Would you use a service like this?

Hi All,

One of the biggest hate-factors for both brokers and clients is the paperwork involved in getting a loan - getting statements for all your loans and screen shots to bring them up to date is a PITA, and there is a way to make it a bit easier but it involves using your netbank log-ins on a third party website.

It's all very secure and uses the same tech that the lenders do - I just wanted to gauge how likely you'd be to use something like this? Would the security be a concern for you?

 

Ok I voted before I read the OP and now the response is 'maybe'!
As you say the paperwork is so time consuming if I was sure the site was secure I would consider it.

 

No way I would use that service, just because of the perceived risk.
That's one more intermediary you have to trust and the consequences if they turn out to be dodgy can be so huge.

 

Just to clarify, how will using the login on a third party website make it easier? Wouldn't the login be on a website regardless?

 

You log in, click the accounts you want and it sends the last 6 months statements plus an internet listing to bring it up to date and sends them directly to me. Much less faffing about than doing it in real life. I'm sure lenders could easily make that functionality on their websites, but they don't!

 

This is something that I've looked into in the past, with account aggregation services like Mint, Pocketbook and YNAB using similar technology.

The answer should be 'it depends'. In many cases the financial institutions terms and conditions will explicitly state that you are not to hand out your credentials to third parties, and may be liable for any loss incurred as a result (i.e. if money is stolen from your account, they may not replace it).

The solution is for financial institutions to provide a 'read only' access pin to your account, which can be given to financial advisor's, account aggregation services and mortgage brokers as you've proposed.

Some banks have already adopted the 'read only' concept, others still actively discourage third party access because it creates additional load on their servers as the 'bots' crawl the user accounts.

Pat.

 

That makes sense. But it won't really take much longer to login on the bank website and download the statements to then email.

As this is part of the process and up-to the client to provide the information, you could offer that service as an option. That way it is available should the client wish to use it or not.

 

Also a maybe. Just sent my info today with a human on board. I like the convenience but for 15 min work and no security worries I'm happy to diy.

 

Is this a free service?
Or what are he charges?
Marg

 

I believe this would be breaching the banks' terms and conditions; and as such any losses incurred will be the responsibility of the users

 

From what I've heard this is something Veda is looking to bring out - I am sure they have seeked approval from the banks before deciding to pursue this new technology

 

I even give the banks the third degree if they call unsolicited.

 

Nah. I'd just download the required statements myself.

 

It's free to the user, I'd have to pay for it. It's actually not that much, and from my end would save a lot of back and forward, trying to get people to not send me sceenshots from their phones

I'm certain this website could not exist without the approval of the banks. It would be hacking in broad daylight otherwise.

 

FYI, Banks and fintechs at war over password sharing | smh.com.au

 

Having implemented point of sale systems in the past, I had to decide whether to store customer's credit card details on our system or not. One quick glance at the PCI-DSS compliance requirements made that decision very easy: hell no. As a result my software controls every part of the sale up until the point where the terminal asks for the card swipe/insert/tap, and then I hand control over to the merchant provider's gateway. I never see the credit card details

Access to a customer's entire online banking with account numbers, statements etc would have a HUGE compliance requirement for your business. Not just stuff about software security, but also staff security and regular audits.

If there's a third party that handles this (and holds your customers' login details) and you just subscribe to their service, then that likely alleviates you of the complaince reqs but doesn't change the fact that customers have placed their trust in you by handing out their login.

A more elegant solution would be for banks themselves to implement a feature whereby a customer can nominate what info to share with broker ID ###, which gives the broker access without needing to know the customer's login.

 

trouble is, banks make sharing, or getting this information difficult on purpose. So much so for many clients they have to either call the bank, or go into a branch to get a printed statement to within 30days. at which point the teller refers them to the branch lender to do the loan.

 

How hard is it for a client to log on and send the statements themselves? Signing up to such a service would take longer than sending the statements. Generally statements are only needed for the loans being refinanced too so not such a burden.

What about all the other documents needed - rental statements, payslips etc?

 

What accountability would a site like this have?
The bank's spend big bucks on encryption technology and also have big cash reserves to reimburse against fraud etc.

How would a startup like this offer such assurances?

 

Nope. No way. No how.

What sort of security do they have? Is the password salted? What algorithm are they using etc...etc...techie stuff.....etc...

This third party site will be attacked constantly by dudes who really know what they are doing.

The risk (High) vs time saved (a little) makes this a no brainier.