[GNC] Using Quicken direct connect with USAA

Jon Schewe jpschewe at mtu.net
Mon May 25 14:47:37 EDT 2020 

It just started working "magically". I tried manually creating an
account and associating it with a GnuCash account. Then tried getting
the balance and got an error that I had the account number wrong. So I
went back into the AQBanking Wizard and executed Retrieve Account List
to get the full account number. Now when I went over to the accounts
tab my accounts are there! I was able to associate them with the right
GnuCash accounts and it seems to be working. 

I went back through my setup and deleted my aqbanking user and wrote up
the steps that worked. It seems there is something about needing a
dummy account created, otherwise aqbanking won't save the account
information that it retrieved.

Here are the steps, note the bit about a dummy account.

  * Tools -> Online Banking Setup...
  * Create User
  * Next
  * OFX-DirectConnect backend
  * Run
  * Next
  * Select
  * USAA
  * Select bank and click OK
  * Next
  * Enter USAA number with zeros on the left to make the number 9
digits for the User Name and the User Id
  * Next
  * Next
  * Next
  * Retrieve Account List
  * Enter PIN
  * Finish
  * Click on the Accounts tab
  * If it's empty, create a dummy account using the aqofxconnect
backend
    * OK
    * Leave everything blank
    * OK
    * Dismiss message about unable to update
    * Users
    * Edit User
    * Bank Settings
    * Retrieve Account List
    * Close
  * Click on Accounts tab and see the new accounts, delete the dummy
account
  * Close
  * Next
  * Associate to GnuCash accounts, looking at the account number works
well
  * Next
  * Apply
  * Test by opening a GnuCash account that was associated with USAA
    * Actions -> Online Actions -> Get Balance
    * See the balance show up in a dialog

On Mon, 2020-05-25 at 13:21 -0500, Jon Schewe wrote:
> Thank you for your help thus far.
> 
> I noticed that I had AQBanking and GnuCash installed both inside and
> outside flatpak. I've removed the version outside flatpak, but that
> didn't help.
> 
> If there are some additional debugging steps that are suggested for
> checking aqbanking, let me know and I can see where the integration
> with GnuCash is breaking.
> 
> On Mon, 2020-05-25 at 09:47 -0700, John Ralls wrote:
> 
> Well, that's progress. The communication with USAA is clearly
> working.
> 
> Maybe the flatpak sandbox isn't letting GnuCash see the results from
> AQBanking. Unfortunately I don't have time to investigate this
> further today.
> 
> Regards,
> John Ralls
> 
> 
> 
> On May 25, 2020, at 9:29 AM, Jon Schewe <jpschewe at mtu.net> wrote:
> 
> John,
> 
> Using those settings got me different information in the dialog.
> However I still don't have an option to associate the accounts. When
> I close the dialogs I'm back to "Start Online Banking Wizard" and the
> match step is still grey.
> 
> 11:24:16 Saving communication log to 1
> 11:24:16 Sending request...
> 11:24:16 Using GnuTLS default ciphers.
> 11:24:16 TLS: SSL-Ciphers negotiated: TLS1.3:ECDHE-RSA-AES-256-
> GCM:AEAD
> 11:24:16 Waiting for response...
> 11:24:17 Saving communication log to 1
> 11:24:17 Parsing response...
> 11:24:17 Status for signon request: Success (Code 0, severity "INFO")
> The server successfully processed the request.
> 11:24:17 Status for account info request: Success (Code 0, severity
> "INFO")
> The server successfully processed the request.
> 11:24:17 Received account XXXXXXXXX/XXXXXXXXXX ((no bank
> name)/ACCOUNT)
> 11:24:17 Received account XXXXXXXXX/XXXXXXXXXX ((no bank
> name)/ACCOUNT)
> 11:24:17 Received account (no bank code)/XXXXXXXXXXXXXXXX ((no bank
> name)/ACCOUNT)
> 11:24:17 Operation finished, you can now close this window.
> 
> Jon
> 
> On Mon, 2020-05-25 at 09:09 -0700, John Ralls wrote:
> 
> Jon,
> 
> The Application Settings I use for USAA are
> Application ID: QWIN
> Application Version: 2200
> Header Version: 102
> 
> In Special Settings:
> HTTP Version, Client UID, and Security Type are blank, Force SSLv3
> and Send Short Date are checked, and Send Empty Bank ID and Send
> Empty FID are unchecked.
> 
> Another user had trouble with USAA because he had entered a Client
> UID on the User Settings page, so make sure that's blank too.
> 
> Yes, SSL v3 is less secure than TLS, but it's better than sending the
> data in the clear, and yes, the authentication that USAA uses on OFX
> DirectConnect is less than ideal.
> 
> Regards,
> John Ralls
> 
> 
> On May 25, 2020, at 8:59 AM, Jon Schewe <jpschewe at mtu.net> wrote:
> 
> Alan,
> 
> Thanks for the suggestion. I tried not setting any special settings
> and
> make sure the SSL v3 is unchecked. Still no change.
> 
> As far as security goes, this method for getting my transactions
> appears less secure than using Web Connect. When I login to get to
> the
> Web Connect download I need to enter a one time password from my
> phone,
> but for Direct Connect I only need my PIN.
> 
> Jon
> 
> On Mon, 2020-05-25 at 11:48 -0400, Alan wrote:
> Jon,
> 
> Disable SSL v3. Info at wiki.gnucash.org is wrong. It's not secure,
> and no
> reputable financial institution should be supporting it for financial
> transactions.
> 
> As of this moment, USAA is only supporting TLS 1.2 and 1.3, which are
> secure.
> Suggest not setting any of the "special settings" options, and never
> enable SSL
> v2 or v3 for any program, except for testing with non-sensitive data.
> 
> -----Original Message-----
> From: gnucash-user
> [mailto:gnucash-user-bounces+alangnuc=bigtowers.net at gnucash.org] On
> Behalf Of
> Jon Schewe
> Sent: Monday, May 25, 2020 10:36 AM
> To: gnucash-user <gnucash-user at gnucash.org>
> Subject: [GNC] Using Quicken direct connect with USAA
> 
> I have been using the Web Connect with USAA for years and that's
> worked great.
> However now I see that they are discontinuing support for this
> feature. So I'm
> trying to setup Direct Connect. I found the instructions for setting
> up USAA at
> https://wiki.gnucash.org/wiki/OFX_Direct_Connect_Bank_Settings#USAA,
> however I'm not seeing the "Server Capabilities" tab to select the
> account list
> download options.
> 
> I'm using GnuCash 3.10 from flatpak.
> I'm on Linux.
> 
> I have the following Settings:
> "User Settings"
> User Name, User id and Client UID all set to my USAA number. I have
> tried both
> with the 00 prefix and without.
> 
> "Bank Settings"
> Broker ID: 5874
> FID: 24591
> ORG: USAA
> Server URL: https://service2.usaa.com/ofx/OFXServlet
> 
> "Application Settings"
> I've tried the default application settings and the settings that
> should be for
> Quicken 2017:
> Application ID: QWIN
> Application Version: 2600
> Header Version: 102
> 
> Under "Special Settings" I've tried HTTP Version blank, 1.0 and 1.1.
> I've checked "Force SSLv3".
> 
> When I go back to the "Bank Settings" tab I see the following after
> clicking on
> "Retrieve Account List".
> 
> 09:26:37 Sending request...
> 09:26:37 Using GnuTLS default ciphers.
> 09:26:37 TLS: SSL-Ciphers negotiated: TLS1.3:ECDHE-RSA-AES-256-
> GCM:AEAD
> 09:26:37 Waiting for response...
> 09:26:37 Operation finished, you can now close this window.
> 
> The AqBanking Setup never lets me get to the point of associating
> USAA accounts
> with GnuCash accounts. Can someone give me some pointers on what is
> wrong here?
> 
> Thank you,
> Jon
> 
> 
> 
> _______________________________________________
> gnucash-user mailing list
> gnucash-user at gnucash.org
> To update your subscription preferences or to unsubscribe:
> https://lists.gnucash.org/mailman/listinfo/gnucash-user
> If you are using Nabble or Gmane, please see 
> https://wiki.gnucash.org/wiki/Mailing_Lists for more information.
> -----
> Please remember to CC this list on all your replies.
> You can do this by using Reply-To-List or Reply-All.
> 
> 
> 
> 
> 
> 
> _______________________________________________
> gnucash-user mailing list
> gnucash-user at gnucash.org
> To update your subscription preferences or to unsubscribe:
> https://lists.gnucash.org/mailman/listinfo/gnucash-user
> If you are using Nabble or Gmane, please see 
> https://wiki.gnucash.org/wiki/Mailing_Lists for more information.
> -----
> Please remember to CC this list on all your replies.
> You can do this by using Reply-To-List or Reply-All.
> 
>

More information about the gnucash-user mailing list