To Yodlee or not to Yodlee: the battle over bank feeds

Why MYOB and Reckon make a big deal about Yodlee.

Bank feeds, and how they are supplied, are firming up as one of the key battlegrounds for cloud accounting vendors.

On one side are upstarts such as Xero, with 60,000 paying businesses, and Saasu, with an estimated 30,000 customers. They rely heavily on the US financial data aggregator Yodlee to stream transaction records from customers’ bank accounts into their respective accounting platforms.

On the other side are heavyweights MYOB and QuickBooks, distributed in Australia by software developer Reckon. MYOB gets its bank feeds from BankLink, an Australian company which has established contracts with most of the banks, building  societies and credit unions in Australia and New Zealand.

Reckon also uses Yodlee to connect to Australian and New Zealand financial institutions but has a team working on replacing those Yodlee connections by signing agreements for direct access, one bank at a time. This is a slow process – Reckon business division Gavin Dixon says the banks don’t move quickly – so Reckon will be relying on Yodlee for some while yet.

But this didn’t stop Dixon from slamming Yodlee as unsafe and using methods that he wouldn’t trust to use himself. “Yodlee has a problem in a way – you have to give them your internet banking credentials,” Dixon said.  “I wouldn’t do it. I trust Yodlee but all you need is one disaffected employee.”

How can Reckon let its users use an unsafe service? What is the fuss about?

At issue is the method by which Yodlee collects your transactional data. When a user agrees to set up a feed from their bank account to QuickBooks, Xero or Saasu, Yodlee uses automated software tools to sign into the user’s online banking account with their login details and takes snapshots of the list of transactions on the screen.

Yodlee compiles this information into a feed and streams it to its customers, the cloud accounting vendors.

Some companies, including unsurprisingly Yodlee’s competitor BankLink, claim this process is a security and compliance risk because the user is handing over confidential login details to an unauthorised third party. It may be in breach of the contract between the user and their bank, the critics add.

I tried contacting Yodlee through various channels to interview the company about these concerns but was ignored. If the competition’s claims are correct, Yodlee would not be keen on publicising the fact that it stores online banking logins for millions of people and doesn’t want to enter into a discussion about how it collects data.

How serious are the claims against Yodlee?

It’s impossible to know without talking to Yodlee and confirming its methods but the numbers are strongly in its favour. The 10-year-old company has 30 million users, and 150 financial institutions and portals use Yodlee to support their services, including half of the top 10 US banks.

Yodlee also includes one of the big four Australian banks as a customer. The ANZ bank launched a Money Manager service in Australia that used Yodlee’s data aggregation services, reported in the Sydney Morning Herald six years ago.

Yodlee collects data from over 9,000 financial institutions around the world, has raised $116 million in venture capital over its lifetime and has never reported a breach (as a US company it is legally obliged to report loss of sensitive data). Supporters also point out that Yodlee uses other methods for collecting data beyond “screen scraping”. It’s clearly a well-established global player with blue-chip customers.

What’s MYOB and Reckon’s beef with Yodlee about then?

It is in the old guard’s interests to make the road ahead as difficult as possible for Xero and Saasu, neither of which have the money to form direct connections with Australian banks (as Reckon is doing) or to pay BankLink to do it for them (which is MYOB’s approach).

One major point of difference between the young and old platforms is that MYOB and Reckon don’t have much interest in straying far from the Australian and New Zealand markets. MYOB had its fingers burnt trying to make it big in the US some years ago; Reckon only licenses the rights to QuickBooks in Australasia from US parent Intuit. (Intuit also sells a financial data aggregation service that competes with Yodlee.)

There are less than 200 financial institutions in Australia and New Zealand so it’s feasible that, over time, the two established players could sign up access directly. Xero and Saasu have larger ambitions and therefore need to connect to many more banks and unions in countries where they have users. That makes Yodlee the only practical answer.

Mature accounting programs look pretty similar since they’re trying to do exactly the same thing. It seems MYOB and Reckon are looking for stones they can fling at Xero and Saasu that won’t damage their own glass houses.

But Reckon’s position – claiming screen-scraping methods are dangerous while selling QuickBooks customers a Yodlee-backed service – suggests that there is less to fear than the major vendors are making out.

 

About Sholto Macpherson

Sholto Macpherson is a business technology journalist specialising in cloud software. He lives and works in Sydney, Australia.

Comments
2 Responses to “To Yodlee or not to Yodlee: the battle over bank feeds”
  1. Ash says:

    Banks should provide public APIs and free standardised data formats. There is so much nonsense in the banking ICT industry, and I hope one day they find some sanity.

Trackbacks
Check out what others are saying...
  1. […] technology. As a result, Xero and others have been unable to combat effectively accusations that bank feeds supplied by Yodlee were insecure or inaccurate.  Rival BankLink in particular has criticised screen scraping, where […]



Leave A Comment