tag:infinitekind.tenderapp.com,2009-01-14:/discussions/general-questions/117229-moneydance-security-questionInfinite Kind: Discussion 2021-12-09T08:49:58Ztag:infinitekind.tenderapp.com,2009-01-14:Comment/495325432021-12-07T19:51:15Z2021-12-07T19:51:15ZMoneydance+ security question<div><p>It depends on the bank and the Banks's system is the simple answer.</p>
<p>If a bank only offers OFX, downloads, or screen scraping must be used then indeed Plaid would have to log on to retrieve your data.</p>
<p>It then is your call whether to use Moneydance+, use direct OFX if available or to download and import transactions yourself. It is a question of if you want convenience or security. It seems many just want convenience.</p>
<p>If the bank is however using something like FDX then they do not have your username/password. How this works is that you logon to your bank via Plaid and an access token is specifically granted to Plaid by you using this process - a token that can be revoked at any time. Thus Plaid uses this security token to retrieve the transaction information.</p></div>dwgtag:infinitekind.tenderapp.com,2009-01-14:Comment/495325432021-12-08T14:55:55Z2021-12-08T14:55:55ZMoneydance+ security question<div><p>Hi Phil,<br>
Thank you for contacting Moneydance support.</p>
<p>According to Sean - the lead developer, "using an aggregator does have privacy implications in that customer transaction data (descriptions amounts, and sometimes additional metadata) goes through the aggregators' servers. On the other hand, the security is often much better than with OFX in that for many banks you will authenticate directly with the bank, including using 2-factor authentication. The aggregators and Moneydance are granted a token that provides access for a certain period of time. In those cases neither Moneydance nor the aggregator will have your password and often not even your username. For connections through Plaid, even Moneydance has no idea of your name, password, or other login credentials.</p>
<p>We chose Plaid specifically for their better privacy policy regarding end-user data. They do not share or distribute your data in any way according to the people we've talked to there as well as their privacy policy which you can find here: <a href="https://plaid.com/legal/#end-user-privacy-policy">https://plaid.com/legal/#end-user-privacy-policy</a></p>
<p>I will reiterate that we will never force anyone to use the aggregation. We will never require a subscription to use Moneydance and the current direct OFX connections. We will continue to look for and implement more direct ways to connect to banks while preserving your privacy."</p>
<p>I hope this information is helpful. Please let us know if you have further questions or need more assistance.</p>
<p>--<br>
Maddy, Infinite Kind Support</p></div>Maddytag:infinitekind.tenderapp.com,2009-01-14:Comment/495325432021-12-08T17:22:02Z2021-12-08T17:22:02ZMoneydance+ security question<div><p>Thanks to both dwg and Maddy for your responses.</p>
<p>Again, I believe that IK has had to make some excruciating tradeoffs to continue to offer automated connections to financial institutions. I also accept - at face value - that Plaid honors it's privacy policies to the best of their ability.</p>
<p>I'm just looking for "eyes wide open" info before I jump-in, since bad things can happen despite everyone's best effort and intent. So I'm not looking forward to my financial institutions shutting-down their OFX servers!</p>
<p>/phil23</p></div>phil23tag:infinitekind.tenderapp.com,2009-01-14:Comment/495325432021-12-09T08:49:53Z2021-12-09T08:49:53ZMoneydance+ security question<div><p>You are welcome, Phil!</p>
<p>I'll close this discussion for now, but do not hesitate to contact us again, if you need further assistance.<br>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ We would like to take the opportunity to wish you a lovely festive period!<br>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</p>
<p>--<br>
Maddy, Infinite Kind Support</p></div>Maddy