American Express Banking asking every day for Security Code

pin

Hi I am also getting the daily security prompts after adding American Express Banking High Yield account. I tried the suggestions off this discussion chain but didn't work. Is there anything else I can do? I've changed all my settings with American Express and spent 1 hour on the phone with them yesterday, given updated information. There is a page on American Express to let third party apps which is already authenticated for Quicken, but I think this only applies to their credit cards, and not banking. Can you look into this?

https://community.quicken.com/discussion/7942239/american-express-banking-new-savings-account-asks-for-security-code-every-day-during-osu

Quicken Kristina

Hello @pin,

It is the financial institution that determines when to prompt for multi-factor authentication. Since you mentioned that you already followed the suggestions in the discussion you linked, I'm assuming that you already checked the financial institution's website for any options that may reduce the authentication prompts. I recommend you also check your browser security settings. If the security is set too high, it may be blocking the cookies that allow the financial institution to remember you.

Also, just to clarify, are you getting prompts only for updating that one account? If not, what other account updates are triggering the prompt?

I look forward to your reply!

pin

There seems to be a character limit. hence third time typing this sorry for abbreviation….

I lowered browser settings and no change, on the once a day security 2 factor authentication

I removed the banking account, left the 2 credit cards, - still prompted.

I removed banking, kept 2 credit cards - no longer prompted.

I added all 3 - still prompted.

This seems tied to their banking product no allowing "Manage Third Party Permissions" like they do for credit card. It is not an individual issue.

Can quicken escalate this with American Express to find someway to allow daily downloads without 2 factor authentication each time?

Quicken Kristina

Thank you for your reply,

Unfortunately, for security reasons, Quicken is not able to call the financial institution on behalf of customers. Have you spoken to the financial institution's support about this issue?

Thank you.

pin

Hi,

I have 2 Amex Credit Cards, and as mentioned just added AMEX High Yield Savings Account. Sorry for the delay but since your suggestion I tried multiple things:

1. Changed and lowered browser security settings.
2. Removed online access for the 2 credit cards completely in Quicken.

The daily security prompts still come up (and only initially once a day). It is tied to their Banking Account only. It seems they don't have a "Manage Third Party Permissions" for their banking as they do for their Credit Cards.

If I remove the banking account and keep the credit cards, the daily security prompt disappears.

If I keep all 3 accounts the security prompt is there once a day.

If I just keep the banking account the security prompt is there daily.

Is this something that can be escalated overall with Quicken to work with American Express to enable, authorize, (or disable the 2 factor authentication) for their banking accounts?

Pin

pin

Sorry for the delay, but I've been testing this since your message on December 22nd. It seems like American Express Banking does not allow "Manage Third Party Persmissions" like they do for their credit cards.

I tried to lower broswer security settings, but it still prompted the daily 2 factor authentication just once initially a day.

I removed the 2 credit card accounts and only left the AMEX Banking High Yield - it still prompted.

I removed the banking account and kept the credit cards - it no longer prompted.

I added all 3 back and it still prompted.

It is something tied to their banking accounts.

Can Quicken escalate this to have it removed from American Express or work something out to allow Quicken to download transactions without 2 factor authentication. It is not an individual issue. It shows up all over the internet even with Mint app.

UKR

Having set up an AmEx Savings account myself a couple of months ago, just to see how that would work, I have decided to remove the American Express - Banking selection from my One Step Update Settings. The account itself is still activated for downloading.

Once a month, on the 28th, AmEx pays interest on the account. It'll take a day or two for this transaction to become available for downloading with Quicken.
So, on the 30th, I start a One Step Update, go into Settings and put a checkmark in the box for AmEx - Banking. As a result, I get the 2FA code prompt and the transaction downloads.
On the next day, when I run my next daily OSU, I go into Settings again and remove the checkmark for AmEx - Banking.
For the entire month there's no 2FA prompt for AmEx - Banking (of course, no download either). But who needs a daily download from an account which has 1 transaction per month?

So that's how I'm working around this issue …

pin

Thanks Kristina - I would of course understand that Quicken is not able to call the financial institution on behalf of customers, and as mentioned I have spoken to Amex about this issue but they just say it is unavailable. What I was asking is Quicken as a service provider for banking information, it would be great if Quicken at a high level (not for a specific customer) were to work with American Express to influence them to get them to make this available on behalf of all customers. Can this be escalated to the developement team or someone with influence at Quicken to work with American Express to enable this? This is effecting all Quicken customers using American Express Banking and possibly other banks too. One of the companies has to start the conversation.

pin

Hi UKR,

Thanks, that's exactly the workaround I would have to resort to next. It seemed like your original post I tagged you got it working (though now it seems you are experiencing the same thing I am), hence I was curious what you did, and tried your steps.

But actually am glad you need to do the same thing too. Thanks for your confirmation and help.

Shannon M M

I, too, a having this problem, though for me the onset seems to be more recent. If Quicken is providing the service of easily maintaining updated accounts and collecting the fees, they should absolutely be the ones heading up the resolution of problems.

mshiggins

There appears to be some significant misunderstanding about this issue.

There are 3 Quicken "Connection Methods" that can be used with One Step Update (OSU):
- Direct Connect (DC)
- Express Web Connect+ (EWC+)
- Express Web Connect (EWC)

Express Web Connect is the ONLY OSU Connection Method that can use/require 2FA. That's because EWC is considered so insecure that financial institutions typically require 2FA to increase the security of EWC downloads.

As noted earlier (in this and other discussions on the subject), the financial institution is 100% in control of 2FA. They decide whether to require it, under what conditions to require it, and how often to require it. 

American Express is not the only financial institution to require 2FA for every Quicken EWC download: Navy Federal Credit requires 2FA for every EWC download; and so did BofA before they dropped EWC downloads altogether. I suspect there are other financial institutions who also require 2FA for every EWC download.

Given the fact that it is the financial institution that is determining that 2FA is required for every EWC download, and that the financial institutions have that requirement because they believe it is necessary to maintain a minimum level of security for downloading to Quicken; it's difficult to imagine a conversation between Quicken and a financial institution where Quicken suggests that the financial institution reduce their security requirements because 2FA is annoying Quicken users.

To clarify another misunderstanding evidenced in this discussion: the "authorization" of Quicken accounts is a product of the EWC+ Connection Method. It has no direct bearing on 2FA; the reason EWC+ doesn't use 2FA is because it is already considered a secure enough Connection Method. "Authorizing" the download of accounts for EWC would do nothing to enhance the underlying security of EWC downloads. The security, or lack thereof, of downloads is baked in to the Connection Method.

I think it's likely that American Express has many more credit card customers than bank customers, so American Express may well have decided to spend the money to switch their credit card customers to the more secure EWC+, while not (at least not YET) spending the money to switch their bank customers to EWC+. 

If American Express bank customers want to avoid having to respond to 2FA requests when downloading to Quicken, I believe they will have to prevail on American Express to switch their bank customers to the EWC+ Connection Method.

-JP