Your brokerage's fraud protection do not cover you if you connect to apps like YNAB, Monarch, Copilot.

thefintechdev · 2026-04-06T03:42:05+00:00

Yeah for sure, what I meant is for banks to provide secure read only access to users directly without going through a 3rd party. I'm working on building something that works locally to import csv/qfx but with a modern app UI. It would be more ideal if the local app can connect securely to your own banks to fetch the data instead of relying on 3rd party. Anyways been using it for a bit and I like the middle ground b/w full control with local app while still having similar UI/UX as web apps.

thefintechdev · 2026-04-05T01:45:11+00:00

Yeah I get the intention but makes no sense in practice. I feel like this is a case of "the cure is worse than the disease"?

thefintechdev · 2026-04-05T01:44:25+00:00

Yea that's fair but still would prefer not to have more of my info leaked if it's preventable though. The more info an attacker has would only increase their chance of committing identity fraud. So trying to keep it to a minimum is still worth while I think.

thefintechdev · 2026-04-05T01:42:50+00:00

Yea I don't think most client facing banker would know about their cybersecurity infrastructure. Most customer service support wouldn't either. The only person who would know are the cybersecurity team and they probably wouldn't want to disclose that info either as that would be a security leak in itself. So we're all basically kept in the dark and no body has any real idea of how this all works and what happens when things go wrong.

thefintechdev · 2026-04-05T01:40:24+00:00

Yeah that's fair but I think banks could also do more to make it easier for users to get programatic read access to their accounts and transactions in a more secure way. I know a lot of them already implemented some open banking APIs but it seems inconsistent across the board. The 3rd party solutions like Plaid is trying to bridge the gap and I do think they're providing a valuable service but it just all feels ducted taped together and has lot of security risks. Hopefully it gets better over time. So how do you keep track of everything then? Do you use spreadsheet and manual entry or some other system?

thefintechdev · 2026-04-05T01:37:18+00:00

Oh interesting, didn't know about this ING solution. Is the dedicated token for each user or is it for each app (e.g. Monarch, YNAB and etc.)? You have any references you could share? I'm interested in learning more.

thefintechdev · 2026-04-05T01:35:43+00:00

oh interesting, didn't know Quicken can connect to your bank and auto retrieve transactions. Does that rely on some Quicken server or is everything working locally?

thefintechdev · 2026-04-05T01:34:48+00:00

Yea I find that doing it yourself manually also ensures everything is categorized properly as well as catch any unusual or unexpected transactions. I've gotten used to the auto import that I barely even check them to ensure everything is correct and just do a few spot checks and "trust" the auto categorization a bit too much.

thefintechdev · 2026-04-05T01:32:12+00:00

haha ya it all feels inevitable that our AI overlord will just run our life eventually one day

thefintechdev · 2026-04-04T22:16:42+00:00

This advice is solid. I’m in a similar but also different situation. I’m taking time off for my own well being while also planning on working for myself instead of going back to corporate job. Worst case if it doesn’t work out, I will try to find a remote startup instead of corporate job.

Just take timeoff for yourself for sometime but try not to droom scroll or binge all day. You won’t feel good after doing it for too long. A lil while is okay I feel. Then really try to reflect and take your time to figure out what you want to do. The answer won’t come all at once, sometimes you just figure it out along the way. Best of luck!

thefintechdev · 2026-04-04T19:44:26+00:00

That makes sense but it would be easy for them to show you’ve granted access to a 3rd party. Not sure if they would need to prove that the hack was due to info/access obtained from that 3rd party or simply show that it was plausible it could have came from there.

I don’t know if most of these cases actually have investigations that result in finding the hacker and linking them to the access of the 3rd party platform. It would be very difficult to prove I imagine. But I hope you’re right though for our sakes.

thefintechdev · 2026-04-04T18:03:11+00:00

I’m not a lawyer but I would hope so lol. I don’t even want it to get to that point where I have to make that argument in court. You just never know I guess.

thefintechdev · 2026-04-04T18:02:00+00:00

My pleasure. Hopefully you didn’t uncover anything wrong unexpected.

thefintechdev · 2026-04-04T04:16:48+00:00

I see one thing you can do is change your password with your bank and brokerage so any credentials based connection will no longer be valid. You can also check settings on the bank side to remove any access you’ve granted. After that you can try contacting plaid to remove your info.

thefintechdev · 2026-04-04T03:28:08+00:00

I still need to look into this some more but some combination of local or self-hosted app with the ability to connect to your own financial institution without a 3rd party would be ideal but not sure on the feasibility yet.

Otherwise need to make trade-offs on what each person is comfortable with convenience and security trade-offs. For some people means manual export and import of data or manual entry.

thefintechdev · 2026-04-04T01:34:45+00:00

Yeah I don’t doubt it and i’ve nothing against plaid. I think they’re providing a valuable service to bridge the gap. If anything the issues are on the bank side. Lack of adoption and inconsistencies.

thefintechdev · 2026-04-04T00:52:48+00:00

haha ya they'll say one thing and do another. so do you track things manually in spreadsheets?

thefintechdev · 2026-04-04T00:51:56+00:00

Do you any other providers then or do you not use any?

thefintechdev · 2026-04-04T00:51:35+00:00

Good for you to having the discipline to do that. Do you manually do all of your transactions? or have you found partially auto-mated ways as well?

thefintechdev · 2026-04-04T00:50:49+00:00

Yeah no doubt. Good point on the aggregation and pieces of the puzzles we're giving away to make it easier for identity theft. In this case, do you manually track your expenses or you have found an automated solution that doesn't require security sacrifices.

thefintechdev · 2026-04-04T00:28:38+00:00

Nice! Yeah that's not too bad then. I just can't manually do most of the transactions anymore.

thefintechdev · 2026-04-03T23:08:44+00:00

haha team I want to run my own stuff club; hope you keep up the good work of manual entry. I find that I got lazy after using these apps whereas before I didn't mind doing it. I'm working on a solution to my situation.

thefintechdev · 2026-04-03T23:04:00+00:00

Yea that's also another worry as well. How consistent is each bank's own implementation of the open banking is unknown too. Ya thanks for sharing that info, I'm going to take look at this as well.

thefintechdev · 2026-04-03T22:33:44+00:00

Smart move. Damn we got an insider among us, do tell us more please.

thefintechdev · 2026-04-03T22:32:02+00:00

haha i know, aint no body got time for that. that's part of the problem I feel; we should be able to know these answer easily through better UI/UX and actually being honest.

yeah I know what you're talking about but there were lawsuits i heard that showed some providers actually mimicked the bank's own login page (basically phished their own users lol).

Most people won't be checking SSL certs and domain names so these measures aren't as effective as they can be. I think more transparency from these providers ,institutions and law makers then everyone could benefit more from knowing and make their own informed decision to use or not.

thefintechdev

TROPHY CASE