New Feature: the Wesabe Automatic Uploader

by

I’m very happy to announce the release of the Wesabe Automatic Uploader, a new way to keep your accounts updated on Wesabe simply and easily:

creds

As I mentioned in February, many of our members have asked for a way to keep their accounts up to date on Wesabe without having to download a client application, and without having to manually upload. We hear again and again from people that they love how we offer them tools that get them set up without having to give their bank passwords to a startup company — but that after using and coming to trust the site, they want a higher level of convenience. The new Wesabe Automatic Uploader means that for all covered accounts — including nearly 90% of the accounts on our site, and more and more all the time — you can enter your credentials once and then never have to deal with uploading again. The whole process takes under two minutes to set up, and works great.

We’re very happy to be able to make updating your accounts easier, since of course Wesabe aims to be the easiest to use, most powerful, and importantly, the most effective tool for getting the most from your money. But more than that, I’m also very happy that we have been able to build the best and most secure option for automatic updates. Unlike our competitors, we do not give your credentials to a third-party data middleman service — instead of having your data thrown around by a set of companies, with Wesabe your data stays just between you, your bank, and our site. Unlike our competitors, we don’t have to wait for a vendor to fix their code when something breaks. And unlike our competitors, we do not rely on fragile and unreliable “screen scraping” methods. Instead, we’ve built data import tools from scratch that allow us to support far more banks, credit unions, and credit cards, and do so much more efficiently. We believe our approach offers more flexibility, reliability, security, and privacy, than any other option you have. It also allows us to offer our Data Bill of Rights, which gives you full control of the ownership of your data, and our open API, which allows you full access to your data stored on Wesabe.

result

Not all accounts are supported, yet (Tanc, I hear you!), but we’re working on adding more accounts all the time. For those accounts that aren’t yet in the system, or for those people who do not want to use the Automatic Uploader, we are continuing to support our Firefox, Desktop, and Manual Uploaders indefinitely. We know that these tools allow people around the world, and with accounts at smaller banks and credit unions, to enjoy automated updates, and to keep control of their credentials where they want them. As long as people want them, we are not in any way removing these options.

promptTo get started with the Automatic Uploader, sign into Wesabe and you’ll see an “Auto Upload Available” link for all your accounts that are currently supported. Click that link and you’ll be led through the two-step process to enable your account. Or, click “Add an Account” for any new account you want to upload to Wesabe, and you’ll be prompted for your credentials if the account is supported.

Congratulations to Brian, Jeff, Andre, Sam, and Tim for all their work on this great release. The design of the feature and its simplicity are unmatched, and its great to be able to offer the ease of use we know people want. Let us know what you think!

14 Responses to “New Feature: the Wesabe Automatic Uploader”

  1. wesabe automatic uploader — award tour Says:

    […] Wesabe Automatic Uploader. i set it up today. that’s right, i gave them my bank password. much nicer since i use safari over firefox. […]

  2. Tanc Says:

    Haha! I got extremely excited when I saw the title of this post so I quickly rushed over to Wesabe and logged in, scanned the page and didn’t see anything new. So I checked back on this blog post and noticed you had mentioned me! LOL, I guess that means of all your users I must be one of the most nagging and vocal!

    Anyway, I won’t hassle you, other than to say I’m really interested in this new feature and can’t wait to see it implemented on other (my) accounts. Congratulations Marc and the team, your web application is getting better all the time.

  3. jdm Says:

    I always held Wesabe as a good example of a decent service offered without falling into the trap of asking users to enter credentials which get stored server-side from other services.

    I can see why some users will like this but the ultimate effect is that you are cheapening (and you’re certainly not the only ones guilty of this – Facebook et al) the value of credentials. In effect saying, it’s fine for you to enter your bank credentials on any site, they’ll be fine. As long as the site says ‘we take security very seriously etc etc’

    ‘Super ninja security’ or not, the upshot is that IF Wesabe were to have a security issue it’s not Wesabe that carries the liability. Where is the customer left after any sort of fraud when the bank asks whether they gave their credentials out to anyone else. Doesn’t put them in a particularly great position.

    You can’t please everyone and this is something that’s been asked for but I do think it’s a shame you’ve chosen this path.

  4. travis Says:

    jdm, while I understand your concerns, I disagree that this is cheapening the value of credentials. You said it yourself “it’s not Wesabe that carries the liability.” Users have to decide for themselves what services, websites, or people they can trust, and in an age where credentials are simple to forge and honesty is difficult to place, there’s no amount of “official” protection that will keep users safe any more than their own ability to discern the legitimate from the risks throughout both the Web and their day-to-day interactions.

    Wesabe is providing a service that many users, myself included, have eagerly anticipated for quite some time. It’s not integral to other uses of the site, and is entirely optional. I can’t hold the creators and staff of the company under a moral microscope when liability for the end result of their financial transactions lies solely with account holders.

  5. Chris Messina Says:

    This seems the ideal use case for OAuth between Wesabe and third parties… I bet banks probably haven’t heard much about OAuth, but have you guys done any work to talk these companies about moving to delegated token-based authorization to avoid the need to use, as you pointed out, your actual bank credentials when performing such transactions?

  6. Marc Hedlund Says:

    Hey, all,

    I definitely agree that the general practice of sharing passwords between services is not the right model for users. That’s why we offered our uploaders in the first place, and that’s why we’re committed to continuing support for them. I also would say that the comment from travis above is very representative of what we hear from people — that they get more value from Wesabe when the process is as easy as possible. We don’t want anyone to feel that they have to compromise ease of use to use our site to manage their money — the whole point is to make things easier all around. So for the users who want auto uploading, I think this feature is a huge benefit.

    Chris, thanks much for the comment. As you know (but others might not), we participated in OAuth’s development and we completely agree this is the right model. I haven’t been very public about this, but I’ve been pitching OAuth to all of the biggest banks in the US, with the message that it is better for them and their customers. I’ve gotten very surprisingly positive responses all around. I think at first many banks saw companies like Yodlee as a threat, and tried to lock them out, but more recently, what we see is banks responding positively to the work we’re doing. I don’t know what will come of my efforts to pitch OAuth, but I’ll certainly keep trying.

  7. Chris Messina Says:

    Thanks Marc — I agree that convenience is key. I also figured that it was only a matter of time before you started storing user credentials on your end — with competition from Mint (who dispensed with the whole password problem by accepting any credentials whatsoever!) you have to keep up with that kind of straightforwardness even if teaches people the wrong behavior. The fact that the industry hasn’t sorted this out yet is a huge opportunity, and I’m happy to hear that you’re continuing to promote OAuth.

    I was thrilled to have your participation in the initial work on the OAuth spec and would love to support your work with banks and financial institutions however I can. It really is better for everyone to move in this direction; with choice comes competition, and with competition comes improved service and motivation to serve better. That’s something that I think needs to be considered when putting the idea of data interop and portability into perspective.

  8. Ade Says:

    Hi Marc,

    Are ANY UK banks serviced by way of the new Auto Uploader? If so, which? If not, why not?

    I know the only bank listed in the UK version of M$ Money is Nationwide. Is this also the case for Wesabe?

  9. Marc Hedlund Says:

    Hey, Ade,

    We’ve been going from the most-used banks down, and so far we haven’t reached UK banks, so no. If you want automated upload from a UK bank, I’d highly recommend our Firefox extension for now:

    https://www.wesabe.com/page/firefox

    You can use it to record a download once and play it back every six hours from then on. It doesn’t work with every bank, but it does work with nearly every one, and we have many UK users happy with it.

    We will definitely get to automating UK banks — not sure when, but it’s our third-biggest constituency (after US and Canada), so it’s sure to happen.

  10. Matt Ellis Says:

    Hi folks. Interesting comments. Just a quick question about OAuth, though. As I understand it, OAuth gives delegated login via browser redirection. In other words, the customer needs to be present to enter their credentials at the authenticating site (the bank). How do you imagine this to work with the automatic uploader?

    Cheers
    Matt

  11. Marc Hedlund Says:

    Hi, Matt,

    We actually already use something like OAuth (specifically, Google’s AuthSub) for our Google Spreadsheet Export feature. You can see a video of how it works here:

    I think that, were banks to support OAuth or something similar, a very similar process would work well.

  12. Matt Ellis Says:

    Ah yes. I’ve just watched the video, and re-read the OAuth specs. It had never occurred to me to simply save the returned token and secret, and reuse them later, server side. It would require a long lived token (unusual for a bank – why I hadn’t thought of it!), but that can be mitigated – if we know the consumer key, we can limit access to only those APIs that make sense for that consumer.

    That said, we’d still want to expire the token after, say, a month. And that would require the user to re-authenticate.

    Thanks
    Matt

  13. Michael G Says:

    How about something for us excel lovers? Personally, I’d like to be able to download a csv file from my bank, quickly tag and then upload to wesabe. A few good reasons why – I need to do this anyway to keep my taxes organized. And it would also alleviate any lingering security concerns from fellow paranoids since wesabe would only have transactions, not account info…..

  14. New Feature: the new Tips tab — the Wesabe Value Engine « Wesabe: Your Money. Your Community. Says:

    […] Your Money. Your Community. The Wesabe blog « New Feature: the Wesabe Automatic Uploader News about Jason and Wesabe […]

Comments are closed.


%d bloggers like this: