USAA not interested in supporting OFX or Quicken users

dan222, I understand your concern regarding OFX downloads. I've shared your input regarding this matter to our team. Feedback is important to us to help us determine areas of opportunity and improvement. Thank you for taking the time to post. - Ben

The recent two factor password change has made my financial software

n early useless. I’ve been frustrated withQuicken’s interface with USAA,  and even after trying Personal Capital, the three pronged access (username, password, PIN) is incompatible with every program I’ve tried.  I don’t like USAA’s internal budget tool and would prefer to use better software.  I have to answer a USAA security question every time I log on to Personal Capital, and no one,serequires this for access.  Time to bring your IT department up to speed, USAA. 

Sorry to hear of the experience you are haivng and glad to forward your comments and feedback to our Voice of the Member so we can improve our member experience. - Joseph

Joe/USAA - why even bother responding to these when your actions over past three or four years illustrate you have zero interest in serving the needs of USAA customers who want real banking functionality?

 

USAA - decent at insurance - lousy at everything else.

 

Pass that along to your marketing department for me

@USAA, members have a right to access there data in secure manner and your restrictions to this are concerning. Also, I believe the cfpb has taken a stance on this exact issue. What is USAA methodology on not supporting this ?

batman23, With the amount of personal and identifiable information now available online and exposed through data breaches, traditional security mechanisms like passwords and security questions can no longer be relied upon as the sole source of protection. We are constantly improving in this area. This does, at times, cause difficulty with external money applications. These apps are reviewed to ensure our members information is kept secure before we allow access to account information. We can certainly submit your feedback and appreciate your post.  ~JM

I totaly get response, thats why CFPB labeled as secure method to access user data. I know there is alot of moving parts on this so one needs to support a secure method of being able to download or hopefully provide a better enhancements on banks end to enhance inhouse service. 

 

Now USAA does better than most on offering paycheck planner, budget and abilities to track moey. But you do have some bugs and dont have some items that others offer like personal capital.

Wow. What a frustrating response. Part of the problem here is that USAA seems to not disclose technical reasons for things not working, or the details of thier security implementations. So we have to just believe the answers provided because we don't know better. Well, I do know better so here's some insight.

 

First, there are more ways of implementing additional security than just 2FA. For instance, you could generate app-specific paswords that we could use with third party services to access OFX data without exposing the user's actual password. App-specific passwords can be revoked at any time to prevent a third-party service from having access to the account information in the event of a data breach at that service.

 

Second, you note that you are constantly improving in this area, yet it's clear from this thread that you are not. Security isn't just about blocking the wrong people from accessing data, but also effectively allowing the right people to access it. Otherwise, what's the point of allowing access at all?

 

Third, to the person who said the OFX file is invalid XML, it's not. The file format is valid SGML, which is the appropriate format for OFX version 1.0.2, which was released in 1997! This leads me to my next point.

 

Fourth, the reason so many people are having trouble with syncing is that USAA has completely failed to update its OFX and QFX file format with changes in the standard. As of this writing, the current version of OFX is 2.2 (which now uses XML), released in 2016. Many modern apps and services often don't support the older OFX format anymore. What's sad is that the latest OFX standard supports the OAuth standard for authentication, which would also aleviate much of the pain of getting other services and apps to connect to USAA. OAuth is the method used by Twitter, for instance, to let your Twitter app connect to your accout.

 

But even without the latest version, support for Multi-factor Authentication (MFA) was released in 2006. They even made it backwards compatible by releasing version 1.0.3 with just this one change. So USAA could have upgraded many years ago with very minimal effort on their part. That small upgrade would have no impact except to offer better security, and yet here we are.

 

I learned most of this because out of frustration I built my own app to automatically get my data from USAA. It was an eye-opening experience, especially in light of the comments by USSA about security. I have to send my actual USAA number and PIN number over the internet using thier poorly implemented security certificate in order to download the OFX file, which is far, far less secure than using OAuth.

 

Don't be fooled by the corporate speak about security and constant improvements. It's absolutely untrue, and I've had about enough of it.

 

Finally, instead of referring people to the IT department, which appears to be a dead end. Why not have an actual, knowledgable IT or web services person come to the forum and give us some actual answers about the problems we are experiencing and when we can expect them to be resolved. How about regular updates acknowleging that something isn't working so we don't spin our wheels calling USAA and contacting other third pary services for support – wasting our time? Just basic updates?!? Other companies do it, and so should you.

 

I challenge USAA to deliver a real response in which you:

 

1. Explain the current state of interoperability at USAA.

2. Provide a roadmap of planned improvements and updates to the current state.

3. Expected delivery dates on the planned improvements and updates.

 

Anything less than that in response, I will interpret as having no plan whatsoever, which, for me personally, will be point at which I find a new bank. I hope you are able to give a valid response to these issues.

 

 

 

 

 

 

@Shelton, I understand your frustrations regarding security and support for OFX users. Please allow me to engage a business expert who will review your concerns and conduct a follow-up with you. ~DC

Well, three weeks ago someone said they would engage an expert, guess they've had a hard time finding one...since 2015 when this thread started...this is insane.