It’s Absa vs 22seven as war of words erupts

Added by Editor on 1 February 2012.
Saved under In-depth, Top
Tags: , , , ,

22seven CEO Christo Davel

Online personal financial management start-up 22seven on Wednesday accused Absa of blocking its US technology partner Yodlee from accessing users’ Internet bank accounts. Absa confirms it has blocked the service and on Wednesday defended its decision in an interview with TechCentral.

22seven has provoked an outcry from local banks, which have warned users not to share their banking credentials with third parties.

The start-up, headed by Christo Davel, the former head of now defunct online bank 20twenty, requires users to provide their Internet banking login details so it can provide them with a detailed and graphics-rich overview of their income and expenditure and help them prioritise their personal spending.

Christo Vrey, head of digital banking services at Absa, says the bank has begun blocking the service, preventing Yodlee from accessing users’ bank accounts. Vrey says it’s doing this to protect Absa clients and reiterates that if its customers provide their login credentials to a third party, they are violating the terms and conditions of service of Absa’s online banking site.

He says Absa recognises that there are “benefits to personal financial management tools” and is also not opposed to the idea of publishing a secure and open application programming interface (API) that would allow third parties to access its customers’ statements. But, he says, this would “normally require a conversation and a whole series of arrangements and context around that”.

“By automatic action, we can’t say here’s an API. The data privacy and data integrity of my clients remains paramount. I cannot just open this to anybody out there without a conversation and context around that.”

Davel, on the other hand, says again that there’s no reason consumers who provide their login details to 22seven partner Yodlee should worry about fraud. He says the service offered by Yodlee is secure and the US company has never experienced a breach in its systems. At no point in the process are users’ bank login credentials stored by 22seven.

“We will not be intimidated,” Davel tells TechCentral, adding that 22seven has an “established, credible team of people with blue-chip investors”. He says he is troubled that the banks are not, in his view, differentiating between criminals who engage in phishing scams and reputable companies like 22seven and Yodlee that have a valid interest in accessing the data to help consumers save money.

Davel says he is aware of the risks around banks potentially not refunding customers for fraud on their accounts if they are compromised in any way if they share their login details with third parties, but he accuses the institutions of engaging in “old-school FUD tactics”. FUD is a propaganda term, meaning casting “fear, uncertainty and doubt”, often in the minds of technology users.

“We were fully aware of the risks and that we’d be the first guys to do it in SA,” he says. “You have to earn the trust of consumers. We have a team of industry veterans who have done this. We have built a trusted brand from scratch. You get there by being completely honest.”

In a statement last week, Absa warned its customers that if they provided 22seven with access to their Internet banking credentials, it might not cover them in the case of fraud, even if that fraud is unrelated to 22seven.

In the statement, Absa’s Vrey warned that disclosing sensitive information would render the bank’s customers “completely liable for any losses” that occur due to “phishing” or other online fraud. This was in line with Absa’s online banking terms and conditions.

But in an e-mail to Absa customers that use the 22seven service, the start-up says that although data aggregation is new to SA, it is used by millions of people around the world and has been for years. It says Yodlee has “an impeccable track record” and gathers data from Bank of America, Citibank and other large institutions.

22seven says it did not encounter problems with Absa accounts during its closed testing phase that preceded its public launch last week and will attempt to resolve the problem with Absa as swiftly as possible.  — Craig Wilson and Duncan McLeod, TechCentral

Share this article

  • Greg Mahlknecht

    >“We were fully aware of the risks and that we’d be the first guys to do it in SA,” he says. “You have to earn the trust of consumers”

    You also have to earn the trust of the banks. You don’t just open the floodgates and surprise them. Sure, they use a trusted provider to access the bank accounts, but I’m happy the banks haven’t just googled “Yodlee” and let
    everyone have access. Of course the banks will be cautious. I’d rather they were overly cautious than endorse every unknown service out there.

    22seven come off looking pretty dumb with ABSA saying they’re happy to talk about a secure API. Should have spoken to them ages ago!

    >> In a statement last week, Absa warned its customers that if they provided 22seven with access to their Internet banking credentials, it might not cover them in the case of fraud, even if that fraud occurs is unrelated to 22seven.

    Seriously, how can anyone moan about this? Those clauses are perfectly reasonable and have been in there for ages. Now 22seven comes along and does a secret launch, which they know full well breaches the clause, and moan that the clause exists? What did they expect to do? For all the lawyers in the banks to pull all-nighters to rewrite their rules so that it didn’t apply to 22seven? Christo, you gambled and lost. Suck it up.

    The banks might be acting like sticks in the mud, but if something goes wrong, they’re left carrying the can. I don’t expect them to be as agile or flexible as a little startup; you have to expect them to be very cautious and methodical, which is what they’re doing now. If we’re still in this situation a few months from now, I’ll side with 22seven, but right now I’m on the side of the banks.

  • http://twitter.com/mezu Khathu Ndouvhada

    The terms & conditions on their site are simply horrendous. No way in hell am I letting these guys play around with my banking details. 

  • Anonymous

    “We will not be intimidated”??? Really? They are not trying to intimidate you – they are protecting themselves and their customers. 22seven won’t allow you to pass your login credentials on to a third party or screenscrape their web (in their T&C) but yet they expect others to allow this?

  • Realist

    What everyone seems to be forgetting is that 22seven does not have enough information to create a beneficiary on your account – all banks protect this process with a one-time password that is sent to your phone or email account. So the worst that could happen if someone got your username/password from 22seven would be that they could make a payment to an existing beneficiary and what would be the incentive to do that?

    22seven is the same crowd that started 20twenty bank. They have a solid reputation, understand banking and know their stuff. I’m a very happy 22seven user – I have new insights into where my money goes and what my financial “big picture” looks like across all my accounts.

  • Greg Mahlknecht

    >>So the worst that could happen if someone got your username/password from 22seven would be that they could make a payment to an existing beneficiary and what would be the incentive to do that?

    Mischief.  I’m sure a 13 year old script kiddie would find it hilarious to drain your account.  That’s not the point though.  The banks need to protect themselves from you transferring all your money to people you know (the existing beneficiaries you mention), then saying “why yes I gave my account details out to someone – is that bad?  silly me!” and claiming your money back.  That’s what the clause under discussion prevents, and 22seven just happens to fall into that category, and they made absolutely no effort to work with the banks to get out of that category.

  • Leokzn

    I take it you’re working for ABSA

  • Greg Mahlknecht

    Nope, don’t work for any bank or financial institution, and I’m an FNB customer.  Try again.

    22seven is trying to play the victim here.  Banks might not be the nicest institutions, but they aren’t always in the wrong.  I honestly wonder what people expected the banks to do!

  • Anonymous

    Realist do you know what identity theft is? Transferring money from your account is not the worst thing that can happen to you on the internet. With all your info, ID, name, address, account details and transactions it is VERY easy to pretend you are someone else for fraudulent purposes.

    If they are so secure and brilliant, why do the banks have better login security… and I mean ALL the banks?

  • http://www.clickclickboom.co.za Alan Benington

    Just don’t get the big deal with providing an read-only API. There are a number of standard formats (eg standard provides CSV,TEXT,QIF,OFX ). The only extra dev that is required is a simple interface for me to manage access to this.

    What? the banks cant afford the dev? Too complicated?

    Saying… “normally require a conversation and a whole series of arrangements and context around that” is just stalling and spoiling.

    I think that 22seven jumped the gun and the banks have been predictable in their response (maybe the controversy is their marketing intention). But now its out their and the banks need to deal with it, so lets get the API.

  • Sadchair

    This is a normal response to change, people think it’s magic at play. If the API is secure and Yodlee checks out I cant see how a bank can deny me access to MY information even if it’s via a 3rd party. I’ve dealt with ABSA in integration and secure transactions and they are a paranoid lot – very resistant to change.

  • RUSSELL

    I certainly hope that 22seven cannot access bank acc details without the clients sole permission as I will most certainly not give them access to my banking details.

  • Anonymous

    This is not new.  Christo Davel has copied start-ups such as mint.com which have had some moderate success in the States. Security concerns are valid, particularly with SA banking customers being targeted and fleeced using phising and solicitation, etc. Ultimately, I believe there will be ads on this site which begs the question of transparency, privacy and conflict-of-interest. Individuals can already upload your account transactions as an .xls file and sort-out financials manually – perhaps without the pretty graphics, pie-charts, etc, but you save yourself R70 per month. Interestingly, I see the sites IP address (Amazon hosted) is located in the Netherlands …imagine if  this had been Romania or Nigeria! On a positive note, I believe that as a UI with some automated features, the idea has some merit and can see this hastening and benefiting  SA bank customers in general. My advice to fellow citizens…if curiosity gets the better of you, wait a while and consider being late adopters at best, and secure your finances carefully.

  • Jim

    There are safer alternatives available.  Look at ExpenZa (https://market.android.com/details?id=coza.apposition.finance.expenseza) for instance.  It’s on your smartphone (Android, with BB coming soon apparently), supports all the large South African banks, free and there’s no security risk.

    22Seven is just another example of bean counters trying their hand at a tech business.  They have money behind them to market this thing to a success, even though it’s really a bad idea.

  • David H

    I fully agree with you, BUT, be aware of in whom you place your trust. Get guidance and manage the process yourself, it’s more rewarding when you get it right.

  • http://twitter.com/AlanAlston Alan Alston

    Wait: so just because you have ‘blue-chip investors’ backing your startup it means we can trust you with our internet banking details? You must be joking. We use our internet banking details to access our internet banking – it’s really as simple as that.

    Go back 6 month in time, strike up a conversation with all the banks involved and work towards a solution that works for the banks, their consumers and the startup. Please don’t try and use whatever backing you have in attempt to gain our trust -it smacks of sloppiness and lack of foresight. 

  • http://wogan.me Wogan

    I like how everyone defends the banks because 22seven comes across as a reckless offering – when just the week before, everyone was burning their respective bank at the stake for failing to innovate.

    So either you admit your hypocrisy, or you’re basically saying “I know my bank’s online offerings suck, but I’m sure as hell not using a third party even though it’s a good service.” <– that's just silly.

    That being said, I'm not convinced 22seven went about this the right way. They opened the door to letting banks throw around as much FUD as they want, and it'll only damage the reputation of PFM systems in the mind of uninformed consumers. When 22seven gets forced out, it's more than likely that banks will just go back to plodding along at their respective rates of iterative-reactive innovation.

    Still. Try talking to a bank about an API that lets you access everyone's transaction history. I'm not quite sure the latter conversation would have gone over very well at all – and I'd reckon Davel knows that from experience. Banks are paranoid about losing customers (and value) – a 3rd party system that makes money from their data? Ludicrous.

    Much easier to just play the "OMG SECURITY BREACH" card and scare everyone off. 

Why TechCentral?

We know that as a prospective advertiser, you are spoilt for choice. Our job is to demonstrate why TechCentral delivers the best return for your advertising spend.

TechCentral is South Africa’s online technology news leader. We don’t say that lightly. We believe we produce the country’s best and most insightful online tech news aimed at industry professionals and those interested in the fast-changing world of technology.

We provide news, reviews and comment, without fear or favour, that is of direct relevance to our fast-expanding audience. Proportionately, we provide the largest local audience of all technology-focused online publishers.

We do not constantly regurgitate press releases to draw in search engine traffic — we believe websites that do so are doing their readers and advertisers a disservice. Nor do we sell “editorial features”, offer advertising “press offices” or rely on online bulletin-board forums of questionable value to advertisers to bolster our traffic.

TechCentral, which is edited and written by award-winning South African journalists, cares about delivering top-quality content to draw in the business and consumer readers that are of most interest to technology advertisers.

We’d like the opportunity to demonstrate the value of directing a portion of your advertising budget to TechCentral, whether your company is in the technology field or not. Numerous opportunities exist for companies interested in reaching our audience of key decision-makers in South Africa’s dynamic information and communications technology sector. We offer packages that will deliver among the best returns on investment available in the online technology news space.

For more information about advertising opportunities, and how your organisation can benefit by publicising itself on TechCentral, please call us on 011-792-0449 during office hours. Or send us an e-mail and ask for our latest rate card and brochure.