to deal with payments, etc.)

I suspect Yodlee is supposed to be set up as another user, with limited/read-only access - but based on my experience of how silly some business owners are, it wouldn't surprise me if plenty have given Yodlee full access using their own log-in credentials, especially if adding users costs anything.

But I am making lots of assumptions, because as I said at the start, I don't actually know how this works other than that when I use Xero for one particular client, the feed is there.

__________________

Vince M Hudd - Soft Rock Software

(I only came here looking for fellow apiarists...)



Senior Member

Status: Offline
Posts: 155
Date:

Hi,

We had a Xero rep come to one of our AAT branch meetings this year.  He explained that Xero has explicit agreed arrangements with some banks for direct feeds, you can find that list here > https://www.xero.com/uk/partner-programs/banking-partners/uk-banks/ .

For other banks they do use Yodlee.

David.



__________________


Senior Member

Status: Offline
Posts: 206
Date:

Hi David

Yes I have looked at that (your link doesn't work, by the way), and Lloyds, who we use, isn't listed, so it does go via Yodlee.

Thanks for your input.

Eunice

__________________

Eunice Cubbage



Senior Member

Status: Offline
Posts: 206
Date:

Thanks, Vince, for the informative reply. As I now know Lloyds does not use Direct feeds, I am going to consult
with our Customer Service Manager to find out exactly what access Yodlee does have, and where we stand in the
event of things going belly up.



Eunice

__________________

Eunice Cubbage

Page 1 of 1  sorted by
 
Quick Reply

Please log in to post quick replies.

Tweet this page Post to Digg Post to Del.icio.us
Members Login
Username 
 
Password 
    Remember Me  
©2007-2024 The Book-keepers Forum (BKF). All Rights Reserved. The Book-keepers Forum (BKF) is a trading division of Bookcert Ltd. Registered in England Company Number 05782923. 2 Laurel House, 1 Station Rd, Worle, Weston-super-Mare, North Somerset, BS22 6AR, United Kingdom. The Book-keepers Forum and BKF are trademarks of Bookcert Ltd. This forum is a discussion forum only. There will usually be more than one opinion to any question and any posting should not be viewed as a definitive solution. No responsibility for loss occasioned to any person acting or refraining from action as a result of any posting on this site is accepted by the contributors or The Book-keepers Forum. In all cases, appropriate professional advice should be sought before making a decision. We reserve the right to remove any postings which are offensive, libellous, self-promoting or engaged in covert marketing. We will not notify users of removals. The views expressed in the forum posts are those of the individual and do not necessary reflect or agree with those of The Book-keepers Forum. Any offensive or unsuitable posts will be removed by the moderators. Any reader of this forum can request for a post to be looked into by sending an email to: bookcertltd@gmail.com.

Privacy & Cookie Policy  About