Capital One download update asking for one time code

1911131415

Comments

  • edited April 2017

    That ultimately is why I decided to switched to Moneydance. I'd expect that kind of bureaucratic dysfunction within an organization like Intuit. But that excuse is gone because Quicken is basically a start up again. They should be nimble and proactive. I got into it with them about the community forum. They blamed their lack of response on the fact that the forum is user to user. I asked then why do many posts come from official Quicken employees with Quicken in their usernames. They then admitted that employees do monitor it. That's also why I switched to Moneydance. I can't imagine a culture where employees see the struggle that many customers are having for months (no way do I believe that Quicken officials aren't aware of these threads) and they don't raise the issue to superiors or they do raise the issue and no one acts on it. What do I expect? I expect senior leadership at Quicken to personally address this problem in the forums - what the problem is, when it will be fixed etc. And I expected that a month ago.

    I looked into Moneydance today. Reading through their help section and community posts, it sounds like they can't download Capital One transactions either, for the same reason. Would somebody please confirm whether or not Moneydance can download from Capital One? If so, I am going to finally rid myself of the brain tumor that is Quicken.
  • PhillyPhritzPhillyPhritz Member
    edited April 2017

    I gave up on the fight got a new credit card messing with Quicken is a waste of time.

    I have had this problem for some time.  tolerating it until now.  Just got a new update, Quicken deluxe 2017 R5, build 26.1.5.5  STILL has this issue.

    FYI Answered their survey with lots of feedback. gave them my email and said it was ok to contact me.  never heard from them.  
  • rev.geoffrev.geoff Member
    edited April 2017
    Last night, Quicken couldn't update my accounts in their registers. It went like this: I updated my accounts and they all showed 'complete,' but the registers themselves were unaffected. Even Capital One showed complete! So once more, I contacted on-line tech support. He told me that I would have to deactivate and reactivate each account. *Each account*. I told him that would be a lot of work, but he stuck to his position. I told him to forget it. I'm taking ACE Money out of moth balls. If Quicken can't provide the on-line updates, and I have to go back to manual entry, then I don't need Quicken anymore. I wonder if the company would listen if everyone who had these problems went to on-line chat tech support, reported it, then said call me when it's fixed.
  • Bob K.Bob K. Member ✭✭
    edited April 2017
    rev.geoff said:

    Last night, Quicken couldn't update my accounts in their registers. It went like this: I updated my accounts and they all showed 'complete,' but the registers themselves were unaffected. Even Capital One showed complete! So once more, I contacted on-line tech support. He told me that I would have to deactivate and reactivate each account. *Each account*. I told him that would be a lot of work, but he stuck to his position. I told him to forget it. I'm taking ACE Money out of moth balls. If Quicken can't provide the on-line updates, and I have to go back to manual entry, then I don't need Quicken anymore. I wonder if the company would listen if everyone who had these problems went to on-line chat tech support, reported it, then said call me when it's fixed.

    Probably the biggest value from Quicken is the ability to down-load transactions from all the various financial institutions.  If this ability is compromised, then Quicken is not really that relevant.  
  • Ted BTed B Member
    edited April 2017
    rev.geoff said:

    Last night, Quicken couldn't update my accounts in their registers. It went like this: I updated my accounts and they all showed 'complete,' but the registers themselves were unaffected. Even Capital One showed complete! So once more, I contacted on-line tech support. He told me that I would have to deactivate and reactivate each account. *Each account*. I told him that would be a lot of work, but he stuck to his position. I told him to forget it. I'm taking ACE Money out of moth balls. If Quicken can't provide the on-line updates, and I have to go back to manual entry, then I don't need Quicken anymore. I wonder if the company would listen if everyone who had these problems went to on-line chat tech support, reported it, then said call me when it's fixed.

    Look in "preferences" and see if the box  became unchecked which places transactions in the registers automatically.
  • joanzen .joanzen . Member
    edited April 2017

    I finally called Quicken and demanded to have my complaint escalated. They connected me with very competent tech guy ... I ended up uploading 3 log files, they verified a few hours later that there was a problem, and escalated it internally. I then got an email a day later to go through the usual deactivate / reactivate steps. After weeks of grief, Capital One downloads are finally working again (for me).

    Me clearing my browsing history/cookies was just one scenario.  I was just trying to say that the OTCs don't have to be one-time, regardless of the name.  Cap One or any org that implements 2FA can ask for a code at any time they deem it necessary (or even make it every time).  Many of the folks posting here seem to think it's a bug/error if they get more than one request for a code, and that's not necessarily the case.

  • Bob K.Bob K. Member ✭✭
    edited April 2017

    I finally called Quicken and demanded to have my complaint escalated. They connected me with very competent tech guy ... I ended up uploading 3 log files, they verified a few hours later that there was a problem, and escalated it internally. I then got an email a day later to go through the usual deactivate / reactivate steps. After weeks of grief, Capital One downloads are finally working again (for me).

    I didn't have a major problem with having to input a one-time code (although it was not one time and it was annoying), but now I get an error message from Quicken that says I have address a "pop up" and I should go into my Capital One on-line account but when I go to my account I can't find any "pop up" to input whatever information is required.  Very frustrating.  Because I can no longer download transactions I am moving on to using a different card.
  • leskoonkleskoonk Member ✭✭
    edited April 2017
    I have experienced everything mentioned here.  But, mostly I have stayed connected.

    Now, as of yesterday (4/5/2017), I am getting a CC-503 (invalid password).

    Is anyone else seeing this ?

    Larry
  • edited April 2017
    leskoonk said:

    I have experienced everything mentioned here.  But, mostly I have stayed connected.

    Now, as of yesterday (4/5/2017), I am getting a CC-503 (invalid password).

    Is anyone else seeing this ?

    Larry

    Yes - I close the box - go to Cap1 and download the recent transactions - that still works like in the olden days.
  • Bobby GraysonBobby Grayson Member
    edited May 2017
    I always have it ask for the one time code. From time to time I also get a CC-503 error (invalid password). If I do, I close the error box and after all my other accounts have downloaded I go to my Capital One account in Quicken and try updating just Capital One and it usually works the 2nd time. No rhyme or reason.
  • edited April 2017
    Having similar problems with Quicken Premiere 2017. Turned off online update for the account, turned it back on, entered credentials, got asked for the one time code, once it was sent and entered I got connected.  Thought all was good.  Since then it's periodically asked for a one time code. When it arrives I'll enter it and it connects. Sometimes it doesn't arrive. Sometimes it asked for my password and if I updated it recently. (I haven't) When I enter the password I just get a spinning symbol and end up having to force quit Quicken.  Very frustrating.
  • Ted BTed B Member
    edited April 2017
    I'm again getting "pop up or web page" obstruction. If you download from Cap1 website make sure you custom date or you'll get dupes.
  • edited April 2017
    I've been having the same problems as everyone else here, but things have worked the last 4 days in a row , sometimes with multiple logons/account updates per day, after doing the following steps.  I also was able to alleviate the  big headache when deleting duplicate transactions.

    Steps 2, 5 and 7 in the list below are new things I'd not done in the many previous attempts to get  Q to work with C1.  

    -1.  Backup up your file. I chose to use the copy function and then opened the newly created copy.
    0.  Reconcile your C1 account. You'll see why in step 7
    1. I deactivated C1 account
    2. I ran validate and repair on the open file - this found and fixed two broken transactions - 
    3. I shut down and restarted Q. I skipped the autoback up
    4. I reactivated the C1 account using the "link to existing account" option
    5. I had C1 send the OTC to my email address
    6. I accepted all downloaded transactions - they were all duplicates (70 of them)
    7. Becasue my C1 account was previously reconciled, I ran the reconcile process and and just deleted all the downloaded transactions

     The whole process took about 10 minutes and I've run clean from OSU with 6 other bank, credit card and investments accounts for the last 4 days. Your mileage may vary.

    I'm  running Q Premier 2016 at the latest patch level

    Good luck
  • Ted BTed B Member
    edited April 2017
    I shut down Q which was open from the day before...reopened and did Cap1 by itself. It worked.
    Will it continue to work? Who knows?
  • Garth HeutelGarth Heutel Member
    edited April 2017
    I have been having this same problem for several months.  I have tried almost everything that people recommend, and it works for a while then stops working eventually.  I have already had to deactivate and reactivate three times.  Each time after I do it I get a whole bunch of duplicate entries that are already entered that I have to manually delete, which is annoying. After the reactivation it works a few times, then I get the same error message again.  Hopefully this will get fixed soon.
  • onixonix Member
    edited April 2017
    Ted B said:

    I'm again getting "pop up or web page" obstruction. If you download from Cap1 website make sure you custom date or you'll get dupes.

    I am getting the same.  [CC-508]
    Also, I think Capital One is not playing nice by causing all these pop-ups requiring regular login through a webpage.  But mainly, I agree with others that it is up to Intuit to clean up this mess on behalf of their "customers".
  • edited April 2017
    Ted B said:

    I'm again getting "pop up or web page" obstruction. If you download from Cap1 website make sure you custom date or you'll get dupes.

    I'm not sure "nice" is their objective. I think preventing international hacking thieves from stealing the bank's assets is their objective. Quicken can decide to be nimble and keep up or cease to be relevant.
  • sweinber932wasweinber932wa Member
    edited September 2018
    After living with this for as long as everyone else, and going through the same, fruitless gyrations of deleting/re-establishing the link, re-branding, blah blah blah, only to have it fail again, I did some research.  Bottom line; there is no user setting, nor "set it up again" thing that will cure this problem, long-term.

    The underlying issue:  there are two different methods for Quicken software to access a user's financial institution and download data.  "Direct Connect", and "Express Web Connect".  Direct Connect requires the FI (bank, credit card or investment company) to host a DC server.  The Quicken user's account is logging into that server, and securely exchanging encrypted data.  That method works great, always has, and still does.  For FIs who don't have a DC server, Quicken has to use "Express Web Connect".  This method is less secure.  Quicken is logging into your usual web browser-based account, simulating a human's keystrokes, and downloading the transaction file from the website, just like you would do yourself.  The financial industry's recent focus on improved website security means that some FIs, like Capital One, are adding two-factor-authentication (the one-time PIN) to log into their websites.  Quicken EWC can't handle this properly, because it (intentionally) can't get the one-time PIN text message or phone call.  You wouldn't want it to do that.

    So, this is pretty much hopeless, unless Capital One installs a DC server...it's not Quicken's fault.
  • edited April 2017
    That would make sense up to a point, but how come downloads work for a while without requiring a PIN? And why, when I log into the CapitalOne website to do a manual download into Quicken, does it do it without a two-factor authentication?
  • Ted BTed B Member
    edited April 2017

    That would make sense up to a point, but how come downloads work for a while without requiring a PIN? And why, when I log into the CapitalOne website to do a manual download into Quicken, does it do it without a two-factor authentication?

    I was wondering the same thing...But I know that my bank only occasionally asks me a security question when I log in and never when I download from Quicken, so maybe the pin thing is random too.IDK...it's not really disrupting me much but I'd be glad to see it fixed.
  • edited April 2017

    After living with this for as long as everyone else, and going through the same, fruitless gyrations of deleting/re-establishing the link, re-branding, blah blah blah, only to have it fail again, I did some research.  Bottom line; there is no user setting, nor "set it up again" thing that will cure this problem, long-term.

    The underlying issue:  there are two different methods for Quicken software to access a user's financial institution and download data.  "Direct Connect", and "Express Web Connect".  Direct Connect requires the FI (bank, credit card or investment company) to host a DC server.  The Quicken user's account is logging into that server, and securely exchanging encrypted data.  That method works great, always has, and still does.  For FIs who don't have a DC server, Quicken has to use "Express Web Connect".  This method is less secure.  Quicken is logging into your usual web browser-based account, simulating a human's keystrokes, and downloading the transaction file from the website, just like you would do yourself.  The financial industry's recent focus on improved website security means that some FIs, like Capital One, are adding two-factor-authentication (the one-time PIN) to log into their websites.  Quicken EWC can't handle this properly, because it (intentionally) can't get the one-time PIN text message or phone call.  You wouldn't want it to do that.

    So, this is pretty much hopeless, unless Capital One installs a DC server...it's not Quicken's fault.

    That's the technical explanation for what's going on but in terms of saying that's not quickens fault, it's not that easy. It's not that easy because that doesn't explain why services such as Personal Capital are not having an issue. My suspicion is that what is triggering the constant two-factor authentication is a scenario where Capital One is seeing a log-in from a new IP address that it's never seen before for your specific account. When you login repeatedly from the same web browser, it doesn't trigger the two-factor authentication requirement. Clear your cache and clear your cookies and you'll get to go through the same two factor process again.


    More modern services like Buxfer and Personal Capital that are built on a web architecture are, I would suspect, using your web browser with cookies to pass your IP address to Capital One, and showing them a consistent IP address unless you clear the cookies.


    I suspect that Quicken is doing this connection server-side so it's passing a different IP address to Capital One every single time.


    Now, granted, there's a whole lot of guessing in everything I just said because I have no inside knowledge of how this stuff works but it's very possible that this is actually Quicken's problem in terms of them not having the software architecture to be able to pass a consistent IP address to the bank for each user. So I go back to my original comment that it's their responsibility to keep up with the times. Capital One, nor any other bank, doesn't give a darn if their service works with Quicken or not.


    It might also explain the lack of response from Quicken to this issue. If they know there is no fix and it's not going to be solved, they're not going to be honest and tell customers that. If the solution is a complete modernization of their software architecture so that it looks like Buxfer or Personal Capital, that's not in the cards any time soon. So Quicken does what they do which is to give ridiculous support to customers by having them jump through hoops that require hours of rebuilding their account data when it isn't going to fix the underlying issue.
  • edited April 2017

    That would make sense up to a point, but how come downloads work for a while without requiring a PIN? And why, when I log into the CapitalOne website to do a manual download into Quicken, does it do it without a two-factor authentication?

    It doesn't do it when you log in from your web browser repeatedly because it recognizes the IP address that you're accessing the service from and that IP address was previously two-factor authenticated.
  • sweinber932wasweinber932wa Member
    edited April 2017

    That would make sense up to a point, but how come downloads work for a while without requiring a PIN? And why, when I log into the CapitalOne website to do a manual download into Quicken, does it do it without a two-factor authentication?

    It sounds to me like Capital One is storing a limited-time cookie in the web browser, which expires, then requiring you to authenticate again.  Just a guess.  It could be tested by doing this:
    1. Delete your web browser's cache, history and cookies.
    2. Open a private browsing (Ctrl-Shift-P for Firefox or MSIE), or incognito (Ctrl-Shift-N for Chrome Browser) window, logging into your Capital One account.
    3. Download the transactions and see if it asks for the two-factor authentication (it should).
    4. Close and reopen the browser, and open another private/incognito window, and try again.  It should again ask for the two-factor authentication.
  • JohnJohn Member
    edited April 2017

    That would make sense up to a point, but how come downloads work for a while without requiring a PIN? And why, when I log into the CapitalOne website to do a manual download into Quicken, does it do it without a two-factor authentication?

    Boy, whoever said a little knowledge is a dangerous thing was certainly correct in this case. Lots of speculation and misinformation. For example, generally organizations are not using the IP address for device validation because IP addresses are too easily spoofed. (They may use the IP address for geolocation in order to identify and block fraudulent access from places like Russia or China, but, based upon my experiences, IP address is rarely used to verify a specific device.) When a web site asks whether you want to register a specific device for use with their service (private vs public device), they are determining whether to install a token (cookie or flash object?) on the device. On subsequent logins they then retrieve and examine  the token to determine whether the device was previously validated, making it "more trusted" and usually bypassing the need for additional authentication. I really do not have a good idea about the source of this problem, other than it is in the interface between Capital One and Quicken, as it seems to be so inconsistent. Some users receive an OTP prompt and then receive a code. Others, like me, receive the prompt at every "One Step Update" session, never receive the code, but the download proceeds successfully regardless. For some the prompt goes away for several sessions only to recur later. Some get error messages, others do not. The only thing I can say for certain is that Capital One and Quicken need to work together to resolve these issues. This is especially true if Capital One does not provide detailed current information about its interface. If not Quicken has to try to reverse engineer the interface and the authentication protocol. As I said previously, Capital One may not be overly motivated to help fix the problem because they would rather have their customer come to the Capital One web site, even if it is just to download transactions. Even the download visit provides them screen time with THEIR customer, screen time they do not get if the customer only interacts through Quicken. Oh, and the problem with a balance mismatch due to "pending transactions" being downloaded seems to occur more or less consistently. I assume this is definitely a Capital One problem, unless the interface specification addresses identification of pending transactions.
  • sweinber932wasweinber932wa Member
    edited April 2017

    That would make sense up to a point, but how come downloads work for a while without requiring a PIN? And why, when I log into the CapitalOne website to do a manual download into Quicken, does it do it without a two-factor authentication?

    @John, I don't know which misinformation you are disputing, other than the incorrect comment about IP addresses, which I didn't make.

    The problem is with the Express Web Connect method being obsolete, less secure, and wasn't designed to provide programmatic access via EWC to a bank that now uses two-factor authentication.  The EWC interface was designed by Intuit (former owner of Quicken), so they know how it works.  I am a Capital One customer, and as far as I am concerned, I don't want Capital One to subvert nor weaken access to their website without requiring two-factor authentication.  I don't want them to provide anyone with any "back doors" to enter 2FA codes, either.  The ideal solution would be for Capital One to provide a true Direct Connect server.  As long as they aren't financially motivated to do that by a significant number of their customers, it's anyone's guess as to whether they will ever do it.
  • edited April 2017

    That would make sense up to a point, but how come downloads work for a while without requiring a PIN? And why, when I log into the CapitalOne website to do a manual download into Quicken, does it do it without a two-factor authentication?

    Fair enough, that it is technically a cookie not the IP address determining whether Capital One decides it needs to two factor authenticate or not. Not sure that materially changes the conversation as to Quicken's obligation to architect their software in a way that's compatible with modern banking security methods.
  • edited April 2017

    After living with this for as long as everyone else, and going through the same, fruitless gyrations of deleting/re-establishing the link, re-branding, blah blah blah, only to have it fail again, I did some research.  Bottom line; there is no user setting, nor "set it up again" thing that will cure this problem, long-term.

    The underlying issue:  there are two different methods for Quicken software to access a user's financial institution and download data.  "Direct Connect", and "Express Web Connect".  Direct Connect requires the FI (bank, credit card or investment company) to host a DC server.  The Quicken user's account is logging into that server, and securely exchanging encrypted data.  That method works great, always has, and still does.  For FIs who don't have a DC server, Quicken has to use "Express Web Connect".  This method is less secure.  Quicken is logging into your usual web browser-based account, simulating a human's keystrokes, and downloading the transaction file from the website, just like you would do yourself.  The financial industry's recent focus on improved website security means that some FIs, like Capital One, are adding two-factor-authentication (the one-time PIN) to log into their websites.  Quicken EWC can't handle this properly, because it (intentionally) can't get the one-time PIN text message or phone call.  You wouldn't want it to do that.

    So, this is pretty much hopeless, unless Capital One installs a DC server...it's not Quicken's fault.

    Thank you.  Your explanation makes perfect sense. 
  • Tom JohnsonTom Johnson Member
    edited January 2018
    So, at what point do we move off Quicken?  I've used Quicken for over 20 years and never been as frustrated as I am now with this Capital One problem.  Maybe it's time to go to Mint or CountAbout.   These issues should be very easy for Quicken and Cap One to resolve if they wanted to.
  • JohnJohn Member
    edited April 2017
    I also have over 20 years invested, having converted when Managing Your Money went belly up. For me the two problems I experience - an OTP prompt for every One Step Update and incorrect balance - are more of an inconvenience. As long as everything else keeps working, I plan to leave well enough alone until there is a confirmed fix. I am not going to go through a bunch of gyrations hoping that it will fix the problem and end up only making it worse.
  • Ted BTed B Member
    edited April 2017

    So, at what point do we move off Quicken?  I've used Quicken for over 20 years and never been as frustrated as I am now with this Capital One problem.  Maybe it's time to go to Mint or CountAbout.   These issues should be very easy for Quicken and Cap One to resolve if they wanted to.

    I have 9 accts I download with Quicken.. The only one with an issue is Cap1. It's working now but even if the problem reoccurs (it just did) I can go the the website and download (just did) in less time than it takes for these tech experts to compose a long winded hypothesis as to what's wrong. Unless Quicken really begins to fall apart or charge an exorbitant amount, why would I abandon 20+ years of usage for something that costs about $15/year? It's easier to quit using Cap1 and accept one of the multiple credit card offers I get each week. There's no guarantee another program will be issue free or have the features I need. I will post a complaint on Cap1 FB page for sure...I think it's their fault. Nobody seems to be complaining about anyone else.
This discussion has been closed.