Off topic- Intuit logging in to my bank account?- Conclusion (I hope)

Robert Heller heller at deepsoft.com
Thu Oct 6 14:56:14 EDT 2011 

At Thu, 06 Oct 2011 08:53:34 -0400 peace at AleksandrSolzhenitsyn.net wrote:

> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> 
> On 10/06/2011 05:06 AM, Colin Law wrote:
> > On 6 October 2011 00:23, . <peace at aleksandrsolzhenitsyn.net> wrote:
> >>
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >> Sorry for the mess up folks concerning the blank emails. I hope this
> >> one comes through ok.
> >>
> >> Below in quotes is the response I received from Quicken;
> >>
> >>
> >> "Thank you for contacting Quicken Customer Care.
> >>
> >> Hi XXXX ,this is XXXXX and I am a Supervisor at Quicken Support.I have
> >> gone through your concern and would suggest you to change your Bank
> >> account password on the Bank's website.Once,the password is changed the
> >> accounts would not be recognized at the Intuit's server and the
> >> connection to your account will be lost.
> >>
> >> The reason the accounts still exist on the Intuit Server is because
> >> ,before uninstalling the program from your system the accounts were not
> >> deactivated.Thus,the Server still logins to your account.
> >>
> >>
> >> If the issue still persists, please feel free to reply to this email."
> >>
> >>
> >> My comment about the above is simple- BALONEY!!!!!! I've changed my
> >> passwords and users ID's on all bank accounts many times per year. The
> >> same applies to the "challenge" questions too.
> >>
> >> I'll see whether there's anymore logins and let you know the results. I
> >> have to reiterate the following; 1. I haven't used Quicken in over 2
> >> years. 2. I rarely use Windows and only use it for adding iPod/iTunes
> >> music...and that maybe once every 2 months.
> >
> > You have not told us what the bank has to say about it. If someone is
> > able to login to your account after you have changed the password then
> > there is a very serious issue with the bank's system.
> >
> > Colin
> Oh....here's the situation concerning the banks (3 of them).
> 
> The 1rst bank provided the IP addresses and login dates and times.
> 
> The 2nd bank said, "we don't keep IP addresses or login dates and
> times".  My reply to that was this, "ok....let me give you an example,
> let's say I'm from the FBI and come to your bank with a subpoena for the
> IP addresses and login dates and times.  Are you going to give them
> me"?  The banks answer to that hypothetical situation was, "we'd refer
> the matter to our legal department and they would provide the
> information the FBI would want".
> 
> ....this gets better....
> 
> The 3rd bank said, "what's an IP address"?
> 
> Since the banks aren't in any hurry to solve this problem beyond the
> "change your password" idea I'm inclined  to tell them I'll close my
> accounts and go another bank (dumb me) unless they explain to me how
> this problem occurred.  I for one do not believe Intuit's argument.

Something occurs to me (and I have no idea if this is even remotely
relavant):

3 of 4 of the banks I have/have had on-line banking with *seem* to use
some third-party service to implement their on-line banking -- this is
because *I* always look at what is in the address line of my web
browser, and when I go to there on-line banking login the address is no
longer 'mumble.my-bank.com' (where 'my-bank.com' is the domain name
used for the bank's home web site), but something very different. (The
one bank that didn't had been gobbled up by BoA.  I no longer have an
account with them, and haven't for like a decade -- there were whole
piles of issues there.)

Two thoughts:

Do these third-party on-line banking services know more about what is
going on? One would really hope so -- the *bank* *customer server*
people, who are more likely to know about *banking* issues (eg where is
my money? What is today's interest rate? etc.), would not be likely to
know geeky advanced IT stuff, like IP addresses or anything about RSA
encryption, and such like.

Who *ultimately* owns these services? Intuit?(!)



> 
> 
> 
> 
> 
> 
> 
> 
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> 
> iQEcBAEBAgAGBQJOjaTKAAoJEPBpZNn4grcjGiMH/A2bMsq2IbFlVhaD1djYxKV3
> NxEHOjgsciDLxYZdTX+NVAmgFY5YH3PI7GSnuMJvwb5ZGLrcKDFv3Gxa9ODfaHEZ
> 9XaTUiwbk2kVvtkbu9kQmh6unqVpOqIxOC1aq11ISGjii4Mua9QxVMMe/HBoDfO8
> quI/FREn+XcE14CUx4CTtn6WL8+IdTdisBppv0jltImCKsBqR9unqy2uSly79wSI
> IYRu4EUnXQoOnSHOM7QzXVzZ5hFdCJ558EfTQhAmomp76XDuIJ5nbtwNMjpLijgY
> 6gYNV3aYpQI5MqmzOwES1FI30S1lRKH4XHk2IvNBMaEBO0vnfV/xU1fq6tjxRHs=
> =FPnW
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> gnucash-user mailing list
> gnucash-user at gnucash.org
> https://lists.gnucash.org/mailman/listinfo/gnucash-user
> -----
> Please remember to CC this list on all your replies.
> You can do this by using Reply-To-List or Reply-All.
> 
>                           

-- 
Robert Heller             -- 978-544-6933 / heller at deepsoft.com
Deepwoods Software        -- http://www.deepsoft.com/
()  ascii ribbon campaign -- against html e-mail
/\  www.asciiribbon.org   -- against proprietary attachments

More information about the gnucash-user mailing list