‘Why it’s safe to use 22seven’

By Simon Dingle

Yesterday, a new personal financial management service called 22seven was launched in SA. It allows you to track your personal spending and savings with tools for financial planning. The interface is slick and the intention of the developers, who I have spent some time in conversation with, is to make people more aware of their habits surrounding money.

It’s a great service in my experience, but has been met with some backlash from South Africans concerned about handing over their Internet banking details. I don’t blame people for being concerned, but they really have nothing to worry about. Here’s why.

First off, let me state for the record that I have no affiliation to 22seven. I have met the founder, Christo Davel, and enjoyed many chats with him about behavioural economics and his plans for the business — but as my readers and listeners should know by now, I put emotions aside when it comes to giving people the best possible advice. Especially when it comes to their money.

Personal financial management (PFM) tools have been around for a long time. One of the leading examples of this kind of service is Mint, which launched in the US in 2006. Mint does some of the things that 22seven can and was met with similar criticism in terms of security when it first launched. But Mint was, and is, very safe to use — and for the same reason that 22seven is.

22seven uses a third-party service provider, called Yodlee, which interacts with banking systems to extract transactional data. Mint used to use Yodlee, too, but has since switched to a system called Intuit.

22seven doesn’t actually log in to your bank account, Yodlee does. The necessary data is then extracted and passed on to 22seven’s servers.

The local company does not store your user name and passwords either — in fact, 22seven’s systems can’t even see them. When you provide your banking details on the 22seven website, you are entering them directly into Yodlee’s secure servers over an encrypted connection.

The above has been confirmed to me by the MD of Yodlee, Jason O’Shaughnessy, who I met last year, and by Davel.

So, 22seven can’t see and doesn’t store your online banking credentials. But what about Yodlee?

Yodlee is an international company that has been doing this stuff for 11 years. It claims to have more 30m users worldwide and has not had a security breach in that time. Yodlee has a better track record of protecting banking credentials than any SA bank.

Yodlee is also a partner some of the world’s top banks. HSBC, for example, which I bank with for my offshore needs, is a client, supplying data to Yodlee. The big international banks all play ball with the system in developing their own PFM tools and making sure that their customers are supported when using third-party systems.

Does that mean that Yodlee is 100% foolproof? Of course not. No system is perfect. We take some degree of risk every time we interface with financial systems. That’s life.

I was recently a victim of credit card fraud. Thousands of rands were stolen from my account by someone who had managed to capture my card details. The experience made me very wary of security surrounding my banking. But I’m not worried about 22seven. I take much more of a risk every time I let a waiter swipe my credit card in a restaurant.

I don’t blame South Africans for being concerned about handing over sensitive details. You should think twice about doing it and research the people who are asking for it. There is no way I would sign up for a service like 22seven without doing my homework.

What does surprise me is how SA banks, instead of partnering with Yodlee like their leading international counterparts have done, are advising customers not to use the system. It’s just another example of how backward our banks are in their thinking about personal finances, even if they are improving on the service front.

I signed up for 22seven and gave them my details. After chatting to O’Shaughnessy and researching the Yodlee system I am satisfied that my information is much safer with 22seven than it is with my own bank.

I challenge local banks to start thinking about personal finances and how they can empower their customers to make better decisions. It’s 2012. Ripping people off by keeping them in the dark about their own money isn’t cool. Why don’t they want to partner with Yodlee? Why are they warning you against using a system that helps you to make better financial decisions? Those are the real questions to be asking. And you won’t like the answers.

Update: As has been pointed out elsewhere, one consideration with Yodlee is that your bank will not support you in fraud cases. So, if Yodlee is compromised, your bank has no liability — unlike in the case of credit card fraud. It’s a good thing Yodlee has never been compromised then.

Related Posts Plugin for WordPress, Blogger...

Share this article

  • Concerned

    Techcentral

    I hope that you have insurance, as you publishing this opinion would certainly put you in a compromised position, should any fraud result from a user relying on a credible tech site for information.

    The one that seems to have been forgotten by your tech expert is the risk of phising through keystroke recording. I know that both ABSA and Investec have an option where the user clicks on numbers on a keypad to enter their account details to ensure that it is not picked up through keystrokes. It is just one security measure amongst a miriad of other risks, but their is no indication as to how 22Seven is ensuring this security risk.

    Also on ABSA you have a password whereby only certain letters are required, you now enter the entire word on to this website, eliminating the user intervention. If a keystroke recorded picked up on this, youre account is compromised.

    All of the above invalidates completely the assertion that 22seven is a “read only” site, sure they are, but should somebody get hold of your bank details as described above, that somebody will have much more than “read only” access.

    Best for TC is to hold thumbs right now and hope that no account is compromised….

  • Fan

    What does standard bank do on their internet  banking site?…no key pad. Makes me wonder how secure they really area and how many customers have fallen victim to keystroke recorders

  • http://twitter.com/scrookson Sean Crookson

    One can see ABSA washing its hands of any problems with the loss of any funds if you used this product. Best avoided until the banks are on board.

  • Office

    please guys, in this day and age you’re asking for people’s bank account details.  You must be CRAZY! and anyone wanting to join this scam is equally bonkers.

  • http://wogan.me Wogan

    I think 22seven is great. I’m an FNB customer – I created a read-only profile specifically for 22seven use. Even if they wanted to, they couldn’t move any of my money, so as far as I’m concerned, there’s nothing to worry about (even in the unlikely event Yodlee loses my data).

    Far as I’m concerned, people raving about 22seven being a fraud are just paranoid in general. They’ll trust their money to banks that overcharge and provide poor service, but won’t trust the information about that money to a company that’s never had a security breach? Where’s the logic in that?

Why TechCentral?

We know that as a prospective advertiser, you are spoilt for choice. Our job is to demonstrate why TechCentral delivers the best return for your advertising spend.

TechCentral is South Africa’s online technology news leader. We don’t say that lightly. We believe we produce the country’s best and most insightful online tech news aimed at industry professionals and those interested in the fast-changing world of technology.

We provide news, reviews and comment, without fear or favour, that is of direct relevance to our fast-expanding audience. Proportionately, we provide the largest local audience of all technology-focused online publishers.

We do not constantly regurgitate press releases to draw in search engine traffic — we believe websites that do so are doing their readers and advertisers a disservice. Nor do we sell “editorial features”, offer advertising “press offices” or rely on online bulletin-board forums of questionable value to advertisers to bolster our traffic.

TechCentral, which is edited and written by award-winning South African journalists, cares about delivering top-quality content to draw in the business and consumer readers that are of most interest to technology advertisers.

We’d like the opportunity to demonstrate the value of directing a portion of your advertising budget to TechCentral, whether your company is in the technology field or not. Numerous opportunities exist for companies interested in reaching our audience of key decision-makers in South Africa’s dynamic information and communications technology sector. We offer packages that will deliver among the best returns on investment available in the online technology news space.

For more information about advertising opportunities, and how your organisation can benefit by publicising itself on TechCentral, please call us on 011-792-0449 during office hours. Or send us an e-mail and ask for our latest rate card and brochure.