Some banks are now using a system called "Secure Sign On" to log you in. The secure sign on feature uses a multi-screen login that will typically show you a picture and personal phrase that you previously chose. In addition to typing your password, the bank will then ask you to answer one or more confirmation questions for added security. These are personal questions that you previously provided answers for. This is what one bank says about using this sign on procedure in conjunction with account aggregation services like Yodlee.
Account aggregation lets you see the information from all your online accounts on one website. The firm operating the account aggregation service logs in as you and uses your security information to get your information for you. [With] Secure Sign On, these services may not work with the user ID and password you provided them because Secure Sign On uses a multi-page signon process. Confirmation questions and cookies are also used as additional security information.
For a long time, I was largely satisfied with the account aggregation service that sites powered by Yodlee provided. However, my satisfaction has now been replaced with skepticism about Yodlee.
A person claiming to be Peter Hazlehurst (senior vice president of product development at Yodlee) posted a comment in response to one of my posts. In this post, I mentioned the account aggregation problems that I was having with TD Ameritrade. I sent a message to what I believe was his Email address. Although he offered to help debug the problems, I never received any response to my message. While I cannot verify that this person actually wrote the response, I can confirm that Yodlee employees do visit and read my blog.
Of all my accounts, the majority of them have some sort of issue with the Yodlee's account aggregation scheme. Another issue that I've seen is that with some 401(k) plans, the individual funds are listed as "unknown" securities because Yodlee doesn't know the symbols to these funds. And I also remember one instance, where the money fund symbol was replaced with an "X". Money funds are supposed to have retain a value of $1 per share. But, Yodlee was substituting the value for stock symbol "X" (United States Steel Corp.). Suddenly, I appeared to have millions of dollars in my 401(k) plan.
What is the value of a service that claims to give you a complete picture of your finances when much of your account information is missing or inaccurate? At best, this is a big hassle. Lastly, others have expressed security concerns that Yodlee needs to have your user IDs and passwords on record as part of their service. I hadn't really considered this a problem before, but it is certainly something for me to think about.