tag:infinitekind.tenderapp.com,2009-01-14:/discussions/online-banking/25958-ofx-downloadsInfinite Kind: Discussion 2023-06-21T03:00:19Ztag:infinitekind.tenderapp.com,2009-01-14:Comment/583017822023-03-17T23:05:08Z2023-03-17T23:05:08ZOFX Downloads<div><p>I'm a fellow user.</p>
<p>The OFX specification has not changed in a while and is generally backwards compatible so as to not break existing implementations, there is only one specification so implementation differences would be because of the developer. Hence why some Financial institutions handle negative amounts differently, which Moneydance has had to account for.</p>
<p>OFX servers are usually implemented as a sub-system away from the main production systems with some sort of data feed, often they only have a time limited subset of data.</p>
<p>Now I could envisage the data feed being set up so that some machines see a different number of accounts to other machines, but to say that is the case here would only be speculation.</p>
<p>In short I do not see different OFX specs being a likely issue, how institutions have set up their systems is another story. So I really think the problem is likely to be of Fidelity's own making.</p></div>dwgtag:infinitekind.tenderapp.com,2009-01-14:Comment/583017822023-03-17T23:38:00Z2023-03-17T23:38:00ZOFX Downloads<div><p>Thanks for the response so quickly! It's always best to discard those potential options that you might never think of quickly before doing a lot of work.</p>
<p>The perplexing part is still - using the exact same FI (Fidelity Investments) in OFX, one program gives me 3 accounts, MD gives me 4.</p></div>Johntag:infinitekind.tenderapp.com,2009-01-14:Comment/583017822023-03-21T18:19:47Z2023-03-21T18:19:47ZOFX Downloads<div><p>I just received this very helpful and informative link on this topic (OFX downloads from Fidelity NetBenefits):</p>
<p><a href="https://nb.fidelity.com/bin-public/070_NB_PreLogin_Pages/documents/email/MECB2B/FAQ_Securing_Customer_Data_on_Fidelity_Webpages_EXTERNAL.pdf">https://nb.fidelity.com/bin-public/070_NB_PreLogin_Pages/documents/...</a></p>
<p>Is MD considered a third party data aggregator (not MD+)? If so, have you been working with Fidelity on any new download APIs that might be needed for future successful downloading? If not, since Plaid definitely is considered a third party aggregator by Fidelity (as stated in the linked document), has Plaid (MD+) been working with Fidelity on any new APIs needed (or soon to be needed) APIs for downloading?</p></div>Johntag:infinitekind.tenderapp.com,2009-01-14:Comment/583017822023-03-21T22:49:24Z2023-03-21T22:49:24ZOFX Downloads<div><p>Institutions generally do not consider end user software like Moneydance to be aggregators. Aggregators are usually considered to be the Plaid, Yodlee, Salt Edge etc of this world.</p></div>dwgtag:infinitekind.tenderapp.com,2009-01-14:Comment/583017822023-03-21T23:00:27Z2023-03-21T23:00:27ZOFX Downloads<div><p>That is also my general understanding but I don't know what might or might not be the discerning characteristics between programs/services like that and the likes of Quicken, Moneydance, Mint, etc.</p></div>Johntag:infinitekind.tenderapp.com,2009-01-14:Comment/583017822023-03-21T23:47:21Z2023-03-21T23:47:21ZOFX Downloads<div><p>The most secure method would be a direct connection between the institution and the software on your computer i.e. Direct Connect.</p>
<p>Institutions are going in this direction so that they do not have to provide direct connect services ad do not have to deal with end users i.e. customers - you have a problem getting data talk to your aggregator.</p>
<p>It basically reduces their costs and the work the institutions have to do, they try to make the link between themselves and the aggregator more secure, there is no consideration to privacy and the use of the data however.</p>
<p>Mentioning Mint I think is furfy. Intuit is the aggregator of course, Mint is Intuit's online end user product, which it tightly tied in to their aggregation.</p>
<p>I do not see any institution, and we are really talking about U.S. institutions here, seeing a small U.K. based company as an aggregator. One institution also told Moneydance that they will not deal with a non U.S. based company.</p></div>dwgtag:infinitekind.tenderapp.com,2009-01-14:Comment/583017822023-03-22T00:13:52Z2023-03-22T00:13:52ZOFX Downloads<div><p>I'm a bit unclear, but I'll ask: Does that mean that the connection I make using MD as the program on my computer to download transactional information from institutions is, in your words, a direct connection? Why is this also not the case with Quicken, who uses the OFX protocol to download as well (at least with DirectConnect)? In that simple comparison, neither Quicken nor MD would or should be classified data aggregators, correct? And yeah, I looked at Mint for all of a mere 10-15 minutes many, many years ago and decided I didn't like what I was giving them access to.</p>
<p>As to working with or not working with non US institutions, I've no experience so can't really comment.</p></div>Johntag:infinitekind.tenderapp.com,2009-01-14:Comment/583017822023-03-22T00:37:10Z2023-03-22T00:37:10ZOFX Downloads<div><p>Direct connect is a direct link between Moneydance and the bank's server (or their service provider) it is the same as Quicken's Direct connect in every way, same protocol, same server.</p>
<p>Moneydance+ is not direct connect, it uses the aggregator Plaid, it is equivalent to Quicken's Express Web Connect. An aggregator periodically downloads transactions and holds them awaiting for you to download from them.</p>
<p>Neither Quicken or Moneydance are considered aggregators.</p>
<p>People may think that as the software is aggregating all of my data it is an aggregator, a real aggregator though links data from many organisations for many people in one location.</p>
<p>The naming of Express Web Connect may lead people to think it is part of Quicken. When the software was owned by Intuit the service was run by Intuit and being used by both the Quicken and Mint products, with Quicken now not owned by Intuit whether it has its own service or still uses Intuit I do not know, but I suspect they have an agreement with Intuit, as I think it makes more sense.</p></div>dwgtag:infinitekind.tenderapp.com,2009-01-14:Comment/583017822023-03-22T00:44:42Z2023-03-22T00:44:42ZOFX Downloads<div><p>Thanks for that explanation dwg.</p></div>Johntag:infinitekind.tenderapp.com,2009-01-14:Comment/583017822023-03-22T00:48:34Z2023-03-22T00:48:34ZOFX Downloads<div><p>For the record, I'm not having any issues with downloading from Fidelity (Investments or NetBenefits). When I look at the OFX log (console window), I do see lots of references to TLS, Trusted Certificates, cipher suites, when downloading from Fidelity. I don't see that from downloads with other institutions. Perusing through the program changelogs, there are references to TLS and Fidelity, and Trusted Certificates and download setups that might require those options in 2019 and 2021.</p>
<p>I am quite happy with MD and its direct connections at the current time.</p>
<p>Again thanks for your clarifications.</p></div>Johntag:infinitekind.tenderapp.com,2009-01-14:Comment/583017822023-03-22T02:08:37Z2023-03-22T02:08:37ZOFX Downloads<div><p>Direct connect makes use of trusted certificates without those it doesn't work, it also makes use of a secured link for the data transfer. The trusted certificates come built into Moneydance, when one expires it usually requires a Moneydance update.</p>
<p>Direct Connect is a client/server implementation using the OFX protocol, OFX is both a protocol as well as a file format. Moneydance is the client.</p>
<p>OFX appears to be evolving, it has now has moved under the FDX organisation and one of the things I feel that is likely to do is move access to be token based, which is how Open Banking works.</p></div>dwgtag:infinitekind.tenderapp.com,2009-01-14:Comment/583017822023-03-22T02:23:39Z2023-03-22T02:23:39ZOFX Downloads<div><p>When I use a python tool ofxtools and ofxget script in that project, lets take Fidelity Investments, when I make the ofxget request for acctinfo, it replies back with all of my accounts. The OFX dialog in that case is clean of any trusted certificates comments. It was on a clean, just installed machine, wo no MD on the machine, just W10 OS and a clean install of Python 3.10. I get that the implementation that is integrated into MD may need/require the trusted certificates, but I do not think that is the case for every OFX connection (for instance in other programs, e.g. the python script). If so, each individual program may select what is/isn't integrated with their code dependent of course on the requirements of the financial institution.</p>
<p>Of course, I am easily out on a limb on this one and could be totally off base. Just an example of asking and retrieving OFX data communications.</p></div>Johntag:infinitekind.tenderapp.com,2009-01-14:Comment/583017822023-03-22T02:29:32Z2023-03-22T02:29:32ZOFX Downloads<div><p>A lot of institutions use certificates, they do not have to however. It is another layer of security.</p></div>dwgtag:infinitekind.tenderapp.com,2009-01-14:Comment/583017822023-03-22T02:51:24Z2023-03-22T02:51:24ZOFX Downloads<div><p>Agreed on that. Thanks.</p></div>John