Security: why did Intuit access my financial institution after hours

The other morning, I received an email alert from my financial institution that there was a login to my account at 1:12 a.m. Since I was asleep at the time, this was very disturbing. I contacted them and asked for the IP address of the login, and they said it was 206.225.203.7 which is registered to Intuit. Why would Intuit be accessing my accounts in the background, without my knowledge? I do not upload my financial information to their server, so the only interaction I would expect is when I manually update my accounts.
Tagged:

Best Answer

Answers

  • Frankx
    Frankx SuperUser ✭✭✭✭✭
    Hi aedel42,

    Just trying to understand how you "manually update" your accounts.  Do you download any financial information from any of your financial institutions, like banks, credit unions, credit card issuers, brokerage companies, mutual funds, etc.?

    Frankx

                            Quicken Home, Business & Rental Property - Windows 10-Home Version

                                             - - - - Quicken User since 1984 - - - 
      -  If you find this reply helpful, please click "Helpful" (below), so others will know! Thank you.  -

  • NotACPA
    NotACPA SuperUser ✭✭✭✭✭
    AND,  when you do TOOLS, Account List ... what  does it say in the "Transactions Download" column across from the account(s) for that bank?
    Because, this sounds to me like the Intuit servers, on behalf of Quicken, are accessing your account via "Express Web Connect" so that your information  will be available the next time that you download that account.

    Q user since February, 1990. DOS Version 4
    Now running Quicken Windows Subscription, Business & Personal
    Retired "Certified Information Systems Auditor" & Bank Audit VP

  • aedel42
    aedel42 Member ✭✭
    Frankx: yes, I do download activity from my banks, etc. I meant to say "manually press the One Step Update button".

    NotACPA: I don't think I'm configured for Express Web Connect, and will double check the account list as you recommended.

    Sherlock: thanks for locating that detailed info.


    And, the financial account in question is set up for "Direct Connect."
  • aedel42
    aedel42 Member ✭✭
    ...and I hadn't realized that Direct Connect did automatic updates. I don't remember seeing logins to my financial institutions without my doing the "One Step Update".
  • Frankx
    Frankx SuperUser ✭✭✭✭✭
    edited June 2020
    Hi @aedel42,

    It isn't that Direct Connect does "automatic updates" - you can schedule it to do so, if you want to, but you are completely in control of when Direct Connect will update your accounts. 

    The activity that occurred at 1:12am was more likely Quicken/Intuit's scraping of your financial institutions' website under the Express Web Connect method, which you have no control over in terms of when that happens, and which Quicken's/Intuit's systems typically perform overnight once a day.

    Let me know if you have any follow-up questions!

    Frankx

                            Quicken Home, Business & Rental Property - Windows 10-Home Version

                                             - - - - Quicken User since 1984 - - - 
      -  If you find this reply helpful, please click "Helpful" (below), so others will know! Thank you.  -

  • NotACPA
    NotACPA SuperUser ✭✭✭✭✭
    Double check that "Transaction Download", as I previously suggested.
    Because "Direct Connect" (as understand it) ONLY contacts your bank when you're doing either:
    • a One Step Update,
    • a manual update that you initiated from within the account,
    • Or a "Scheduled Update" (that's really a One Step Update that you've set to run  on a recurring basis at a specified time).

    Q user since February, 1990. DOS Version 4
    Now running Quicken Windows Subscription, Business & Personal
    Retired "Certified Information Systems Auditor" & Bank Audit VP

  • Sherlock
    Sherlock Member ✭✭✭✭
    I think the only way the Direct Connect connection method can be initiated from an Intuit/Quicken IP address would be if we have setup an account associated with the financial institution to sync with the Quicken Cloud.
  • NotACPA
    NotACPA SuperUser ✭✭✭✭✭
    Sherlock said:
    I think the only way the Direct Connect connection method can be initiated from an Intuit/Quicken IP address would be if we have setup an account associated with the financial institution to sync with the Quicken Cloud.

    Good thought.  I hadn't thought about Q Web or Q Mobile ... both of which use the Q Cloud.

    Q user since February, 1990. DOS Version 4
    Now running Quicken Windows Subscription, Business & Personal
    Retired "Certified Information Systems Auditor" & Bank Audit VP

  • aedel42
    aedel42 Member ✭✭
    From what you're all saying, Direct Connect works as I've always expected. I was confused by their summary table having a check in the row for "Automatically download transactions from your financial institution." When I expanded the "Direct Connect Details" link below the table, the "Data" section clearly did not have the same automation as Express Web Connect.

    I double-checked the Account List, and all of my accounts at this financial institutions use Direct Connect in the Transaction Download column. I also checked the "Schedule Updates" settings and verified that this financial institution is NOT enabled. In fact, none of the Schedule options are specified (as I've never set any up).

    I also do NOT use any mobile or web services.

    So I'm still wondering where this login came from.
  • Sherlock
    Sherlock Member ✭✭✭✭
    edited June 2020
    We do not need to use mobile or web services to sync an account with the Cloud. 

    Have you ever set up an account with this financial institution using the Express Web Connect connection method?

    I suggest you change the username you use to access the financial institution's web site.
  • aedel42
    aedel42 Member ✭✭
    I changed my credentials and enabled a bunch of alert notification options immediately after reading the email about the login occurring over night.

    I don't believe I've ever used the Express Web Connect at this financial institution. Only one of my accounts uses that, and it is with a different company.

    How do I tell if my accounts are enabled with syncing to the cloud?
  • Frankx
    Frankx SuperUser ✭✭✭✭✭
    edited June 2020
    Hi @aedel41,

    Sorry that we haven't gotten to a good answer yet...

    Can you tell me the name of the Financial Institution in question?  That may help to sort this out...

    Also, do you have a credit card with this FI, in addition to the account?

    Frankx

                            Quicken Home, Business & Rental Property - Windows 10-Home Version

                                             - - - - Quicken User since 1984 - - - 
      -  If you find this reply helpful, please click "Helpful" (below), so others will know! Thank you.  -

  • aedel42
    aedel42 Member ✭✭
    First Tech Federal Credit Union. Yes, I have a credit card account with them.
  • Sherlock
    Sherlock Member ✭✭✭✭
    If you did not change the user identifier associated with the sign-in, the subsequent attempts to sign-in will be recorded as failures against your account.

    I doubt any Direct Connect connection method connections would be reported by your financial institution in any case as they're not issued to their web site.

    To determine if any accounts are setup to sync with the Quicken Cloud, select Edit > Preferences... and Mobile & Web.  If Sync is off, select  to turn it on. To view and edit the accounts enabled to sync with the Quicken Cloud, select # of ## eligible accounts enabled.  To turn the Sync off, select .
  • Frankx
    Frankx SuperUser ✭✭✭✭✭
    Credit cards do not use the Direct Connect methodology to connect. But there is the possibility that the report from you credit union was related to the credit card.  In any event, if you changed your login information for your bank accountsyou need not worry about potential breaches.

    Frankx

                            Quicken Home, Business & Rental Property - Windows 10-Home Version

                                             - - - - Quicken User since 1984 - - - 
      -  If you find this reply helpful, please click "Helpful" (below), so others will know! Thank you.  -

  • aedel42
    aedel42 Member ✭✭
    @Sherlock "0 of 98 eligible accounts enabled"

    And, thanks for the follow-up about the user id, I hadn't considered that failed attempts could lead to my account being locked out. I guess I was hoping we'd find that there was some innocuous reason Intuit made the login.
  • Sherlock
    Sherlock Member ✭✭✭✭
    edited June 2020
    Frankx said:
    Credit cards do not use the Direct Connect methodology to connect. But there is the possibility that the report from you credit union was related to the credit card.  In any event, if you changed your login information for your bank accountsyou need not worry about potential breaches.

    Franks
    @Frankx:  First Tech Federal Credit Union does support the use of the Direct Connect connection method for Credit accounts.
  • aedel42
    aedel42 Member ✭✭
    So, another tidbit... the login was made using Chrome 52.0, which is what shows up for other login activity when I've done the One Step Update.

    Did I sleepwalk and do a Quicken session? :wink:
  • Chris_QPW
    Chris_QPW Member ✭✭✭✭
    @aedel42 If you look at the version of Chrome you are using I'm sure you will find it isn't 52.0.  The current version is 83.0.4.....

    When these services run they "pretend" to log in as the user, and part of that is to "announce" what web browser they are using (even if they aren't really using one).
    Signature:
    This is my website: http://www.quicknperlwiz.com/
  • Frankx
    Frankx SuperUser ✭✭✭✭✭
    @Sherlock,

    So what are you concluding made the mysterious early morning connection...?

    Frankx

                            Quicken Home, Business & Rental Property - Windows 10-Home Version

                                             - - - - Quicken User since 1984 - - - 
      -  If you find this reply helpful, please click "Helpful" (below), so others will know! Thank you.  -

  • Sherlock
    Sherlock Member ✭✭✭✭
    edited June 2020
    Frankx said:
    @Sherlock,

    So what are you concluding made the mysterious early morning connection...?

    Franks
    @Frankx I haven't reached a conclusion.  
  • Sherlock
    Sherlock Member ✭✭✭✭
    aedel42 said:
    So, another tidbit... the login was made using Chrome 52.0, which is what shows up for other login activity when I've done the One Step Update.

    Did I sleepwalk and do a Quicken session? :wink:
    Have you ever set up Mint?  https://www.mint.com/

    Do we know if this was a regular occurrence?


  • Frankx
    Frankx SuperUser ✭✭✭✭✭
    edited June 2020
    Hi @adele42,

    Just trying to figure this matter out...  Can you do me a favor and do the following:

    1) Go to "Tools" > "Account List" 
    2) Page down to the "Personal Credit" (or "Business Credit") section and find your credit card(s) issued by First Tech FCU
    3) Confirm that for each of the credit cards listed issued by First Tech FCU the "Transaction Download" column indicates "Yes (Direct Connect)" and not "Yes (Express Web Connect)"

    Thanks.

    Frankx

                            Quicken Home, Business & Rental Property - Windows 10-Home Version

                                             - - - - Quicken User since 1984 - - - 
      -  If you find this reply helpful, please click "Helpful" (below), so others will know! Thank you.  -

  • aedel42
    aedel42 Member ✭✭
    > @Sherlock said:
    > (Quote)
    > Have you ever set up Mint?  https://www.mint.com/
    >
    > Do we know if this was a regular occurrence?

    I have not ever used Mint.

    I have had login notifications set with the credit union for a while, this is the first time that a login has occurred when it wasn't from me doing the One Step Update.
  • aedel42
    aedel42 Member ✭✭
    > @Frankx said:
    > Hi @aedel42,
    >
    > Just trying to figure this matter out...  Can you do me a favor and do the following:
    >
    > 1) Go to "Tools" > "Account List" 
    > 2) Page down to the "Personal Credit" (or "Business Credit") section and find your credit card(s) issued by First Tech FCU
    > 3) Confirm that for each of the credit cards listed issued by First Tech FCU the "Transaction Download" column indicates "Yes (Direct Connect)" and not "Yes (Express Web Connect)"
    >
    > Thanks.
    >
    > Frankx

    All accounts with the credit union are set to "Yes (Direct Connect)", including the credit card.

    I appreciate all of the time everyone is investing trying to figure this out. At this point, since I've changed my user id and password at the credit union, I'm not as concerned about it as I was initially, and will continue to monitor things.

    Thanks,

    Alan
  • Sherlock
    Sherlock Member ✭✭✭✭
    edited June 2020
    One last thought... As you have a credit card account at this financial institution, did you create an online bill that pulls the statement?
  • aedel42
    aedel42 Member ✭✭
    > @Sherlock said:
    > One last thought... As you have a credit card account at this financial institution, did you create a online bill that pulls the statement?

    Nope. I only download account activity, and paid the bill using internal transfers from checking. Also, I haven't used that card in over a year.
This discussion has been closed.