Banks train their guns on start-up 22seven

This article was posted by on Jan 27th, 2012 and filed under In-depth, Top. You can follow any responses to this entry using RSS 2.0. You can also leave a comment below this article

Absa's Christo Vrey

Financial management website 22seven has been live for just a day and already it’s facing its first serious challenge.

Some of SA’s big banks have begun warning their customers not to provide their banking login details to the service, which aggregates users’ financial information to give them a graphics-rich picture of their income and spending.

This raises the question of whether 22seven, which is led by the former CEO of online bank 20twenty, Christo Davel, should have engaged with the big banks before launching its service.

Some banks are warning their customers they may not be reimbursed if fraud happens on their accounts if they have provided their login details to any third party. Banks go to great lengths to warn customers about the dangers of disclosing Internet banking details or card Pins to anyone.

Christo Vrey, head of digital banking services at Absa, says it is “absolutely imperative” that Absa customers and customers of all banks never divulge their sensitive personal information, including login passwords and one-time passwords, whether that’s on the Web or anywhere else.

“Disclosing one’s sensitive information renders the customer completely liable for any losses that may occur due to phishing or other online fraud, as per Absa’s online banking terms and conditions, disallowing customers from divulging their sensitive information to any third party.”

Vrey says sites like 22seven “conflict with the clear fraud awareness messaging sent out by all major banks, as well as the SA Banking Risk Association and the SA Police Force”.

Michael Jordaan

Absa isn’t the only bank worried about 22seven. In a message on Twitter, First National Bank CEO Michael Jordaan described 22seven as a “cool concept” but added: “Have to advise against disclosing [your] password to any third party. [The] risk [is] all yours.”

22seven chief operating officer Chris Tisdall insists banks shouldn’t have objections to the service logging in and reading their customers’ bank accounts because customers have “a right to their information to help them manage their money better”.

The company insists it adheres to world-class security systems through its US partner Yodlee.

Tisdall concedes that 22seven had not spoken to any of the local banks about the offering ahead of the launch but reiterates that the platform is secure. “The technology platform we use is a read-only platform. It’s a permission-based, opt-in system. We do not store security credentials. Only Yodlee is allowed to do that and their system is leaps and bounds ahead of a lot of the SA service providers.”

Meanwhile, in a related twist, Absa says it is planning to offer its own financial management tools to its customers later this year.

“These tools will enable our customers to consolidate information from various institutions, budget more effectively, create a visual dashboard view of their personal finances, and much more,” says Vrey.

“This rich array of personal financial management services will be available within the secure environment of Absa’s online banking interface, removing any of the security concerns present in sharing one’s personal information with a third party.”

He adds that this service will be provided to Absa customers at no additional charge to their regular monthly fees. “22seven [will] charge R70/month, on top of one’s existing online banking monthly subscription or bundled product fees.”  — Craig Wilson, TechCentral

  • TechCentral is seeking comment from Standard Bank and Nedbank and will update this article later on Friday


  • Honkietonk

    Seems banks like Blapsa is running scared as their customers will now be able to see to what extend they’re been milked…

    But, on the other hand, giving your login credentials to any 3rd party leaves the door wide open for abuse…

  • http://www.infireal.com Gerdus

    Imagine if your bank had an API developers could use instead of abusing the humans only internet banking facility. They could then provide a readonly transaction history API which would reduce the risk considerably.
    Sadly banks aren’t in the business of being open, innovative and transparent.

  • Nicky Cornish

    This is a losing concept, with fundamental flaws in the business model.
    It should never have gone further than a scribble on a napkin. Some
    questions which boggle my mind:

    1. Why would ANYONE enter their
    banking details in a third party site, especially in this economy of
    fraudsters, phishing and identity theft?

    2. Even if they WOULD
    enter that info, why would anyone (especially in a developing country)
    pay R70 every month to see pictures of how they’ve spent their money? I
    wonder if the R70 that is spent for the service is also included in the
    funky flash graphical reports?

    3. One of the company’s senior
    management revealed in an interview that they have not even met with the
    banks in this country. So you start a business, get funding and launch
    an organisation based off an existing industry and you don’t even meet
    with the industry to gain their participation/buy-in?

    I honestly don’t see this going far. 

  • Nick

    These kind of products have been hugely successful in the USA, operating in a similar manner.

  • http://twitter.com/rajharie Raj Harie

    Find it strange that they did not engage with the banks before hand. Really want to use the service but I am a concerned about handing over credentials to a start up that does not seem to have done its homework properly. 

    They have done their marketing right, getting bloggers and influencers like Simon Dingle and Aki Anastasiou on board, creating impressive YouTube videos etc  pity they did not pay as much attention to getting the banks on board.

  • http://www.simon.co.za/ Simon

    I’m not “on board”, Raj, and take exception to your insinuation.

  • Anonymous

    I wouldn’t chat to my potential competition before releasing an innovative product like this. They’d stall u for a year whilst they come up with their own product and you’d lose ur first to market advantage. Maybe they did do their homework properly..

  • Erica

    Same situation as 20twenty bank : after its launch all the other banks were suddenly offering better, sharper, more user-friendly internet banking services.  Or making promises that they would soon.  And how did that turn out?  They muscled out 20twenty, and then gave consumers a watered-down version of what was then an innovative and pleasurable (did I really say pleasurable!!) banking concept.  The 4 big banks are still not where 20twenty was all those years ago.

  • Erica

    Exactly – this is an innovative tool for SA, but has been around for years.

  • Greg Mahlknecht

    They could have kept the current method as a plan B.  Not having even tried to engage with the banks is just silly.   They might be potential competition, but they’re also the ONLY place you can get your data from, and can cut access off at the drop of a hat if they really want to. 

  • Anonymous

    How exactly can they cut access? They access using my banking details, there’s nothing in my agreement with the bank that says I cannot share this info with a 3rd party. The banks won’t support this because they are conceding power to a third party that’s not part of their little monopoly. This model has been proven to work in a first world environment for years..

  • Greg Mahlknecht

    Because they use scraping to get the data, it’d be fairly trivial to mess with the website markup now and then to prevent this.  I’m not saying they SHOULD do it, they should do just the opposite, but they COULD do it.

    Another way they could do it, is to put out a whole lot of scare stories about account hacking and mandate OTP dongles for logging in.  It’s possible to get the user to pass the OTP password to 22seven and eventually through to the site, but now it’s getting messy for the user:  “please enter your 22seven username and password, and your FNB OTP”

    At some point in time 22seven is going to HAVE to speak to the banks.  They should have done it before launch, so they could have answers for all this FUD that’s flying around.  

  • Anonymous

    Suppose they could do something like that but I don’t think it’s likely. It’s more likely the big banks will be a year behind this crowd in terms of product rollout.  The banks have nothin to gain from discussions with 227, why would they even agree to sit at the same table with them?

  • Greg Mahlknecht

    Same reason banks do anything.  Money.  If 22seven haven’t earmarked part of those R70 subs for access fees to the bank, they shouldn’t be organizing other peoples money :)

  • Frogbiscuits

    I think its easy to drink the 20twenty koolaid and hate the banks. They weren’t that great, they were a fairly average online bank. I banked with them. I bank now with FNB. The one had slightly funkier marketing, and banking as a whole was and remains a grudge affair the world over. The service 22seven is offerring isn’t that innovative (as has been pointed out a few times with the rise of PFM tools), and I doubt the banks have any agenda other than pointing out that in terms of their standard terms and conditions, handing out your credentials to a 3rd party is really not a great idea unless you want to take liability for any fraud claims at a later stage. Not exactly sinister muscle-out-the-competition stuff, but I guess we can all don tinfoil hats it makes us feel better.

  • Anonymous

    Handing your banking login to anyone (including a bank employee) is plain stupid.  Giving it to a company that is new and is not covered by banking legislation, is even more so.

  • http://www.clickclickboom.co.za Alan Benington

    Surely there is a simple, easy solution to this? A bank simply provides a mechanism to give access to a third party to my banking information (only) with my consent. This doesn’t mean access to transact. After all they allow companies to withdraw money from my account (debit orders) without my express consent to them.

    I’ve being banking with Standard Bank online for over 12 years. Over this period they have marginally improved their online service. The interface remains archaic and cumbersome. I pay for this service that increases their efficiency and bottom line through my self-service. 

    They offer no form of value added service to help me manage  my finances or personal data that they hold. Yet as soon as anyone tries to move into this gaping vacancy they move to block  (not that I hold a candle for this service in particular).

    This is simply the first salvo in a consumer revolt. It will be notable who rises to the challenge. Nedbank’s measured response is encouraging, Standard and Absa’s is predictable.

  • http://www.clickclickboom.co.za Alan Benington

    Christo, you and I were actively going about about “creating a visual dashboard view” for customers 11 years ago and Absa pulled the plug on it. And now you’re going to do it? Disingenuous, I believe.

  • Anonymous

    Well your actions clearly indicate you are on board. Otherwise, why did you hand over your bank login details to them?

    Interestingly in your article you indicated that some time last year you met MD of Yodlee, Jason O’Shaughnessy. Do you mind sharing reasons for your meeting? Me thinks you knew about this development before launch and took time to investigate it.

    Anyway, i am not against this service. It is innovative. However, i just think they should have approached the banks before launch. Also, their monthly charges of R 70 a month is too high considering that banks will charge from about R 85 a month for a cheque account.

  • Greg Mahlknecht

    Trusting their security partner doesn’t mean any kind of endorsement of the site.  I handed my details over to check it out – didn’t like what I saw and have since closed my account with them.  I’m the opposite of on board, and handed my bank login detals to them.

  • http://twitter.com/dave_glazier Dave Glazier

    Agree that it is unfair to suggest this Simon.

    On the topic in general… We must be clear that the act of requesting one’s sensitive personal details (PINs, passwords) is a direct contravention of the industry-wide standard anti-phishing message of ‘never divulge these details to anyone’.

    The ability of this statement to be communicated and understood with absolutely no exceptions is fundamental to ensuring the security of ALL online customers’ security.

    Your writing reflects the frame of reference from which it has emanated: that of a highly intelligent man who is – in the first place – not likely to fall victim to phishing and online fraud.

    I’m sure you’ll agree the ability to understand issues from another’s perspective is a goal to which we all continually strive. In this specific case I suggest to you that there exist those who are less capable than yourself of distinguishing between a valid/legal PFM integrator and a phishing site, those for whom any exception to the golden rule of never divulging private information, will pose a risk.

  • http://twitter.com/AlanAlston Alan Alston

    You’d think 22seven would at least have opened some form of communication with the banks before they launched; detailing what they’re planning on doing, and planning as how best to work together with the banks in freeing up their customers’ financial data – which belongs to said customer in the 1st place. 

  • Eskills

    Services like moneysmart offer a similar service and they don’t require your login credentials… why does this company need that? if they only need a read only access i’m sure they can be content with the bank statement. If by any chance their partner gets hacked, do you get compensation for in convenience as well?? I’m curious…

  • http://www.facebook.com/people/Matthew-Alexander-Barnes/1283085335 Matthew Alexander Barnes

    “Why haven’t they sat down with the banks?” Yeah right, I’m sure all the major banks would have welcomed the idea behind 22seven with open minds. “Sure Christo, we think our customers being able to see a complete picture of their banking charges is a great idea”. 

    I would suggest that it’s Christo’s history of taking on the major players that frightens them. If it wasn’t for Saambou’s misadventure in micro lending via Unifer, 20Twenty could well have become a serious upper-end player. 

  • Greg Mahlknecht

    >”Why haven’t they sat down with the banks?”

    They’re going to have to confront them sooner or later. Really stupid waiting after launch to do it. 22seven has started their relationships with all the banks on the wrong foot. The banks had no choice but to warn everyone against this unknown site asking for bank login details. 22seven should have at the very least have given the banks concerned an audited report of their systems and partners weeks ago, wherein their security procedures and controls were documented, then they’d have some ammunition to play the victim, rather than coming off looking like amateurs.

    >. “Sure Christo, we think our customers being able to see a complete picture of their banking charges is a great idea”.

    I don’t know why people keep going on about the bank charges being exposed as if the banks hide and obfuscate them like a dirty secret.  On my bank statements (from FNB) it has a whole column dedicated to them!  It has “Amount/Balance/Accrued Bank Charges” columns – and it also has another entry where it actually adds them up and takes them from your account.  I really don’t see how 22seven could make this any clearer.

  • http://www.clickclickboom.co.za Alan Benington

    Greg, I think that its the aggregated knowledge that the Banks are scared of. That knowledge can be used to guide their high-value customers to be more efficient and less ‘loyal’. This will inevitably lead to greater competition, lowered fees and higher churn rates in the market that is their most profitable.

  • Greg Mahlknecht

    I still don’t quite get how 22seven is a big threat to the banks.  If you take a few minutes to read their pricing plans and choose one that suits you, they’re all pretty much of a muchness – and they’re not hidden, anyway, so the whole bank fees point isn’t relevant to the discussion. 

    22seven tries to help a client change their spending habits.  It has nothing to do with the bank.  If you think that changing to another bank will magically make you spend less on entertainment or groceries, then there’s something fundamentally wrong with your thinking.  Yes, it might make you spend a little less on your credit card or pay your mortgage off faster, but unless you’re going to take the saved cash out and keep it in your matress, the bank still has it in their coffers and is doing stuff with it.

  • http://www.clickclickboom.co.za Alan Benington

    Its not about bank fees. Its about financial services broadly – “product penetration”. Home loans, asset finance, short and long term insurance are the products for which high value clients are good consumers and good risk.

    A single customer view is what none of the banks have (some of them not even within their own group) and is what will expose opportunities. Especially when this customer view can be seen relative to  other people of the same profile. 

    Maybe 22seven is not about this in the short term. But this potential is what the banks fear and should really be taking on themselves.

  • http://twitter.com/Wayne_DSA WMD

    I have to agree 100% with Nicky Cornish as well as with Raj.  Also with so many phishing scams and banks trying to raise more awareness. I believe the timing for this product is bad.

  • ps

    It’ll be a cold day in hell before a south african bank takes responsibility for fraud even from within its own ranks.

  • Andre Bruton

    Where are the banks API’s? Imaging what we could do if banks had API’s… all the startups and services

  • http://profiles.google.com/gamesbook Derek Hohls

    Isn’t that the whole point here?  The Banks say that there cannot be APIs because of the security issues… some comments above suggest there could be other reasons.  But, yes, this next decade will see a massive push from “digital consumers” for APIs for everything from banks and buses to weather and yachts!

Advertisement

Recent Comments

  • Greg Mahlknecht: I don’t think it’s misleading at all.  Pay a flat fee, get unlimited travel allowance. ...
  • Ends: So by 2016 we will have paid for the toll roads…? Bearing in mind that construction started in 2008 and...
  • Ends: No it doesn’t. The amount you travel has never been capped. The title is incorrect and misleading.
  • Danie van der Merwe: It has nothing to do with 25 years of Apartheid and DSTV…. I have been a DSTV subscriber...
  • Danie van der Merwe: Real pity as I’ve been waiting for ages for their PVR. Difficult to move from DSTV’s...

Advertisement

Archives by Tag

8ta Alistair Fairweather Altech Apple BlackBerry Candice Jones Cell C Dimension Data DStv Duncan McLeod Facebook Google Icasa Internet Solutions Jeffrey Hedberg Lance Harris Lars Reichelt Mamodupi Mohlala Microsoft MTN Multi-Links MultiChoice MWeb Neotel Nokia Nombulelo Moholi On Digital Media Phuthuma Nhleko Pieter Uys Research in Motion Reuben September Roy Padayachie SABC Samsung Seacom Sentech Siphiwe Nyanda TalkCentral Telkom TopTV Twitter Vodacom Vodafone Vox Telecom ZA Tech Show

Advertisement

Recent Entries

TechCentral is proudly hosted by:




Log in / (c) 2009 - 2012 NewsCentral Media