Security a concern over bank account software

IF REKEYING bank statements makes accountants groan in anguish, a new technology could make them sigh in relief. Software company Xero is providing links to bank and credit card transactions freeing the accountant from data entry work.

In January, Xero offered its customers that use HSBC accounts transaction data to allow them real-time information. Recently, the company added a further 55 financial institutions in the UK to its service, including, RBS, Lloyds TSB and HBoS. Xero plans to provide bank and credit card transaction data from about 80 financial institutions by the first quarter of 2011 as part of its standard package. The company will provide the feeds at no extra cost globally next year.

The technology has been used in the US for almost ten years, however, this is the first time it will be available in the UK.

Traditionally accountants rekeyed bank information into software or downloaded data and imported it. But experts have backed this new functionality which they believe could help accountants gain a better understanding of a client’s financial information. It could also aid them in offering clients clearer advice on the financial health of an organisation.

An independent technology analyst said by having this technology accountants could provide quarterly VAT returns rather than the traditional annual ones.

However, some experts in the industry question the security of around the way in which the third party supplier, used for the Xero software, obtains the financial information.

Xero uses US technology business Yodlee to provide the bank feeds. To obtain these Yodlee must acquire password information. Using login data it accesses the bank account or credit card transaction information and transfers it to the Xero software.

Though Xero and Yodlee have obtained the backing of experts, the question raised is what happens if there is a breach of security?

Banks take no responsibility if login information is passed to a third party. Yodlee has a similar clause in its contract. The prospect of no-one taking responsibility for money could leave some accountants in a cold sweat, should security be breached.

Xero UK MD Gary Turner agrees these security concerns are “in essence” correct. Turner believes there is a “disconnect” between what banks tell customers and what it is doing. A local bank manager may tell clients they should never give out passwords. However, banks use software such as Yodlee to access information, and is therefore handing out password information in practice. He said this confusion of responsibility is something the banking community needs to clarify, and soon.

Both Xero and Yodlee have so far avoided any security leaks. Both companies have heavily invested in firewalls and internet security to mitigate the risk of security breaches. According to independent technology reviewer, Dennis Keeling, founder of SoftComparison.com, the firewalls at these companies are “incredible” and have secure and multiple levels of security.

Xero said it was comforted by the fact Yodlee is already used by larger
organisations. Having established itself more than ten years ago, Yodlee is already used by 42 of the top 50 banks in the US including, Bank of America and American Express.

Keeling believes if there is a “sniff of competition” other vendors will start to follow suit and there could be larger vendors offering the same service in the future.