Chase moves to Open Banking API

Dawid Wrobel me at dawidwrobel.com
Sat Oct 8 21:13:50 BST 2022 

Hi,

Are there any US banks and investment
> brokers which still support OFX direct connect, and are not likely to
> follow the herd?
>

It's inevitable for all banks. OFX direct connect is not safe, with mere
login/pass credentials required to log in to a financial institution. And
frankly speaking, I agree with this sentiment, login should require 2
Factor Authentication at all times. The notion that only a curated list of
institutions/businesses can apply to have access to a bank's API is also
reasonable, as this further strengthens the safety. Unfortunately, we get
hit with collateral damage, but it's not all lost — despite a similar
approach by the German FinTS standard, KMyMoney was still allowed to become
a certified software and allows German/Austrian/Swiss banks customers to
use KMyMoney to download transactions on the fly while remaining compliant
with the regulations.

So with that in mind, something definitely can still be done: in a form of
an open letter to the industry/legislator/your favorite senator, bringing
awareness over the loss of control over one's funds, as well as the
companies like Intuit getting a front seat treatment to bank's APIs, the
smaller proprietary software having to resort to Saltedge/Yodlee, which
inherently severely affect users' privacy, and lastly over leaving the Open
Source software at a complete loss. I can see how GnuCash, Skrooge, Money
Manager Ex, Ledger, Firefly III et al would also want to get involved in
this.

At least they still provide an qfx file from the website. I suspect that
> may not last long.


Well, OFX Direct Connect is getting scrapped for reasons laid out above.
Banks will continue to offer a statement export feature. Which, in fact, I
believe could be leveraged as a workaround to the above problem with Woob.
It already supports scraping banks' websites to obtain transactional
history, but that's rather complicated and prone to frequent failures due
to websites continuously getting updated. What
I imagine that would help instead is to extend it with an ability to
simply pass
the from/to dates and download the OFX/QIF statement generated on the fly.
This would make the scraping code required way smaller and, as such, more
reliable. In fact, something similar already exists (
https://dev.woob.tech/api/capabilities/bill.html), except this one is for
downloading pre-generated documents. Shouldn't be too difficult to have it
extended to also support downloading docs generated on the fly. Would love
for Woob maintainers join the conversation here, AFIK they are subscribed
to this list.

It needs to be noted, though, that any form of automated log in to a bank's
website often puts users doing so in breach of their ToS. So while we're
still in power to code away something functional to replace Direct Connect
with, it would inevitably be a *hacky* way around the problem — a problem
which can ultimately only be solved through awareness, advocating, and
eventually a further, privacy-friendly legislation.

-- 
Best Regards,
Dawid Wrobel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kmymoney-devel/attachments/20221008/6903e73d/attachment-0001.htm>

More information about the KMyMoney-devel mailing list