What is Multi Factor Authentication
Bank feeds (also known as extractors) are what connect banks to various accounting platforms. These data exchanges provide accountants, lenders, as well as other applications within the financial technology (Fin Tech) sector with valuable consumer information. But what protects your personal data from falling into the wrong hands? Multi Factor Authentication.
Depending on your banks security requirements, you may be required to answer additional security questions, or reply to an email, text, or phone which is commonly known as multi factor authentication (MFA). Like your financial institution,
Common Types of MFA
Currently there are three commonly used types of multi factor authentication:
- Security questions:The bank will ask you additional questions which are commonly setup when you first set up the bank account. This process varies from bank to bank between the type of questions that are asked as well as the number of questions being asked as well. Generally, we see 1-3 questions but have experienced up to 6 questions.
- Security tokens: The institution provides the account holder with a device (commonly an electronic key chain) that generates a 4-6-digit access token and must be entered in every time the account is accessed. Since each time the number is entered it is different, the user logging into the account must have the key chain with them to obtain the code.
- Security Images:Commonly known as “Captcha”, these security questions are commonly in the format of images, text and sometimes audio. Like the token, there values are randomly generated and may be required every time you log into the account.
For Your Protection:
Unfortunately. multi factor authentication has been designed to keep your data protected first and your convenience last. While Ledgersync does address most security questions with static answers token based requests require user interaction.
Understanding what causes a token to be requested is just as important and can help you better plan around unexpected time delays. If your account utilizes multi factor authentication, it may be triggered when you refresh your bank feed, or if you access your account from different computers.
The implementation of these new security features may have started with some of the larger financial institutions, but it is very likely that over time more banks will follow the trend.
DDA vs OFX:
Even large Accounting Platforms like Xero, & QuickBooks Online, have recently been experiencing issues with their bank feeds. Last March, Capital One boldly shut their bank feeds down to most third parties including QuickBooks Online until new contracts were negotiated.
After completely redesigning their web portal, Wells Fargo went to even more extreme lengths to disrupt data scrapers by front loading additional characters that come across as the bank memo. Recently you may have noticed Wells Fargo transactions now display “Purchase Authorized on XX/XX”, at the start of their transactions memo lines to control what useful data was accessible.
Even large Accounting Platforms like Xero, & QuickBooks Online, have recently been experiencing issues with their bank feeds. Last March, Capital One boldly shut their bank feeds down to most third parties including QuickBooks Online until new contracts were negotiated.DDA vs OFX:
Hoping to find a common ground, Banks, fintech companies, and The Center for Financial Services Innovation have all expressed interest in adopting a common data sharing standard. While the industry still has not made a final decision, the industry front runners appear to be the Durable Data API (DDA) or the Open Financial Exchange (OFX)
PSD-2 and the European Union
These challenges are not unique to Ledgersync, or even to US Banking. For some time, the European Commission has been moving toward an Open Banking system that would provide developers a standardized API. This push toward a more transparent banking system has threatened to break the banks monopoly on people’s financial data and potentially huge drops on revenue over time.
Recently while reaching out to numerous Ledgersync users to discuss how they have been handling the MFA issues with their clients, Mike Snelson shared how they had handled the issue:
“Within our practice, we ask our clients to add a dedicated phone number or email that we have established just for these types of accounts. This allows us to send the security token directly to us instead of the client and allows them to still keep their credentials secret.”
As the financial tech sector continues to grow into a multi-billion-dollar industry, the banks will begin to feel the pressure from their consumers to provide open access to their personal data. Although inconvenient, multi-factor authentication has reduced fraud, protected online identities and most likely is here to stay.