‘Why it’s safe to use 22seven’
By Simon Dingle
Yesterday, a new personal financial management service called 22seven was launched in SA. It allows you to track your personal spending and savings with tools for financial planning. The interface is slick and the intention of the developers, who I have spent some time in conversation with, is to make people more aware of their habits surrounding money.
It’s a great service in my experience, but has been met with some backlash from South Africans concerned about handing over their Internet banking details. I don’t blame people for being concerned, but they really have nothing to worry about. Here’s why.
First off, let me state for the record that I have no affiliation to 22seven. I have met the founder, Christo Davel, and enjoyed many chats with him about behavioural economics and his plans for the business — but as my readers and listeners should know by now, I put emotions aside when it comes to giving people the best possible advice. Especially when it comes to their money.
Personal financial management (PFM) tools have been around for a long time. One of the leading examples of this kind of service is Mint, which launched in the US in 2006. Mint does some of the things that 22seven can and was met with similar criticism in terms of security when it first launched. But Mint was, and is, very safe to use — and for the same reason that 22seven is.
22seven uses a third-party service provider, called Yodlee, which interacts with banking systems to extract transactional data. Mint used to use Yodlee, too, but has since switched to a system called Intuit.
22seven doesn’t actually log in to your bank account, Yodlee does. The necessary data is then extracted and passed on to 22seven’s servers.
The local company does not store your user name and passwords either — in fact, 22seven’s systems can’t even see them. When you provide your banking details on the 22seven website, you are entering them directly into Yodlee’s secure servers over an encrypted connection.
The above has been confirmed to me by the MD of Yodlee, Jason O’Shaughnessy, who I met last year, and by Davel.
So, 22seven can’t see and doesn’t store your online banking credentials. But what about Yodlee?
Yodlee is an international company that has been doing this stuff for 11 years. It claims to have more 30m users worldwide and has not had a security breach in that time. Yodlee has a better track record of protecting banking credentials than any SA bank.
Yodlee is also a partner some of the world’s top banks. HSBC, for example, which I bank with for my offshore needs, is a client, supplying data to Yodlee. The big international banks all play ball with the system in developing their own PFM tools and making sure that their customers are supported when using third-party systems.
Does that mean that Yodlee is 100% foolproof? Of course not. No system is perfect. We take some degree of risk every time we interface with financial systems. That’s life.
I was recently a victim of credit card fraud. Thousands of rands were stolen from my account by someone who had managed to capture my card details. The experience made me very wary of security surrounding my banking. But I’m not worried about 22seven. I take much more of a risk every time I let a waiter swipe my credit card in a restaurant.
I don’t blame South Africans for being concerned about handing over sensitive details. You should think twice about doing it and research the people who are asking for it. There is no way I would sign up for a service like 22seven without doing my homework.
What does surprise me is how SA banks, instead of partnering with Yodlee like their leading international counterparts have done, are advising customers not to use the system. It’s just another example of how backward our banks are in their thinking about personal finances, even if they are improving on the service front.
I signed up for 22seven and gave them my details. After chatting to O’Shaughnessy and researching the Yodlee system I am satisfied that my information is much safer with 22seven than it is with my own bank.
I challenge local banks to start thinking about personal finances and how they can empower their customers to make better decisions. It’s 2012. Ripping people off by keeping them in the dark about their own money isn’t cool. Why don’t they want to partner with Yodlee? Why are they warning you against using a system that helps you to make better financial decisions? Those are the real questions to be asking. And you won’t like the answers.
Update: As has been pointed out elsewhere, one consideration with Yodlee is that your bank will not support you in fraud cases. So, if Yodlee is compromised, your bank has no liability — unlike in the case of credit card fraud. It’s a good thing Yodlee has never been compromised then.
- Simon Dingle is host of the ZA Tech Show and technology editor at Finweek magazine
- This article, orginally published at simon.co.za, is republished with kind permission