Yodlee and the security of bank feeds
PocketSmith uses a service called Yodlee to provide bank feeds within PocketSmith. This article provides some further information about the bank feeds provided by Yodlee and their security.
In this article
Why PocketSmith uses Yodlee for bank feeds
We've chosen Yodlee because we trust that their bank feeds are the safest and most reliable method of providing automated transaction imports into PocketSmith.
There are two ways software can access transactions from banks. Direct feeds and third-party bank feeds. Direct feeds exist where a bank has a relationship with the software provider, whereas third-party bank feeds are connected via bank feed providers like Yodlee.
We'd love to connect to banks directly, however, the overwhelming majority of banks don't offer this as an option. Thankfully, bank feed providers developed their own technology to connect to banks and download transactions on behalf of the customer. This allows them to provide connections to a wide range of banks. Thanks to Yodlee, PocketSmith can connect to over 12,000 banks and institutions worldwide!
Yodlee is the industry leader in account aggregation services. Founded in 1999, the US company provides digital financial solutions for over 20 million paid users and over 850 financial institutions and financial technology innovators, including Xero, Billguard and Personal Capital. 11 of the 20 largest U.S. banks trust and use Yodlee for their services.
Yodlee has experienced no known breaches to date, and we place our own trust in them and their practices. PocketSmith employees use bank feeds to sync up their personal PocketSmith accounts.
You can learn more on the Yodlee website.
Expectations of our bank feed service
We are confident in our bank feed provider Yodlee to provide a reliable service connecting to bank feeds and importing transactions! However - due to the nature of using a bank feed aggregator (as opposed to direct feeds with the bank, which are not possible in most cases) to import our users' transactions into PocketSmith - on occasion we experience issues with bank feed connections or imported transactions.
In most cases, we are able to open an investigation with Yodlee to identify and resolve any bank feed problems. However, because we can not guarantee that bank feeds will work perfectly 100% of the time, we do recommend that users compare transactions with their online banking as a way to ensure, or identify, whether their transactions have been imported correctly. We are happy to assist with this process, but it’s important that anyone who is using the PocketSmith software is informed that issues beyond our control do occur with bank feeds.
Once we open an investigation with Yodlee, we are not given a timeframe from them as to how long they’ll take to resolve the issue. Many issues can be solved within a few days, however, more complicated issues can take many weeks! Where possible, we will keep our users informed with any information about the progress of the investigation.
Sometimes bank feed problems are user account-specific. This means, that the issue is not related to a known current bank feed issues, and, unfortunately, we can’t know when one-off incidences of this type will occur. When these incidences are brought to our attention, we take action by providing Yodlee with as much information as possible and keeping users informed.
Connected bank feeds are read-only
PocketSmith's bank feeds are completely read-only. It is not possible for PocketSmith to transfer, move, or do anything else with your bank accounts aside from
Where are my login details stored?
Your login details are passed securely to Yodlee, and not stored by PocketSmith. These details are used by Yodlee for one sole purpose, which is to fetch your transactions direct from your banking site.
This is an excerpt from an interview that describes how they handle login details:
Users input their credentials and we never actually see it. And people like Xero never actually see it. They enter it into an interface and when they hit send it gets encrypted and separated from that point. It’s hashed all the way back through the hardware. It’s not just software encryption, it’s all the way down into the boxes themselves.
We store you as a user with a Yodlee ID. You have a password and a credential that is hashed and exists somewhere else and is matched to your user ID, and then your transaction and financial data they sit somewhere else encrypted all the way through to the hardware.
My bank's Terms and Conditions
The biggest difference between direct feeds and third-party bank feeds is that the latter may require that you enter your online banking credentials for the service to retrieve your data. PocketSmith does not store your credentials, nobody can move your money using PocketSmith, and both PocketSmith and Yodlee use bank-level security to protect your data.
Different banks have different stances on the use of third-party bank feeds, which is why the user needs to make an informed decision about whether bank feeds are right for them. This is why the choice to use bank feeds is up to you, and we also offer an alternative for importing your transactions with bank files.
Is PocketSmith able to guarantee me against losses caused by any bank feed data breach?
Your use of bank feeds is at your sole risk. We are not in a position to offer our users any guarantees with respect to bank feeds, just as Yodlee aren't able to provide us any guarantees.
If you're not ready to use the bank feeds, PocketSmith provides the ability to securely upload your bank files without needing to enter your online banking data. Learn more about how to use bank files in the following article: Bank files