I was looking to get a complete picture of my spending during last FY and was search for apps and found this app MoneyBrilliant, where they connect to your bank and get the transaction information. For this we need to provide login credentials..
I work in the banking industry in security and have specifically dealt with these kinds of apps as part of my role. Every bank I'm aware of will have a clause in the Terms of Service that state you should not share your online banking credentials with any third party (including these apps) - if you do, you may be liable for any losses incurred due to fraud. Another important thing to note is that the reason you need to provide your login credentials is because these apps retrieve your financial data by logging in to the banking website and posing as you, essentially screen-scraping your data. In theory, the API they use could be configured to make transactions at any time they choose, or they could easily just choose to steal your credentials. Further, from the bank's perspective, it will appear in the logs that your account is being logged into multiple times a day (sometimes hundreds of times).
I used to use both MoneyBriliant and PocketBook before I joined the security team and discovered the way they work, and I now no longer use them and advise others to strongly consider the risks of using them. I agree they are definitely useful apps and do wish that the banks incorporated a lot of their features into their own apps, but I personally don't feel that the risk is worth it.
Do note - if you use them at all then decide at some point it's not for you, deleting the app isn't enough, as the API will continue logging into your account for you. You will need to properly remove your account and data from the service either through the website or contacting the company itself.
Thank you so much for your very informative post and compelling warning about these products. So you can't just change your password to prevent the API logging in after cancellimg/deleting the app?
Thanks for your kind words! Changing your password will stop the app from being able to access your account, but it will continue to try logging in with the wrong password. I can't speak for other banks, but where I work after a certain number of failed login attempts your account will automatically be suspended from online banking. I imagine other banks will have similar safeguards. The only way to prevent being continually suspended is to delete your account, which should (hopefully) stop the API from logging in at all. Hope that helps.
Thanks bolt for the response. Looks like it's a risk to take, which I'm not looking to.
So you work in the banking industry with security, so can you answer the following.
Banks could easily allow us to have two access capabilities (passwords) to our banking details.
On the latter it would appear that some banks let this happen for accountants etc, so why not for programs like moneybrilliant.
Very good point and I wish I had more to share on this. I've heard talk of something to address this in the pipeline for a number of years now, so it's definitely been considered and in the works, but I don't know when it will come to fruition. Sadly my team isn't situated in a place where we have influence over decisions like this.
I used ANZ Money Manager long time ago considering it was ANZ product. Then I found that they were using third party as service provider. Since then I have never used these kind of money managers.
Now I keep 1-2 accounts and spend some time analysing my budget rather than having multiple accounts and then juggle.
Tried money brilliant and pocket Smith a while back. There were some inconsistencies in the data presented by money brilliant that I didn't like. I also really didn't like that they do not allow manual data import. Checked recently and they still don't, so it's still on my do not use list.
Pocket Smith and others do support manual data import. This is much safer since you're not handing over any account credentials. I found pocket Smith pretty good, but I never spent the time to really learn and use it properly.
I am a big fan of iXpenseit and have been using it for close to 9 years. I use it to track every single expense I make and I am pretty fussy with making notes, pictures and correctly tagging each and every expense (which may seem pretty intense to some people). I do not really use it for budgeting though which I think those Pocketbook apps are for though.
I have compared Pocketbook against iXpenseit and I definitely recommend the latter as it provides a really good view of every expense you have ever made. Some cons (if you can call it that), is that iX does not connect to your bank(s) (which I really do not care for anyway due to security considerations and that some of my banks take too long to update transactions which I would like to tag and update straight away).
Give iXpenseit a try and you will not be disappointed.
No issues from my end, I find it as safe as PocketBook