Why don’t banks use RSS?
This is something that occurred to me the other day…
RSS is becoming pretty big. There is RSS capabilities built into Vista. You can get RSS feeds for sports scores. CNN has RSS on news feeds. On Craigslist, you can do a search and get an RSS feed for the results. There are even sites where you can subscribe to an RSS feed for UPS package tracking.
So why does my bank not have an RSS feed?
I use Microsoft Money to daily download new transactions from my bank. It works great. But it isn’t supported everywhere. Wells Fargo supports it, but not Washington Mutual. Why? Because of all the licensing bull. The means by which they synchronize is totally proprietary. Money has its way, Quicken has its own way. Some banks support both, some support one and not the other, and others support them but not everywhere (like BofA, which supports Money everywhere but CA and two other states).
Why does it have to be so arcane? RSS is free! It is cropping up everywhere! It would not take a rocket scientist to implement it! Then everyone can enjoy it! Would no longer need to charge users $6/month to cover the ridiculous licensing fees. If you don’t want the extra bloat/baggage of Money/Quicken, you could subscribe to it in your RSS reader and be able to easily check new transactions each day. It would be wondrous.
Or take a service like Yodlee. With Yodlee, you can create an account and set it up to link up with all your bank accounts to get a central list of new transactions. It is used by a lot of companies. When Microsoft Money can’t connect directly to your bank, it often supports WebConnect through MSN Money, which uses Yodlee. Why can’t Yodlee support RSS? If they had RSS support, you could monitor all your bank accounts, regardless of whether or not your individual banks supported it. Wouldn’t that be beautiful?
Will it ever happen? Maybe I should bug Scott Hanselman about it. And now that I check his site (after writing this), I see a post of his from Monday I hadn’t read yet that looks surprising close to this. He also hints on a CardSpace implementation I’d love to see… managed cards from VISA, MasterCard, or AMEX (actually using a mock-up of that idea in my CardSpace presentation).
So the trick with doing RSS at Yodlee (and I assume the banks have the same issue) is how to authenticate the user. Since all that financial data is very VERY private and sensitive, the RSS feed has to be authenticated and there is no standard to do it.
ken
20 Sep 06 at 4:25pm
Heh, I blogged about this 2 years ago: http://jaysonknight.com/blog/archive/2004/10/26/499.aspx though Jordan nailed it…RSS is still in its infancy, though I’m sure it’ll get there sooner than later.
I didn’t even realize Yodlee was still around, I used them years and years ago before everyone hopped on the "view whatever you want" online craze.
ken
20 Sep 06 at 8:18pm
I know RSS is still fairly young, but is the issue of authentication that bad? Sure, financial institutions are big on security, but do they really have that much beyond SSL and maybe encrypted cookies? I mean, it is not like we don’t have the technology, language, knowledge, hardware, or whatever to figure it out.
I don’t mean it like "why don’t we have this already"… more like "why couldn’t we do this now." Authentication/security concerns could be solved. They’re not impossible.
The main concern I could see after writing it would be third parties retrieving the feeds. Like NewsGator/Bloglines retrieving feeds for you, and a concern over their privacy and security. Though I still think they are issues that are solvable.
ken
21 Sep 06 at 12:47pm
And regarding your post, Jayson, I think things have changed since 2004. RSS is "more mature" (though still young and just entering mainstream), but it is more prevalent. You mention it being a small percentage of sites traffic, but now, on my site, my feed accounts for my traffic (hits and bytes) than the whole rest of my site (may excluding images on my site, but pure content/page wise, it is more).
ken
21 Sep 06 at 12:49pm
Well, I’m working on it.
Just one clarification – there’s no "licensing" involved in talking to Quicken or Money. The banks talk OFX, an open standard (www.ofx.org) that you can download and implement yourself. You can search for "OFX" on my blog for examples. OFX was basically the world’s first Web Service from a Fat Client – in this case the fat clients were Quicken and Money.
Banks choose not to support OFX typically because they don’t think folks use Money and Quicken that much…and it’s true.
ken
21 Sep 06 at 2:59pm
If you use a local client (like NetNewsWire) then you can do authentication on the client and use cookies and/or basic authentication.
If you use an online aggregator like Google Reader/Bloglines, then they don’t support it. So there is no real way to do it. Google creates a huge unique URL to give unauthenticated access to your inbox or other RSS items, but no bank (and certainly not Yodlee) is going to provide a method to access financial information with only a URL.
Potentially online readers could add support for basic authentication, but there are new regulatory issues forcing banks to have online two-factor authentication in the near future that would break that methodology. The RSS or Atom specification teams need to figure out a generalized authentication method for it. To meet financial institution requirements, they also need to figure out how it will meet the two-factor requirements.
ken
22 Sep 06 at 12:18pm
Check out RSSBus (www.rssbus.com). It can allow you to convert OFX into RSS, or practically anything else into RSS, and the desktop version is free. Actually, I am trying to figure out how to create an integration into Community Server for RSSBus (see: http://communityserver.org/forums/ShowThread.aspx?PostID=549588#549588)
Full disclosure: I’m working on behalf of the vendor or RSSBus (/n software at http://www.nsoftware.com) to find people to develop connectors for RSSBus.
ken
24 Sep 06 at 11:05pm