22seven is safe & secure but banks are not happy

The banks are not happy. Following the launch of 22seven launches which required users to enter the personal banking information including their PIN, several banks have issues warning to their customers:

FNB’s Michael Jordaan has sent this Tweet:

[update 14 Feb 2012 - FNB has changed its mind and is now working with 22seven.com]

FNB reaction to 22seven

ABSA has gone a little further by issuing this warning on their Facebook Page:

ABSA reaction to 22seven

particularly highlighting 22seven as “conflict with clear fraud awareness messaging sent out by all major banks, as well as the South African Risk Association and the South African Police Force.”

I Tweeted Standard Bank to see what they say and the replied with this series of Tweets:

Standard Bank reaction to 22seven

So it seems like the banks are pretty clear about a 3rd party having access to our PIN. Their rule seems to stick that its our responsibility not to give it out and if we do – we are the ones who are in breech so any consequences are ours to bear.

No one is disputing that 22seven has purchased THE best software in the industry to protect the sensitive information. The system they are using is called Yodlee which is the middle system between 22seven and the Banks. Yodlee’s role is to extract your financial information and make it available to 22seven. So it seems that even 22seven doesn’t have access to your info  – only Yodlee’s system does and they have been around for many years providing leading world banks with management financial tools.

so what is the real problem ?

We have to ask ourselves what is the underlying issue here. Is it 22seven for daring to bring to South African a new service that is needed much like Mint.com does in the US ?  or perhaps we should be asking our local banking system as to why they themselves have not brought us tools to better manage our money ? Why have they not made available any 3rd party tools to interact with the banks system in a controlled & secure way ? There are Share-trading platforms that have 3rd party APIs (programming term for allowing developers to “talk to them” in a predefined secure way) so that companies can build their own set of tools and still use the financial information in a secure methods – why have the banks not made this leap ?

22seven didn’t take the “cheap and nasty” way out and simply developed their website to automatically log into your banking site and do a “screen grab” to read your information – that would have been irresponsible. 22seven contracted one of THE most recognised  players in the world for the most secure way to access the information.

Yes we have trust issues and should not be reckless and just hand out the PIN (or write the PIN on the back of the ATM card like so many do…) but should we not be asking why the banking system isn’t looking forward to provide better tools for us, their customers.

Regardless which way we look, and no matter how safe or secure their service, the Bank’s Terms and Conditions make it impossible for us to look elsewhere. Cartel anyone ?

update 27 Jan 2012: check out Simon Dingle’s view on why 22Seven is safe

update 2 Feb 2012: in a bizarre move, ABSA has not only warned clients about 22Seven but has actively blocked Yodlee from accessing its servers – regardless of what its clients want. Christo explains the reaction of the banks with a “FUD” tactics – propagating of Fear, Uncertainty and Doubt to cast misgiving in the minds of potential users. See the iTweb story

9 Comments

on “22seven is safe & secure but banks are not happy
9 Comments on “22seven is safe & secure but banks are not happy
  1. Two things:
    1.22seven has the login info begore they send it to yodlee. There terms and conditions state that the cando anything with your security credentials,
    2. Yodlee screenscrapes. That is what they do. Oops…

  2. It isn’t. It is their flash login.

    By using the Services, you grant us and our authorised service providers the right to use, adapt, modify, distribute and create derivative works from any information, data, security credentials, materials or other content (collectively, “Content”) you provide through or to the Service.

    Did you miss that part?

  3. from 22seven:
    Our privacy policy – https://www.22seven.com/privacy_policy.html – explains exactly what we can and can’t do with our users’ information. We’ve built our service with the intent to help people see and use their money differently, so that they can do more with what they have. We don’t do anything with our users’ information other than make it available to them in a new and valuable way. As our service will be subscription based, we won’t be making money by using people’s information to sell them other products or services.

  4. Pingback: Love is in the air: FNB makes up with 22Seven ! « The Techie Guy – complicated IT translated into simple English

  5. Pingback: Love is in the air: FNB makes up with 22Seven &works together « The Techie Guy – complicated IT translated into simple English

  6. This is just plain crazy. Why dont they allow me to download my statements and upload to 22seven, like a CSV or other format? There is no way you should be sharing your pin, especially in these times when so many people are getting fleeced.

  7. Pingback: Inside 22Seven: Budgeting is so old-school and doesn’t work–its all about how we behave « The Techie Guy – complicated IT translated into simple English

Add your comment