Henry on 25 Aug, 2019 07:04 PM
Thank you for contacting us.
Moneydance only supports automatic downloads using Direct Connect, and unfortunately Citibank don't support this connection method. If they begin to support Direct Connect at any point, we'd be happy to establish a connection with them.
Citibank use other connection methods that Moneydance does not support, called Web Connect and Express Web Connect.
By only using Direct Connect, we can guarantee that your username, password and financial data only ever exists with your bank or on your own personal computer, and at no point are your details stored on another server.
You can read more about why we only support Direct Connect in our blog and also in this article.
Without Direct Connect, you are still able to easily import your data into the program. The best way to get your transactions into Moneydance is to use a web browser to download files from your bank's web site.
We'd recommend you download using the OFX or QFX file format if available. If not use the QIF file format. (These files are sometimes referred to as Quicken or MS Money files). You can import these files to Moneydance using File --> Import.
The steps for manually importing your data are outlined in this article.
on 26 Aug, 2019 02:17 PM
The blog makes excellent points re: the benefits of proper security and privacy protections. Nonetheless, why not let use of these potentially problematic protocols a clear and explicit user opt-in, even with a "I have read and understand" road bump in front of the feature?
I'm looking into Citibank's procedures and policies and it appears I take the exact same risks be merely using the online products, which I do find offending but have little alternative at this point. If this analysis is correct, then the workaround you suggest is no better than not supporting the protocols, so why not let users opt-in, aware of the risks?
One reason could be standing in principle to force industry change. I understand and do just that when I contribute to open source software projects. But that's my choice, here it is yours, imposed on me, your user.
Lastly, as a business position you actually undermine the viability of your product relative to those that use the protocols extensively. I'm careful with my finances and transactions so I tolerate the inconvenience as there is no good alternative, but I suspect you are losing a lot of potential customers because of the more limited online integration capabilities.
As well as Express Web Connect raising security issues at a more fundamental level the Web Connect family is owned by Quicken and is a proprietary method so it is not possible for other vendors to use it.
As I understand it the bank's servers must have access to the Quicken brand server so that access to web connect can be validated as being for a registered Quicken user.
on 29 Aug, 2019 01:20 PM
While I'm sure Quicken would object that it violates their license, they don't (perhaps can't) enforce it. I actually suspect that they calculate that it's better to have banks licensing their protocol rather than dominating the Quicken market on the consumer side.
FWIW, I'm enthusiastic about digital openness - standards, open source, etc. - but my point is that I should choose when and where to take a stand.
This quote is from a Quicken published document on Web connect.
"Note: Web Connect requires access to the Intuit branding server over the Internet."
It doesn't matter how many games you play with a browser if the banks web server has to pass information to a Quicken server and get a positive response before it will allow the download of the data you will not get around it at the browser level.