Businesses connecting online accounting software to bank feeds could be breaching their bank’s conditions and be at risk of hacking, said Matthew Addison, executive director of the Institute of Certified Bookkeepers at the association’s annual conference in Sydney today.
Some online accounting programs connected to bank feeds by asking users to share their online banking details with US financial services company Yodlee. Businesses shouldn’t give Yodlee an online banking login with full access to their bank accounts, Addison said.
“What’s happening at the moment is we’re giving the software the open-ended password and username. Anything could happen,” Addison told the audience. “If that username or password get stolen, they can go into the internet banking and the cash is gone.”
An obvious solution was for businesses to set up a second login to their online banking which had read-only access, Addison said.
Not all banks offered read-only login profiles and there have been issues with bank feeds from the Commonwealth Bank for accounts with read-only login and full-access profiles.
“The only user name and password to store in the cloud should be a read-only access. I like the feature (bank feeds), we just need to step forward,” Addison said.
Addison showed an audience of 240 bookkeepers an email from a representative at NetBank, the Commonwealth Bank’s online banking division.
“Netbank help desk have advised me that providing the netbank ID is not a breach of the terms and conditions, however providing the password would be,” the email said.
“It is not advisable of clients of the bank or yours to provide their Netbank client ID because if something fraudulent were to happen on their account they may not be covered for the financial loss. In a nutshell, you can provide (your login details) to Yodlee, but I wouldn’t recommend it,” the email said.
Online accounting companies Xero and Saasu relied heavily on Yodlee to collect bank feeds from Australian and international banks. Xero has formed direct connections with the top seven banks in Australia and did not rely on Yodlee for their bank feeds.
Yodlee's website said its services had 40 million users and 600 financial institutions and companies.
Bank feeds in online accounting programs MYOB LiveAccounts and MYOB AccountRight Live were provided by BankLink, a local service which had agreements with Australian banks and did not request users’ login details.