Quicken is currently unable to verify financial institution information for download QFX file, BofA

The flow of information for Express Web Connect + is:

Financial Institution → Intuit (with a protocol called FDX which uses rotating security tokens for authentication) → Quicken servers → Quicken (the program using Sync using the same method as Sync to Mobile/Web)

And both Intuit and Quicken servers do retain the the transaction information for some period of time. With Intuit it has been stated in the past that it is something like 30 to 60 days. In the case of the Quicken servers it has never been stated how long they keep it but since they are using the same system/Quicken Cloud dataset that Sync to Mobile/Web uses and it starts with 2 years from the Desktop data file and keeps it until the Cloud dataset is deleted one would have to assume it keeps it to.

So, I would say that @Kipa has a good understanding of what information is being stored outside of the user’s computer, but not really of the ‘why’.

First off Quicken Inc pays Intuit for the connection services and as such Intuit is in control of what happens on their servers, not Quicken Inc. But there are other reasons for retaining the information like the financial institutions wanting reduce the requests to their servers. It also seems like Quicken Inc has implemented some kind of duplicate transaction system on their servers to prevent duplication when switching between Direct Connect and Express Web Connect +.

As for Quicken Inc implementing their own solution so that users can avoid their data being stored on servers, Quicken Inc is a small company of about 200 employees, it can’t maintain the needed relationships with the financial institutions. That is why they pay Intuit for this, and as such have follow the rules that Intuit and the financial institutions have agreed upon.

@Chris_QPW

Thanks for the above detail - really helpful to better understand more. I didn't even think of another copy of the financial data staying with Intuit in addition to Quicken, so more to look into. Right now, I've done direct downloads from BofA in a .csv file. Not as elegant, but keeps my work flows going without having to commit to Express Web Connect + so far.

So if I am getting the Quicken cannot verify banking information, check again later, it is Bank of America's fault?

1. The "unable to verify the financial institution" error occurs when your bank no longer supports Web Connect authorization in Quicken, even if they still provide QFX downloads.
2. is this solely BofA problem?

Should i contact BofA online banking department?

I have used other down loading but I get bank entry as far back as Feb and March.

make it impossible to verify balance and reconciliation of bank accounts!

hopefully Quicken does not sleep on this problem expedite a solution. I have used Ui Ken for over 20 years and this is the most frustrating situation

The issue (for me, at least) with Express Web Connect+ (EWC+) that all your financial information (if you agree to use it) is stored on Intuit server (not even Quicken).

EWC+ works, as follows:

1. Intuit uses your credentials to periodically pull your financial information from the financial institution, like BofA, and stores on Intuit servers.
2. The Quicken application on your PC or Mac then pulls the information from Intuit.

Intuit is not a financial institution, and thus, does not have to follow the financial rules and regulations.

In addition, remember Equifax. Why would we want all our financial information stored in one place - Intuit.

It is highly likely that Quicken is pressuring financial institutions to make this change. Fidelity recently discontinued Direct Connect in favor of EWC+.

I refuse to use EWC+, and when I can no longer update transactions without it, I will stop using Quicken. Which is sad as I have been a Quicken user since 1990, when it ran on DOS.

Say NO to QWC+ !!

We can't know for sure, but if you are worried about a non-financial institution holding your transactions then I would think the bigger risk is Quicken Inc's servers (which BTW are on AWS). But note both Quicken Inc and Intuit say that they are using financial institution security procedures.

As far as what has been stated Intuit holds the transactions for a limited amount of time, probably something like 30 to 60 days. Now Quicken Inc hasn't stated how long they hold transactions, but you have to understand that the transactions are "synced" using the exact same system as "Sync to Mobile/Web". And "Sync to Mobile/Web" starts with something like the last three years and doesn't remove any transactions unless the user deletes the Quicken Cloud dataset. Given that they are using the same system, and that they don't say otherwise I would have to assume they have the same policy on retaining transactions.

It just shows that even in BofA one hand doesn't talk to the other let along properly communicate with Intuit/Quicken Inc. They haven't bothered telling the website developers to change it, or maybe they don't even consider it worth their time to change it. After all, the "block" has already been put in.

I had discussions with Schwab and Quicken about Express Web Connect+ (EWC+). From these discussions, EWC+ works, as follows:

1. When the financial institution agrees to force us to use EWC+, a new window appears in Quicken from Intuit (not that Quicken is no longer part of Intuit). This window requests your login credentials for the financial institution, and you agree to allow Intuit to do this.
2. Intuit uses the login credentials to access your financial data, and then downloads your financial information (balances, transactions, etc) onto Intuit servers.
3. Quicken on your local system, queries the Intuit servers for your financial information.
4. Intuit then periodically polls the financial institution for updates to your financial information, presumably so that updates to Quicken are faster.

The issue I have with this new process is:

1. Intuit is not a financial institution, and does not need to follow the strict requirements that are imposed financial institutions to preserve your data. Obviously, it's in their best interest to do so, just not required.
2. When Schwab switched to EWC+, as part of the login process a warning pop-up appeared in Quicken that said Schwab was not liable for any issue that might occur regarding Intuit's handling of your data. Because of this I moved my accounts out of Schwab to Etrade. Etrade still supports Direct Connect where financial data only flows between servers at the financial institution and the Quicken App on your computer.
3. Housing financial data from everyone using Quicken on one set of servers (namely Intuit) is NOT a good idea. Remember Equifax. A security breach at Intuit could be far worse.

Regarding BofA making this switch, I wonder if Quicken, the company, is involved, as BofA still offers Web Connect as an option for downloading transactions into the Quicken App. Web Connect is where you log into the financial institution and download a .QFX file of transactions directly to your computer, and then this file is imported into the Quicken App.

Why would BofA still offer that option, if BofA made to decision to not allow this form of communications.

Say NO to EWC+.

I'm am old lady, and have been using Q for many years. I don't understand this express web connect - and why i should not use it.

Is there another program [not quicken] that i can switch to

This post keeps getting removed!!!

I had discussions with Schwab and Quicken about Express Web Connect+ (EWC+). From these discussions, EWC+ works, as follows:

1. When the financial institution agrees to force us to use EWC+, a new window appears in Quicken from Intuit (not that Quicken is no longer part of Intuit). This window requests your login credentials for the financial institution, and you agree to allow Intuit to do this.
2. Intuit uses the login credentials to access your financial data, and then downloads your financial information (balances, transactions, etc) onto Intuit servers.
3. Quicken on your local system, queries the Intuit servers for your financial information.
4. Intuit then periodically polls the financial institution for updates to your financial information, presumably so that updates to Quicken are faster.

The issue I have with this new process is:

1. Intuit is not a financial institution, and does not need to follow the strict requirements that are imposed financial institutions to preserve your data. Obviously, it's in their best interest to do so, just not required.
2. When Schwab switched to EWC+, as part of the login process a warning pop-up appeared in Quicken that said Schwab was not liable for any issue that might occur regarding Intuit's handling of your data. Because of this I moved my accounts out of Schwab to Etrade. Etrade still supports Direct Connect where financial data only flows between servers at the financial institution and the Quicken App on your computer.
3. Housing financial data from everyone using Quicken on one set of servers (namely Intuit) is NOT a good idea. Remember Equifax. A security breach at Intuit could be far worse.

Regarding BofA making this switch, I wonder if Quicken, the company, is involved, as BofA still offers Web Connect as an option for downloading transactions into the Quicken App. Web Connect is where you log into the financial institution and download a .QFX file of transactions directly to your computer, and then this file is imported into the Quicken App.

Why would BofA still offer that option, if BofA made to decision to not allow this form of communications.

@wrb You post is in this thread three times, it didn't get removed, but I think I can explain what is going on. This forum has a spam filtering system that when it either thinks that something might be spam, or if you post several times fast, or even sometimes at random it will push the comment into a queue for the moderators to approve before it shows up. It can take a while for the moderators to see it an approve it.

I have enough points so that doesn't happen to me anymore, but when I started it did. It will post a very quick message that it is doing that, but it is easy to miss.

Thanks Chris for more refinement of how you believe that the authentification process works with Express Web Connect. I would be relieved to know for a fact that login id and password for my bank account is used by Intuit only once during the initial setup of EWC and not every time I want to download transactions.

If that is the case, then the question arises, what is the life-time of the "rotating security token"? If it is a forever rotating token, then the worry becomes, how long does Intuit retain my login id and password which they used during initial setup of EWC? If it is 30 - 60 days, then, given recent data breaches at Intuit, I would be skeptical of using EWC. Shouldn't everyone?

But let be perfectly clear. There is the security of your login information, that is what I just posted on. And then there is the security of the actual transactions. The only thing that has been absolutely stated about the transactions is that they are being stored on both the Intuit and Quicken Inc servers for at least some duration.

It is also stated that in both cases they are using bank level security to protect all of this information.

Past that we are left to speculation, but I'm also not just throwing out pure fantasy. I have definitely proved that the "Sync to Mobile/Web/Quicken Cloud dataset" system is being used for both Express Web Connect and Express Web Connect +, which by definition is storing the transactions (and more, the more depending on what online services you are using).

The speculation is in the duration of how long transactions are stored on the Intuit and Quicken Inc servers. In the case of Intuit, the guess is based on long ago statements that Intuit made on the subject (30 to 60 days have both been thrown out). In the case of the Quicken Inc servers that has never been stated. And my guess is that they aren't doing anything different than with the "Sync to Mobile/Web" since they are using the same system for the "sync" (but not making these transactions visible to Mobile/Web), so I would think they would have the same duration of how long they keep them on the server (this is the speculation part). And "Sync to Mobile/Web" doesn't have a "duration" it keeps them all.

@Chris_QPW said "The only thing that has been absolutely stated about the transactions is that they are being stored on both the Intuit and Quicken Inc servers for at least some duration."

Thanks, Chris, for completing the loop on this thread about security. Your comment raises the question of what constitutes a transaction transmission in this context. Does the online transfer of transactions using EWC+ contain the same header information that the now-defunct Web Connect transaction file (.QFX) did? If so, then users' login-id and bank account numbers are being stored for some unknown period of time on both Quicken and Intuit's servers. (Given that info, hacking of accounts would be greatly enhanced, as only the password would be needed.)

Not to harp on this, but given Intuit's recent data breaches, if login id & bank account number are present in the transaction bundle, that does not build confidence in using EWC+.

Having said that I have no idea if the set of known breaches at Intuit and the set of FDX security mechanisms at Intuit overlap in any manner other than the name of the company. You have said that Quicken/Intuit never see the users' login id or password when using EWC+. Does the header of an EWC+ transaction bundle bear this out?

Dave

That makes sense, given your description of the "revolving security token" and the analogy to how credit cards with chips work.

Thanks for the feedback Chris.

As an aside, in the most recent download from my bank, I chose the QIF 4y format and was pleasantly surprised to find that my transfers (TXFR) to two credit cards actually showed the correct card for each transfer…… something that had not happened during several years of using Web Connect. Go figure.

Dave