Express Web Connect

What is Direct Connect?

Back in the 2000s the only way to automatically download transactions from a bank into personal finance software was to use OFX Direct Connect. This is a standardised communication protocol that many banks support. It allows installed apps, such as Moneydance or Quicken, to directly talk to the bank's server and retrieve any new transactions.

With Direct Connect, your passwords are stored locally on your computer and are only sent to the bank when a download is requested. There is no middle man and all is secure.

Not all banks support OFX Direct Connect. The alternative is to manually download transaction files, OFX, QFX or QIF files from the bank's website and then import those into Moneydance.

Quicken created Express Web Connect as a way of connecting to banks that do not support OFX Direct Connect.

What is Express Web Connect?

With Express Web Connect the banks don't have to support any special protocols. Quicken's server essentially pretends to be a human and logs into your bank's website. It will navigate to wherever the transaction file download link is and download the QFX, OFX or QIF file for you.

The Quicken server aggregates these downloads and stores them on its own server. Quicken's server will do this on a regular basis, typically every day. Then when you run Quicken, instead of connecting to the bank's server directly, Quicken connects to the Quicken server and retrieves everything it has ready for you.

Why does Moneydance not support Express Web Connect?

To use Express Web Connect you have to give the usernames and passwords you use to log into your bank websites to Intuit. Intuit then stores these on their own servers. Intuit has to have your passwords on their servers to be able to connect to the bank on your behalf.

For the technically inclined, an important piece of information here is that Intuit cannot just store a hash of your password on their server. They must store your actual password in order to be able to use it. Storing actual passwords on servers, rather than a hash of a password, is considered extremely bad practice from computer security perspective, but in order to provide this service Intuit has no choice.

By only using Direct Connect, we can guarantee that your username, password and financial data only ever exists with your bank or on your own personal computer, and at no point are your details stored on another server.