Who's got my PenFed data? Quicken? Intuit? Akoya?
Quicken today prompted me to authorize a new login method for PenFed Credit Union. The Quicken popup said "Quicken uses Intuit…" and asked me to log in to PenFed to authorize data sharing. After logging into PenFed, the PenFed notice mentions only "Third Party" and "Akoya." It looks like "Third Party" is a placeholder that was meant to say "Quicken." But I suppose this means I'm giving access to Akoya and not Intuit. Or both? Or some other Third Party?
This is an issue of trust for Quicken, because Quicken is asking me to trust them and their partners with the keys to my kingdom. When there's an inevitable data breach at Akoya (or Intuit), what's my vulnerability? I've been trusting Quicken with login info for years, but a little voice in my head is telling me this decision will haunt me. I don't have a contract (or user agreement or privacy policy) with Akoya or Intuit. Who is responsible when things go wrong?
From PenFed web authorization process: "Third Party would like to access your account information and data. Before PenFed provides Third Party access to your account information and data, we must have your consent. … By checking this box, you agree to the Terms & Conditions and are directing PenFed to share your data with Third Party via Akoya."
Comments
-
Given the prompt I will take the educated guess that the connection type is Express Web Connect +. If this is wrong the answer will vary.
With Express Web Connect + what you are authorizing is for Intuit to connect to your financial institution with a protocol called FDX. This is a highly secure protocol that uses rotating security tokens instead of usernames and passwords. So, that part of it is secure, but once the data hits the Intuit servers you have "take on faith" that what has been said is true and is "enough". Your data will not only be on Intuit servers (reportedly (very old unverified statement in Quicken forums) for a limited time like 30 days) it will also pass through Quicken servers (and in this case there has been no statement of how long their servers hold on to the information, but there are indications that the same system that is "Sync to Mobile/Web" is being used and it keeps data with no time limit.
With all that being said, then we come to your statements about "Akoya", which is the first time I have heard about it.
Looking it up it is a company that "Enables secure consumer financial data sharing". It is a common practice for financial institutions to use third-party services for the websites and things like data sharing. So, I suspect this part is on PenFed's side, instead of Intuit being authorized to directly connect to their serves with software they support, they have farmed that out to Akoya. If this is in a fact Express Web Connect + all that we have been told is that it is using the new FDX protocol, and I would hope that not, yet another protocol is being used. Note if the connection type is Express Web Connect then all bets are off, since all that tells you about how Intuit is connecting to the financial institution is that they have an "agreement".
Signature:
This is my website: http://www.quicknperlwiz.com/0 -
Yes, Quicken does use Akoya for data aggregation. Akoya is a financial data access network that helps securely connect financial institutions and data aggregators. This allows Quicken to provide users with up-to-date financial information without requiring them to share their login credentials directly with Quicken.
If you look into the details, this is a great improvement in data and account security for the Quicken user and eliminates the need to use "screen scraping" for data collection.
1 -
@CaliQkn good information. Note that I definitely agree with the fact that this is a step up from "aggregation", I do believe that everything else I said is true. As in the only protocol that Quicken uses that is "a Direct Connection" is "Direct Connect"/OFX protocol. All other "automatic downloading" goes through Intuit which Quicken Inc pays to handle this, and that data is then transferred to Quicken servers which then "sync it" to your Desktop data file.
Signature:
This is my website: http://www.quicknperlwiz.com/0 -
Thanks for your comments. Yes this is a connection type they call EWC+.
0
