22seven is safe & secure but banks are not happy
The banks are not happy. Following the launch of 22seven launches which required users to enter the personal banking information including their PIN, several banks have issues warning to their customers:
FNB’s Michael Jordaan has sent this Tweet:[update 14 Feb 2012 – FNB has changed its mind and is now working with 22seven.com]
ABSA has gone a little further by issuing this warning on their Facebook Page:
particularly highlighting 22seven as “conflict with clear fraud awareness messaging sent out by all major banks, as well as the South African Risk Association and the South African Police Force.”
I Tweeted Standard Bank to see what they say and the replied with this series of Tweets:
So it seems like the banks are pretty clear about a 3rd party having access to our PIN. Their rule seems to stick that its our responsibility not to give it out and if we do – we are the ones who are in breech so any consequences are ours to bear.
No one is disputing that 22seven has purchased THE best software in the industry to protect the sensitive information. The system they are using is called Yodlee which is the middle system between 22seven and the Banks. Yodlee’s role is to extract your financial information and make it available to 22seven. So it seems that even 22seven doesn’t have access to your info – only Yodlee’s system does and they have been around for many years providing leading world banks with management financial tools.
so what is the real problem ?
We have to ask ourselves what is the underlying issue here. Is it 22seven for daring to bring to South African a new service that is needed much like Mint.com does in the US ? or perhaps we should be asking our local banking system as to why they themselves have not brought us tools to better manage our money ? Why have they not made available any 3rd party tools to interact with the banks system in a controlled & secure way ? There are Share-trading platforms that have 3rd party APIs (programming term for allowing developers to “talk to them” in a predefined secure way) so that companies can build their own set of tools and still use the financial information in a secure methods – why have the banks not made this leap ?
22seven didn’t take the “cheap and nasty” way out and simply developed their website to automatically log into your banking site and do a “screen grab” to read your information – that would have been irresponsible. 22seven contracted one of THE most recognised players in the world for the most secure way to access the information.
Yes we have trust issues and should not be reckless and just hand out the PIN (or write the PIN on the back of the ATM card like so many do…) but should we not be asking why the banking system isn’t looking forward to provide better tools for us, their customers.
Regardless which way we look, and no matter how safe or secure their service, the Bank’s Terms and Conditions make it impossible for us to look elsewhere. Cartel anyone ?
update 27 Jan 2012: check out Simon Dingle’s view on why 22Seven is safe
update 2 Feb 2012: in a bizarre move, ABSA has not only warned clients about 22Seven but has actively blocked Yodlee from accessing its servers – regardless of what its clients want. Christo explains the reaction of the banks with a “FUD” tactics – propagating of Fear, Uncertainty and Doubt to cast misgiving in the minds of potential users. See the iTweb story