Schwab - can't download their transactions

nealagogol's Avatar

nealagogol

07 Oct, 2021 06:33 PM

I just talked with Schwab. I am not a programmer. Just an old guy with investments and Moneydance. They are saying Moneydance needs to go to Schwab's Developer Portal at: www.Developer.Schwab.com and register for FDX access as they are updating from the old OFX access. I have no idea how long Moneydance has known about this or if it was a surprise to them. They did note that Quicken has until November 15 to make the switch. I would bet Moneydance needs to adapt some programming on their end as well. Moneydance, can you give us an idea of how long this is going to take? If it is going to be more than a couple of weeks, it might finally be the time to try Quicken for Mac.

I have not been able to download transactions from Schwab since ~9/24/2001.

  1. Support Staff 1 Posted by Maddy on 08 Oct, 2021 01:32 PM

    Maddy's Avatar

    Hi Neal,
    Thank you for contacting Moneydance support.

    Firstly, it seems that the issue is affecting all of our customers who are attempting to connect to Charles Schwab using the OFX method. Please find detailed information on this public thread where our lead developer shared an update in post 10.

    Secondly, we will be posting further information about Moneydance 2022 and Moneydance + on our blog as soon as Moneydance 2022 will be announced as the new major release. For the time being, Moneydance 2022 (4045) is available as a preview and it includes: Moneydance + a premium service for downloading accounts and transactions from thousands of banks .
    If you wish to try out the new connection method, please let us know and we will provide the relevant steps.
    Please note: Investments accounts are not included (yet!)

    Finally, I thought it may be interesting for you to read through Sean's statement on post 3 of the thread mentioned above, where he provides a truly honest and complete overview of the main factors that led him to make this forceful decision. Please find the same below:

    "Multiple major banks have contacted us to indicate that they are moving away from OFX and will eventually stop running their servers. We have met with many of them about alternative methods of connecting and even joined as full members of the Financial Data Exchange (FDX: https://financialdataexchange.org). We were clear that our preference is for Moneydance, on your computer, to connect directly to their services, avoiding any "middle men" or aggregators, as they are called. I was shocked to hear from the banks that they wanted us to use the aggregators and that if we wanted to connect directly to them then there would be an indeterminate delay on being allowed to do so. Many months later, we're still waiting. That's another thing about the newer protocols like FDX or the EU and UK's Open Banking initiatives - they are more secure, but clients usually need to be registered and authorised to connect, so we would need explicit approval from each bank and it was clear that that approval was not going to be easy to get. I don't really blame the banks, as it is so much easier for them to deal with a few major aggregators rather than hundreds or thousands of different software vendors. We will still push for and implement direct connections to as many banks as possible, and we will never drop support for direct connections as long as even a single bank runs an OFX server, but if Moneydance customers want to download their transactions, it's clear that this is the only way to provide that option for the vast majority of banks.
    I'll be honest: using an aggregator does have privacy implications in that customer transaction data (descriptions amounts, and sometimes additional metadata) goes through the aggregators' servers. On the other hand, the security is often much better than with OFX in that for many banks you will authenticate directly with the bank, including using 2-factor authentication. The aggregators and Moneydance are granted a token that provides access for a certain period of time. In those cases neither Moneydance nor the aggregator will have your password and often not even your username. For connections through Plaid, even Moneydance has no idea of your name, password, or other login credentials.
    We chose Plaid specifically for their better privacy policy regarding end-user data. They do not share or distribute your data in any way according to the people we've talked to there as well as their privacy policy which you can find here: https://plaid.com/legal/#end-user-privacy-policy
    I will reiterate that we will never force anyone to use the aggregation. We will never require a subscription to use Moneydance and the current direct OFX connections. We will continue to look for and implement more direct ways to connect to banks while preserving your privacy."
    Thanks,
    Sean
    Please let us know if you require further assistance.

    --
    Maddy, Infinite Kind Support

  2. 2 Posted by mark_r_abbott on 14 Oct, 2021 04:48 PM

    mark_r_abbott's Avatar

    I signed up for Moneydance+ to overcome the issues with Schwab. However, Plaid bounces as it says that the multi-factor authentication from Schwab is not compatible. I do get a text message with a code from Schwab when I try to connect the account but there is nowhere to go. Other banks' multi-factor authentication is working fine.

  3. Support Staff 3 Posted by Maddy on 15 Oct, 2021 08:35 AM

    Maddy's Avatar

    Hi Mark,
    At this time, Moneydance+ does not support investment accounts like Schwab. We are working with Plaid (the third-party aggregator that our Moneydance+ service uses) to enable this, but we can't speculate on when that will be released. If you have subscribed to Moneydance+, to be able to download investment accounts from Schwab, unfortunately Moneydance+ won't accomplish that at this time.

    Also, Schwab OFX (Direct Connect) downloads are no longer available. Schwab has disconnected this service without a replacement. So, we are working to restore a connection through Moneydance+ which was recommended by Schwab as the only way forward due to security concerns on their side.
    In conclusion, by using Moneydance+ in Moneydance 2022 you can download banking transactions from Schwab accounts, but investment accounts are not yet accessible.

    I hope this information is helpful. Please let us know if you have further questions or need more assistance.

    --
    Maddy, Infinite Kind Support

  4. 4 Posted by mark_r_abbott on 15 Oct, 2021 01:50 PM

    mark_r_abbott's Avatar

    So I was able to get Moneydance+ to log in to Schwab investment account (changed Schwab
    security settings to ask for two-factor only for untrusted or public sites as opposed to all sites) but
    MoneyDance+ was still unable to download transactions even though it was connected to Schwab.

    Too bad but I have canceled my trial subscription. Let me know if you are able to get this resolved.

    Thanks!

  5. 5 Posted by Bryan Shumsky on 15 Oct, 2021 07:06 PM

    Bryan Shumsky's Avatar

    I've also signed up for Moneydance+, and it's not apparently connected to Schwab Bank. Looking at the console, I can see that it's getting an "access denied" error during the connection - here's a snippet of the log:

    Sending message to https://ofx.schwab.com/bankcgi_dev/ofx_server
    >>>>>>>>

    using internal https checking

    OFXHEADER:100
    DATA:OFXSGML
    VERSION:102
    SECURITY:NONE
    ENCODING:USASCII
    CHARSET:1252
    COMPRESSION:NONE
    OLDFILEUID:NONE
    NEWFILEUID:NONE

    <OFX>
    <SIGNONMSGSRQV1>
    <SONRQ>
    <DTCLIENT>20211015150238.981
    <USERID>xxxxxx
    <USERPASS>*
    <GENUSERKEY>N
    <LANGUAGE>ENG
    <FI>
    <ORG>Intuit
    <FID>8886
    </FI>
    <APPID>MDNC
    <APPVER>2020
    </SONRQ>
    </SIGNONMSGSRQV1>
    <BANKMSGSRQV1>
    <STMTTRNRQ>
    <TRNUID>1634324558982-18
    <STMTRQ>
    <BANKACCTFROM>
    <BANKID>121202211
    <ACCTID>00000xxxxxxxxxxxx
    <ACCTTYPE>CHECKING
    </BANKACCTFROM>
    <INCTRAN>
    <DTSTART>20210930120000
    <INCLUDE>Y
    </INCTRAN>
    </STMTRQ>
    </STMTTRNRQ>
    </BANKMSGSRQV1>
    </OFX>

    <<<<77<<<<
    connecting to: https://ofx.schwab.com/bankcgi_dev/ofx_server with method: POST
    Connecting with https headers:
    POST /bankcgi_dev/ofx_server HTTP/1.1
    Host: ofx.schwab.com
    Content-Type: application/x-ofx
    Accept-Language: en-us
    Date: Fri, 15 Oct 2021 15:02:38 EDT
    Accept: */*
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1 Safari/605.1.15
    Content-Length: 648
    Cache-Control: no-cache
    Connection: close

    ---end headers
    HTTP/1.1 403 Forbidden
    Server: AkamaiGHost
    Mime-Version: 1.0
    Content-Type: text/html
    Content-Length: 296
    Expires: Fri, 15 Oct 2021 19:02:39 GMT
    Date: Fri, 15 Oct 2021 19:02:39 GMT
    Connection: close

    HTTP response headers:
    mime-version: [1.0]
    date: [Fri, 15 Oct 2021 19:02:39 GMT]
    server: [AkamaiGHost]
    content-length: [296]
    expires: [Fri, 15 Oct 2021 19:02:39 GMT]
    content-type: [text/html]
    connection: [close]
    Reading message from https://ofx.schwab.com/bankcgi_dev/ofx_server
    >>>>>>>>

    <HTML>uh oh, we've gotten some OFX with no headers: <HTML>
    <HEAD>
    <TITLE>Access Denied</TITLE>
    </HEAD><BODY>
    <H1>Access Denied</H1>
     
    You don't have permission to access "http&#58;&#47;&#47;ofx&#46;schwab&#46;com&#47;bankcgi&#95;dev&#47;ofx&#95;server" on this server.<P>
    Reference&#32;&#35;18&#46;6012417&#46;1634324559&#46;4716980
    </BODY>
    </HTML>
    BEGINRESPONSE>>>>>
    <HTML>
    <HEAD>
    <TITLE>Access Denied
    </HEAD>
    <BODY>
    <H1>Access Denied
    <P>Reference #18.6012417.1634324559.4716980
    </BODY>
    </HTML>

    <<<<<<<<ENDRESPONSE

    Hopefully those messages (assuming they are coming from Moneydance+, rather than the direct OFX connection, though it's hard to tell...) will tell someone what's going on.

  6. 6 Posted by mark_r_abbott on 15 Oct, 2021 07:13 PM

    mark_r_abbott's Avatar

    yes - not sure where the problem is. I can at least “connect" with Schwab but cannot
    download so this seems to be a Schwab/Plaid issue on OFX or something

  7. 7 Posted by Stuart Beesley ... on 15 Oct, 2021 07:17 PM

    Stuart Beesley - JUST A FELLOW USER and Toolbox ‘guy’'s Avatar

    You are seeing direct connection (ofx) messages NOT md+ messages. OFX takes precedence. You will need to disable your OFX profiles for any where you want to use md+

  8. 8 Posted by Bryan Shumsky on 15 Oct, 2021 07:29 PM

    Bryan Shumsky's Avatar

    That's what I thought, it looked like the OFX attempt

    Indeed, based on other messages I read afterwards, I went back in, and disabled the online banking connection (online/setup online banking and choose "disable"). Then going back in, it seems to "know" that I had the MD+ set up for the bank (though I did also choose "forget passwords" when disabling didn't seem to work, so I don't _think_ that was a necessary step). I now appear to connect and download successfully.

  9. 9 Posted by Stuart Beesley ... on 15 Oct, 2021 07:32 PM

    Stuart Beesley - JUST A FELLOW USER and Toolbox ‘guy’'s Avatar

    .. FYI - forget passwords should be irrelevant to this issue…

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac