Fidelity Connections to 3rd Party Aggregators

mrzookie

Just received a notification from Fidelity that they will be updating their security protocols for allowing access from data aggregators. Sounds like they're going to EWC+. No specifics on dates, but they say they are working with aggregators and to expect "a temporary interruption". UGH!

I've noticed some people have been having troubles with Fidelity for awhile. Perhaps this has been going on for some time on a rolling basis, although I haven't seen any mentions of the notification.

Chris_QPW

Fun, Fun!

Quicken Jasmine

Hello @mrzookie, 

Thanks for reaching out. 

Fidelity is currently not on our list of financial institutions that are making the switch to EWC+ so, at this moment in time, we do not have any information regarding this. If something new appears or we are provided more information, we will let you know. 

I hope this clears things up!

mrzookie

@Quicken Jasmine

That's an unexpected, but welcome, reply. Here's the text of the email. The bolded bullet points sure sound like Quicken would be part of the group targeted for the changes. Perhaps they are only going to  force MFA?

Protecting your data on third-party sites At Fidelity, protecting your data is critical to us. Security experts and regulators also support the need for account protection and recently encouraged a second layer of password authentication, known as multifactor authentication. We’re always enhancing how we safeguard your data. For that reason, we want you to know about new security protocols we’re implementing to keep your information secure whenever you link your Fidelity accounts to outside websites and apps and provide them with your Fidelity login information. Examples include: Money management websites and apps that let you see all your accounts from multiple providers (sometimes known as “data aggregators”) Budgeting apps and banks that import your spending and saving information from your Fidelity accounts Person-to-person payment apps that you link to your Fidelity accounts While these sites and apps may make accessing your information more convenient, they use the Fidelity username and password you provided to them, which means they have the same access to your data that you do. This makes it difficult for you to control what they see and do with your account information. We are implementing new security protocols to add another layer of protection to your accounts. As we complete this transition, when using some third-party websites and apps, you may experience a temporary interruption on those external sites. You will still be able to access all your account information and activity directly on Fidelity.com or the Fidelity Mobile® app. You can take steps to help protect your data, including: Confirm whether you still actively use all the sites and apps that have your Fidelity username and password. Determine whether you want to continue to share your Fidelity access with these sites and apps. Read the terms and conditions of sites and apps that have your login credentials, to ensure that you know how your data is used and stored, whether they sell any of your information, and what happens to your data if you leave the service or if the service ceases to exist. Set up alerts to stay informed on your account activity. Monitor your accounts regularly for any unusual activity. Thank you for your partnership with us to help keep your data secure. If you want to learn more, the link below has details on how we’re protecting your personal information.

LEARN MORE ▸

QUESTIONS YOU MAY BE ASKING   “How will this affect me?” We’re working with third-party sites and apps to make their access more secure when using your data. Depending on which site you use, you may be temporarily unable to access some of your Fidelity data on that site. It does not mean that your Fidelity information has been lost or compromised in any way, and you can still access all your accounts directly on Fidelity.com and on our mobile app. “Is this a response to a data breach?” No. This is purely a proactive, protective measure. It’s not the result of any loss of customer information or data leak. It’s part of our ongoing effort to implement the latest security protocols to help protect your accounts. “Do I have to do anything?” While you don’t have to take any action, you should assess which third-party sites may have your Fidelity credentials. You can continue to view, access, and manage all your accounts directly on Fidelity.com or within the Fidelity Mobile® app. “What’s being done to allow third-party sites and apps to access my Fidelity information?” We’re working with these sites and apps to allow you to access your information outside Fidelity when and where it’s convenient for you—but only while ensuring these access points meet our own high security standards. “How can I keep my information safe?” Visit our security page. You’ll find tips to help you keep your accounts and information secure and protected from unwanted data exposure. “How do I revoke access to my account information for a third-party website or app?” You can remove access directly from the app or service, but the safest and most secure way is to change your Fidelity password.

Chris_QPW

@mrzookie
This doesn't sound like Express Web Connect +/FDX.  One of the main "selling features" of Express Web Connect +/FDX is that your username and password isn't used.

@Quicken Jasmine If Quicken Inc has a list of financial institutions that are going to Express Web Connect + all the Quicken users would love to see that list posted.

mrzookie

Sounds like they may implement mandatory MFA.

Chris_QPW

mrzookie said:

Sounds like they may implement mandatory MFA.

If so that will not apply to Direct Connect.  It has its own separate security model.