Comments on: New Feature: the Wesabe Automatic Uploader

By: New Feature: the new Tips tab — the Wesabe Value Engine « Wesabe: Your Money. Your Community.

Wed, 18 Nov 2009 04:02:41 +0000

[...] Your Money. Your Community. The Wesabe blog « New Feature: the Wesabe Automatic Uploader News about Jason and Wesabe [...]

By: Michael G

Michael G — Wed, 31 Dec 2008 18:55:50 +0000

How about something for us excel lovers? Personally, I’d like to be able to download a csv file from my bank, quickly tag and then upload to wesabe. A few good reasons why – I need to do this anyway to keep my taxes organized. And it would also alleviate any lingering security concerns from fellow paranoids since wesabe would only have transactions, not account info…..

By: Matt Ellis

Matt Ellis — Mon, 28 Apr 2008 14:08:30 +0000

Ah yes. I’ve just watched the video, and re-read the OAuth specs. It had never occurred to me to simply save the returned token and secret, and reuse them later, server side. It would require a long lived token (unusual for a bank – why I hadn’t thought of it!), but that can be mitigated – if we know the consumer key, we can limit access to only those APIs that make sense for that consumer.

That said, we’d still want to expire the token after, say, a month. And that would require the user to re-authenticate.

Thanks
Matt

By: Marc Hedlund

Marc Hedlund — Sat, 26 Apr 2008 08:07:38 +0000

Hi, Matt,

We actually already use something like OAuth (specifically, Google’s AuthSub) for our Google Spreadsheet Export feature. You can see a video of how it works here:

I think that, were banks to support OAuth or something similar, a very similar process would work well.

By: Matt Ellis

Matt Ellis — Fri, 25 Apr 2008 08:00:36 +0000

Hi folks. Interesting comments. Just a quick question about OAuth, though. As I understand it, OAuth gives delegated login via browser redirection. In other words, the customer needs to be present to enter their credentials at the authenticating site (the bank). How do you imagine this to work with the automatic uploader?

Cheers
Matt

By: Marc Hedlund

Marc Hedlund — Thu, 24 Apr 2008 23:23:30 +0000

Hey, Ade,

We’ve been going from the most-used banks down, and so far we haven’t reached UK banks, so no. If you want automated upload from a UK bank, I’d highly recommend our Firefox extension for now:

https://www.wesabe.com/page/firefox

You can use it to record a download once and play it back every six hours from then on. It doesn’t work with every bank, but it does work with nearly every one, and we have many UK users happy with it.

We will definitely get to automating UK banks — not sure when, but it’s our third-biggest constituency (after US and Canada), so it’s sure to happen.

By: Ade

Ade — Thu, 24 Apr 2008 22:53:17 +0000

Hi Marc,

Are ANY UK banks serviced by way of the new Auto Uploader? If so, which? If not, why not?

I know the only bank listed in the UK version of M$ Money is Nationwide. Is this also the case for Wesabe?

By: Chris Messina

Chris Messina — Thu, 24 Apr 2008 21:32:04 +0000

Thanks Marc — I agree that convenience is key. I also figured that it was only a matter of time before you started storing user credentials on your end — with competition from Mint (who dispensed with the whole password problem by accepting any credentials whatsoever!) you have to keep up with that kind of straightforwardness even if teaches people the wrong behavior. The fact that the industry hasn’t sorted this out yet is a huge opportunity, and I’m happy to hear that you’re continuing to promote OAuth.

I was thrilled to have your participation in the initial work on the OAuth spec and would love to support your work with banks and financial institutions however I can. It really is better for everyone to move in this direction; with choice comes competition, and with competition comes improved service and motivation to serve better. That’s something that I think needs to be considered when putting the idea of data interop and portability into perspective.

By: Marc Hedlund

Marc Hedlund — Thu, 24 Apr 2008 20:42:59 +0000

Hey, all,

I definitely agree that the general practice of sharing passwords between services is not the right model for users. That’s why we offered our uploaders in the first place, and that’s why we’re committed to continuing support for them. I also would say that the comment from travis above is very representative of what we hear from people — that they get more value from Wesabe when the process is as easy as possible. We don’t want anyone to feel that they have to compromise ease of use to use our site to manage their money — the whole point is to make things easier all around. So for the users who want auto uploading, I think this feature is a huge benefit.

Chris, thanks much for the comment. As you know (but others might not), we participated in OAuth’s development and we completely agree this is the right model. I haven’t been very public about this, but I’ve been pitching OAuth to all of the biggest banks in the US, with the message that it is better for them and their customers. I’ve gotten very surprisingly positive responses all around. I think at first many banks saw companies like Yodlee as a threat, and tried to lock them out, but more recently, what we see is banks responding positively to the work we’re doing. I don’t know what will come of my efforts to pitch OAuth, but I’ll certainly keep trying.

By: Chris Messina

Chris Messina — Thu, 24 Apr 2008 20:36:45 +0000

This seems the ideal use case for OAuth between Wesabe and third parties… I bet banks probably haven’t heard much about OAuth, but have you guys done any work to talk these companies about moving to delegated token-based authorization to avoid the need to use, as you pointed out, your actual bank credentials when performing such transactions?