1. Home
  2. Quicken Personal Finance
  3. Empower FCU Members that use Quicken

Empower FCU Members that use Quicken

I have filed a complaint with the NCUA against Empower FCU and filed a fraud report with Intuit that concerns the record format Empower uses and the potential data mining of our online accounts.

If you use Quicken *and* have multiple accounts of the same type (e.g.. MasterCard, IRA / CD same type account numbers) you may have noted that the transactions from one of the same type accounts ends up in the wrong Quicken account.

I have spent several months working with Empower on this and other issues and helped train the Director of eBanking on how to setup and use Quicken so they could duplicate the problems. The problem is that the header information in the downloaded records no longer contains a UserID and Quicken can no longer distinguish between user accounts as before.

Prior to the conversion to the new site and internet banking system, the Quicken records downloaded all included the UserID + AcctID in the records but now only have the AcctID. Quicken can use that and properly assign the transactions when there is only one of those types in your account. With multiple same type accounts, Quicken will put all the transaction in the first account it finds that matches the AcctID. That makes your record keeping about useless for reconciling your accounts.

This can be verified by those savvy enough to know how to download the QFX file from the web site and save it. Then open it with a text editor (NotePad works fine) and look for the AcctID entry. You will note that no where in the record is your Empower UserID.

Long story short. Empower staff have duplicated the problems and they are documented but they refuse to correct the problems they created saying that only users with multiple same type accounts (like two MasterCards) will have the problem. So out of 97,000 members, I would guess there are a few thousand members using Quicken and have more than one same type account.

I have worked with them for several months now and they did not have the technical expertise to address these problems. They readily pushed the problems off as Quicken problems and not theirs. The format and content of the downloaded files are the responsibility of the financial institution and that is posted on Quicken's web site. This is a server-side problem and not client-side.

The second issue that resulted in the fraud complaint is because my accounts are constantly being accessed by a Firefox ver 3.0 browser. Empower states it's from a Quicken server but Quicken denies that. I have had Quicken tech support remotely connect to my computer to verify my setup and have shown them the log files showing the unauthorized access. Quicken Tech Support said to file the fraud report.

Yes, very aware of the Express Web Connect, Web Connect and Manual downloads and One Step Updates. My background is in computers and communication systems and I'm leaving out many details here for the sake of brevity.

Empower has been aware of these problems but has failed to take any corrective action to date and they now have 60 days to respond to NCUA. From their responses so far, I can only assume they will drag this out to the last day.

The above is a very simplified synopsis of several months of troubleshooting, explaining in detail to their non-technical staff on how to test and understand the problems noted. I have a laundry list of additional problems but keeping it confined here to a couple of the most issues.

A number of emails have been sent to the CEO (John Wakefield) and to their Director of eBanking and by their own admissions, the technical details are not fully understood. From what I've experienced over the past 6 months, no one at Empower has the expertise to properly address the problems and therefore cannot fully explain them to their (outsourced) vendors.

If you use the internet banking at Empower FCU you are well aware of the site problems that are still persisting even after 6 months. And if you had any investments with their subsidiary EAS last year during the conversion from LPL to CUSO/SEI, you most likely are aware of the disaster that turned out to be. Took weeks before my accounts were straightened out. I moved my investments accounts after that.

Empower apparently did not learn from that conversion that they do not possess the in-house experience, technical expertise or management capability to implement and manage complex projects. And apparently do not intend to do so. I continue to offer my assistance but it has taken filing a complaint to the NCUA in order to get their attention.

If you are experiencing any of the above issues or have found others that cause you concern, I would encourage you to notify the CEO, Mr. John Wakefield either via the Empower web site (Email the CEO) or directly at snipped-for-privacy@empowerfcu.com. He is the one responsible for ensuring that they have the technical expertise, training, tools and the resources needed to make these projects a success. He is also answerable to the members of Empower FCU.

It would be the easy way out to move my accounts to another bank but we have been members since 1977 and it's only been the past two years that we've had any problems at all. I'd rather help make them aware of the issues so they can be resolved for the benefit of all - even us in the minority now...

Bob S.

Reply to
Bob
Loading thread data ...

Had phone call from the CEO today and they will fix the duplicate type account ID's by giving my accounts different numbers than my wife's accounts. That will also fix that problem. They feel that by including a user ID in the downloaded files is now a security issue. Okay, but for the past 10 years it was included.

As for the security issue and unauthorized access. The CEO had his IT person verify that the logged access was coming from an address that supposedly comes from an Intuit server farm. That is an aggregate IP address meaning there are probably hundreds of servers behind that address.

I logged into my Empower online account using a spoofed IP address just to show him, that what gets logged is easy to forge and is an often used method to hide who you are and where you're from. It's also a way to mask your location when doing a man-in-the-middle type intrusion that hackers use. That was just a jab to show him that there's a lot of smoke 'n mirrors on the internet and even their system can be fooled.

At any rate, he is having his IT Security person contact me to work this out. Need to get them to contact Intuit to ask why they are accessing my accounts when they have never been given authorization. Until that is resolved, I will only perform manual downloads so I don't have to plug in my password in order to have Quicken do a an Express Web Connect (One Step Update).

And... it appears now that out of 98,000 members, that only approximately

500 of us use Quicken. Sure is a far cry from the "thousands" I was told earlier and the rationale they based on those thousands not changing the record format. He realized I was given some wrong info and apologized that this whole matter should have never been handled the way it was.

That complaint to the NCUA was the only way I was able to get their focus on these problems. To be sure, there are others that need attention but this is a start.

Bob S.

left out original post for brevity. Since no one made any comments, I doubt anyone really cares but hey... there it is.

Reply to
Bob

"Bob" wrote

At any rate, he is having his IT Security person contact me to work this out. Need to get them to contact Intuit to ask why they are accessing my accounts when they have never been given authorization.

----------------------------------------------------

If you use Express Web Connect or the mobile app, you have given Quicken (Quicken's servers) permission to access your accounts ... basically once every 24 hours and usually in the wee hours of the morning.

Reply to
John Pollard

That doesn't surprise me and explains why many financial institutions are dropping support for Quicken. Why should they pay what I epxect are rather large license fees to Intuit for something that benefits 1/2 of 1% of their customers? Really can't believe the decline of the home desktop computer.

Reply to
Arthur Conan Doyle

"Bob" wrote

At any rate, he is having his IT Security person contact me to work this out. Need to get them to contact Intuit to ask why they are accessing my accounts when they have never been given authorization.

----------------------------------------------------

If you use Express Web Connect or the mobile app, you have given Quicken (Quicken's servers) permission to access your accounts ... basically once every 24 hours and usually in the wee hours of the morning.

John,

That may be a correct statement but neither I nor Quicken Tech support (take that with a grain of salt...) could find any setting or any wording that would trigger Quickens servers to access my account. I was using Express Web Connect, and it would connect when I initiated the One Step Update process.

But why is it accessing my accounts daily? I have *nothing* to sync with, do not use any Mobile Apps and Quicken is not a cloud based service. They went through the whole setup, viewed the online log that shows the access (at the CU) and said, file a fraud report.

Bob S.

Reply to
Bob

"Bob" wrote

John,

That may be a correct statement but neither I nor Quicken Tech support (take that with a grain of salt...) could find any setting or any wording that would trigger Quickens servers to access my account. I was using Express Web Connect, and it would connect when I initiated the One Step Update process.

But why is it accessing my accounts daily? I have *nothing* to sync with, do not use any Mobile Apps and Quicken is not a cloud based service. They went through the whole setup, viewed the online log that shows the access (at the CU) and said, file a fraud report.

------------------------------------------------------

I'm not sure I understand your concern or your analysis.

Express Web Connect downloads do not have any direct involvement from the financial institution. Pretty much the only part the financial institution plays is to allow Quicken to access their web site during non-business hours.

Quicken servers use scripts to screen scrape your data from your financial institution generally once every 24 hours and store that data on Quicken's servers. When you do a One Step Update, Quicken on your pc gets your data from the Quicken servers where it is stored.

Reply to
John Pollard

"Bob" wrote

John,

That may be a correct statement but neither I nor Quicken Tech support (take that with a grain of salt...) could find any setting or any wording that would trigger Quickens servers to access my account. I was using Express Web Connect, and it would connect when I initiated the One Step Update process.

But why is it accessing my accounts daily? I have *nothing* to sync with, do not use any Mobile Apps and Quicken is not a cloud based service. They went through the whole setup, viewed the online log that shows the access (at the CU) and said, file a fraud report.

------------------------------------------------------

I'm not sure I understand your concern or your analysis.

Express Web Connect downloads do not have any direct involvement from the financial institution. Pretty much the only part the financial institution plays is to allow Quicken to access their web site during non-business hours.

Quicken servers use scripts to screen scrape your data from your financial institution generally once every 24 hours and store that data on Quicken's servers. When you do a One Step Update, Quicken on your pc gets your data from the Quicken servers where it is stored.

.............................................................

When Express Web Connect is used with One Step Update, it goes directly to the credit union site and signs in automatically then downloads all the records that I have set to use Express Web Connect.

Your description of how it screens scrapes during off hours and puts it on their servers for use later is correct - provided you have it setup for syncing. Mine does not update from the Quicken servers - it is done from the credit union and the logs reflect that and I see it happening. And that is proper operation when you authorize it that way but when you deactivate the accounts - it should stop the accessing of the accounts. It doesn't and that is a problem.

If I uninstall Quicken (and I have done this test) and not change my password at the credit union, Quicken servers continue to data mine my accounts as shown by the credit unions logs. Only way to stop it is to change my password. Have not found a way to tell Quicken to stop accessing my accounts and neither has Quicken tech support nor the credit union.

And of course, no response from Intuit on the fraud report I filed. Maybe a class action will get their attention..

Bob S.

Reply to
Bob

"Bob" wrote .............................................................

When Express Web Connect is used with One Step Update, it goes directly to the credit union site and signs in automatically then downloads all the records that I have set to use Express Web Connect.

Your description of how it screens scrapes during off hours and puts it on their servers for use later is correct - provided you have it setup for syncing. Mine does not update from the Quicken servers - it is done from the credit union and the logs reflect that and I see it happening. And that is proper operation when you authorize it that way but when you deactivate the accounts - it should stop the accessing of the accounts. It doesn't and that is a problem.

If I uninstall Quicken (and I have done this test) and not change my password at the credit union, Quicken servers continue to data mine my accounts as shown by the credit unions logs. Only way to stop it is to change my password. Have not found a way to tell Quicken to stop accessing my accounts and neither has Quicken tech support nor the credit union.

--------------------------------------------------------------------

You have no control over Express Web Connect "syncing" (as in: "provided you have it setup for syncing"), as you confirm when you say, "If I uninstall Quicken (and I have done this test) and not change my password at the credit union, Quicken servers continue to data mine my accounts as shown by the credit unions logs".

That's not news to anyone who knows how Express Web Connect works. Once you activate a Quicken account for Express Web Connect, the Quicken servers will continue to screen scrape data from your financial institution until you deactivate that account. There is no special "setup" for Express Web Connect that allows/disallows the overnight screen scraping process.

I have been attempting to address your original beef that you had not given Quicken permission to access your financial institution, I don't understand where you're now taking the discussion. When you activate the account for Express Web Connect, you are giving Quicken permission to access your financial institution.

You now say, "when you deactivate the accounts - it should stop the accessing of the accounts. It doesn't and that is a problem".

That's not how it is intended to work and that's not how it works for virtually everyone else - and it wasn't mentioned in the text I originally read and the portion I quoted to begin my comments on the subject of EWC and authorizing access to your financial institution. [I believe there are situations where a user may create the condition you describe, but they are largely infrequent outliers and they involved users not taking the proper steps. In any event, it has nothing to do with whether permission was given to Quicken to access your financial institution.]

Ascribing your uncommon personal experience to nefarious behavior on the part of others is not warranted.

And you can (as you note) change your password to prevent Quicken from being able to access your accounts (I would probably change my user-id).

Reply to
John Pollard

"Bob" wrote When Express Web Connect is used with One Step Update, it goes directly to the credit union site and signs in automatically then downloads all the records that I have set to use Express Web Connect.

-------------------------------------------------------------------

I forgot to mention: that is known as "backdoor Web Connect". It is only possible when the financial institution also offers Web Connect downloads, and when the financial institution agrees to make it possible for Quicken to logon and initiate a Web Connect download. The user has no control over whether that backdoor Web Connect can be used - it's between the financial institution and Quicken.

I believe backdoor Web Connect is uncommon - and there is no way for the typical user to know whether it is available with their financial institution.

In any event, it doesn't alter the fact that you have authorized Quicken to access your financial institution.

Reply to
John Pollard

"When Express Web Connect is used with One Step Update, it goes directly to the credit union site and signs in automatically then downloads all the records that I have set to use Express Web Connect. "

SIMPLY WRONG. What you're calling EWC is, in reality, Direct Connect. EWC consists of Q servers logging into your FI, overnight, and collecting the info available. It's stored on Q's servers until you initiate an OSU.

Reply to
danbrown

This article from Intuit might shed some light:

formatting link

Reply to
Arthur Conan Doyle

BeanSmart website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.