Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
  • FIRST POST
    • MSE Rosie
    • By MSE Rosie 28th Sep 17, 3:24 PM
    • 60Posts
    • 26Thanks
    MSE Rosie
    MSE News: New HSBC app will show ALL your accounts - even if they're with its rivals
    • #1
    • 28th Sep 17, 3:24 PM
    MSE News: New HSBC app will show ALL your accounts - even if they're with its rivals 28th Sep 17 at 3:24 PM
    HSBC is launching a new app that can show you your bank accounts, credit cards, mortgages and loans from 21 different banks in one place...
    Read the full story:
    'New HSBC app will show ALL your accounts - even if they're with its rivals'

    Click reply below to discuss. If you haven’t already, join the forum to reply.
Page 1
  • jamesd
    • #2
    • 28th Sep 17, 3:57 PM
    • #2
    • 28th Sep 17, 3:57 PM
    I'm far more interested in ensuring that banks - particularly HSBC - can't get at information from other providers than helping them to data mine across all of my accounts. If for some reason I did have a use for that I'd want fine-grained control down to individual transaction level about which information they could get at.

    Worse still would be marketing sites like comparison sites getting at the information.
    • martinthebandit
    • By martinthebandit 28th Sep 17, 4:05 PM
    • 3,258 Posts
    • 5,527 Thanks
    martinthebandit
    • #3
    • 28th Sep 17, 4:05 PM
    • #3
    • 28th Sep 17, 4:05 PM
    I'm far more interested in ensuring that banks - particularly HSBC - can't get at information from other providers than helping them to data mine across all of my accounts. If for some reason I did have a use for that I'd want fine-grained control down to individual transaction level about which information they could get at.

    Worse still would be marketing sites like comparison sites getting at the information.
    Originally posted by jamesd
    Exactly.

    I have a HSBC account and others and the HSBC app will be going nowhere near the others.
    Politics -
    from the words Poli, meaning many
    and tics meaning blood sucking parasites


    (thanks to Kinky Friedman (or Larry Hardman) for the quote}
    • VT82
    • By VT82 28th Sep 17, 9:17 PM
    • 922 Posts
    • 745 Thanks
    VT82
    • #4
    • 28th Sep 17, 9:17 PM
    • #4
    • 28th Sep 17, 9:17 PM
    Daft hare-brained scheme from the Financial Conduct Authority. Something someone there dreamt up as being in the public interest, despite no one really wanting or needing it. And then of course the banks have to chuck millions at making it happen because the FCA says so. But it's OK because of course all banks have an endless supply of capital to splash on vanity projects like this...
    • jonesMUFCforever
    • By jonesMUFCforever 28th Sep 17, 10:32 PM
    • 24,078 Posts
    • 11,367 Thanks
    jonesMUFCforever
    • #5
    • 28th Sep 17, 10:32 PM
    • #5
    • 28th Sep 17, 10:32 PM
    From what I have read it will be a nuisance as your accounts will only be ''linked'' for a month at a time then you will have to go through it all again.
    What goes around - comes around
    give lots and you will always receive lots
    • Ectophile
    • By Ectophile 28th Sep 17, 11:06 PM
    • 2,738 Posts
    • 1,676 Thanks
    Ectophile
    • #6
    • 28th Sep 17, 11:06 PM
    • #6
    • 28th Sep 17, 11:06 PM
    There's no way I'm giving one bank all the details of accounts I hold anywhere else. It's nothing to do with them.

    I can also see it being a potential security nightmare if someone finds a flaw in one of the apps.
    If it sticks, force it.
    If it breaks, well it wasn't working right anyway.
    • badmemory
    • By badmemory 29th Sep 17, 4:14 AM
    • 795 Posts
    • 777 Thanks
    badmemory
    • #7
    • 29th Sep 17, 4:14 AM
    • #7
    • 29th Sep 17, 4:14 AM
    What a lovely idea! A bank can not just lose the info on accounts you hold with them but also any accounts you hold with other banks. I'm sure there is no way anything can go wrong with this.

    Where do they get these massively stupid ideas from? The how to commit fraud the easy way handbook?
    • robatwork
    • By robatwork 29th Sep 17, 12:40 PM
    • 3,942 Posts
    • 4,272 Thanks
    robatwork
    • #8
    • 29th Sep 17, 12:40 PM
    • #8
    • 29th Sep 17, 12:40 PM
    https://www.theguardian.com/business/2009/jul/22/hsbc-lost-data-fsa-fine

    Let's hope they don't post unencrypted CDs around any more.
    They probably just lose the odd memory stick now.

    https://www.corp-research.org/HSBC

    "Lax internal controls" $2 billion in fines.

    This app won't be going on my phone. Shocking organisation.
    • colsten
    • By colsten 29th Sep 17, 1:36 PM
    • 8,752 Posts
    • 7,413 Thanks
    colsten
    • #9
    • 29th Sep 17, 1:36 PM
    • #9
    • 29th Sep 17, 1:36 PM
    It's worth noting that until Open Banking comes into effect, some banks including Barclays, Lloyds and Halifax say that you're liable for fraud on your account if you've shared your login details with anybody, including apps - you need to decide whether or not you're happy to take on this risk before you download an app that uses your login details.
    by MSE
    Lloyds Terms and Conditions have contained this clause for several years:
    If you use an aggregation service we do not provide, we will not treat you as breaking your security obligations as long as you do not give your security details to the service provider.
    (An aggregation service enables you to view, in one place, information about accounts with different banks.)
    The important bit there is "as long as you do not give your security details to the service provider". A proper aggregation service will not give your security details to the provider but keep it instead in an encrypted file on your device. Nobody in their right mind would be using any service that actually passes the security details to the provider.

    Personally, I hope I will be able to continue to use ewise as my account aggregator as I don't fancy to have to go through a bank. I also don't want a bank to choose which financial organisations I have accounts with. For instance, I want (and do have) TD Direct and HL, clearly neither a bank nor a BS, on my aggregator.
    Last edited by colsten; 29-09-2017 at 1:39 PM.
    • Shakin Steve
    • By Shakin Steve 29th Sep 17, 3:19 PM
    • 961 Posts
    • 683 Thanks
    Shakin Steve
    I gues it’s a matter of personal choice. There will, no doubt, be plenty of younger people who think that this is a great idea, and may even save them five minutes a day. I have three bank accounts, two of them with the same provider (Tesco), and three credit cards. I can check all five accounts within minutes if I feel the need to.
    Maybe certain advantages will become apparent once open banking has been up and running for a while but, for now, I’m not playing.
    I came into this world with nothing and I've got most of it left.
    • zerog
    • By zerog 30th Sep 17, 1:34 PM
    • 2,285 Posts
    • 764 Thanks
    zerog
    I have 13 current accounts and 8 credit cards and I haven't seen the need to use an "app".

    If I do need to access online banking on my phone or tablet, I am perfectly happy using the websites (all browsers set to request desktop versions).
    • colsten
    • By colsten 30th Sep 17, 3:24 PM
    • 8,752 Posts
    • 7,413 Thanks
    colsten
    I have 13 current accounts and 8 credit cards and I haven't seen the need to use an "app".
    Originally posted by zerog
    I have a few more than you, and I couldn't possibly manage them all without an aggregator. I must have used one for about 10 years now, with no major problems at all. The biggest 'upset' was probably when Egg Money Manager got withdrawn a few years ago. Ewise has filled that space very nicely though, and I hope it will stay available without having to go through an intermediary such as a bank.
    • Doc N
    • By Doc N 30th Sep 17, 7:19 PM
    • 6,314 Posts
    • 19,222 Thanks
    Doc N
    I have a few more than you, and I couldn't possibly manage them all without an aggregator. I must have used one for about 10 years now, with no major problems at all. The biggest 'upset' was probably when Egg Money Manager got withdrawn a few years ago. Ewise has filled that space very nicely though, and I hope it will stay available without having to go through an intermediary such as a bank.
    Originally posted by colsten
    I'm with you on this - aggregation is hugely useful. First Direct Internet Banking Plus works (and stores no passwords, logins etc outside your own PC) but it's extremely clunky, requires Internet Explorer, and three incorrect logins will mean a huge amount of work redoing all the information - a real heartsink moment if it happens.

    Ewise? Tell me more. In fact I'd be interested to hear of any alternatives to the First Direct option.
    • colsten
    • By colsten 30th Sep 17, 10:06 PM
    • 8,752 Posts
    • 7,413 Thanks
    colsten

    Ewise? Tell me more. In fact I'd be interested to hear of any alternatives to the First Direct option.
    Originally posted by Doc N
    ewise is the underlying technology for the FD aggregator. It's the same clunky IE interface but it does offer you to save/backup your login details on an external device, which I find hugely helpful. They also offer more organisations than FD did when I last looked at FD. Unfortunately, you can't import your FD details, so you'd have to start again from scratch.

    Support for ewise is very responsive - I mucked up my login once and they'd reset things for me within a day (I didn't have to re-enter all my data). They are also relatively quick with fixes if you report a problem to them.

    https://www.ewise.com.au/accunity/aa/home.asp
    • jogu
    • By jogu 4th Oct 17, 10:12 AM
    • 39 Posts
    • 27 Thanks
    jogu
    This phrase in the article is very misleading:

    "It's worth noting that until Open Banking comes into effect, some banks <..> say that you're liable for fraud on your account if you've shared your login details with anybody, including apps"
    This conflates two separate things. Even after OpenBanking comes into effect, you will still be liable for fraud if you've shared your login details with a third party or app.

    The key benefit of OpenBanking is that you can use apps like this WITHOUT giving away your login details. The signup process will involve a secure way for the account holder to allow the app access to the account transactions, which will be confirmed by the account holder using their login details to login to the account provider only. The app will also only be able to do what you have granted it permission to do - so in the case of this HSBC app, it will only have permission to read your transactions, and will not be able to send payments from your bank account. If you instead give away your login details, HSBC technically has the ability to make payments.

    (It's interesting that it looks like this new app will give me significantly better access to transactions in my HSBC accounts that the current HSBC app gives me!)
    • jogu
    • By jogu 4th Oct 17, 10:19 AM
    • 39 Posts
    • 27 Thanks
    jogu
    The important bit there is "as long as you do not give your security details to the service provider". A proper aggregation service will not give your security details to the provider but keep it instead in an encrypted file on your device. Nobody in their right mind would be using any service that actually passes the security details to the provider.
    Originally posted by colsten
    That's not really the important part. There's no real semantic different in the two scenarios you outline. You are trusting the aggregation service's word that the account details are encrypted and that they never send them to their service, and that they've sufficiently protected everything involved to stop any hackers accessing your security details - there's quite a few attack vectors.

    The important change with OpenBanking is that you no longer have to give your security details to anyone other than your bank. There is a new security process that allows you to securely authorise your bank to allow the third party to see your list of transactions (there will also be permissions you can grant so third party apps can initiate payments). Any access is clearly logged as to who it was made by, and within your internet banking portal you will be able to revoke any access you have granted to third parties.

    If anyone is interested in the technical details, the process is based on OAuth2, partially on OpenIDConnect, and partially on the OpenIDFoundation Financial API security standard. (Source: I'm a member of the working group for the latter and also working on a project for the OpenBanking Implementation Entity.)
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

105Posts Today

2,394Users online

Martin's Twitter