South African Banks Declare War on Money Management Site

Much of the original animus that banks expressed when third-party account aggregators, such as Mint.com and Yodlee, emerged in the U.S. has faded as banks have embraced the personal financial management (PFM) model. In many cases U.S. banks are now actually teaming with independent providers to offer the tools to customers.

But there's no such conciliation in South Africa, where banks are baring their fangs to combat a new money management site called 22seven.

A pair of that country's largest banks, First National Bank and Absa are issuing statements that suggest the third party PFM site is unsafe by making a veiled link between the broad dangers of personal disclosure online to the analysis of financial behavior offered by 22seven.

On a First National Bank blog that includes references to phishing, the bank says its "warning comes as third party sites seeking a customers' personal details claim to offer value added benefits to the customer." In the case of Absa, the warning also comes as the bank says it's developing a PFM service of its own: "Aside from these serious security concerns, customers should also note that forthcoming redevelopments to Absa's online banking platforms, set for release later in 2012, will include a variety of personal financial management tools."

In the U.S., PFM sites tout security protocols that are equal to that provided by banks, and point out the "read only" status of the sites, which doesn't allow for actual transactions.

Shawn Ward, CEO and co-founder of Geezeo, says most PFMs endorsed by a bank now offer an authenticated single sign-on connection from their online banking platform. "Using Geezeo as an example, we leverage a SAML2.0 based single sign-on connection that originates inside the users 'logged in' online banking session. There is no user name or password for a user to enter, or for a 'hacker' to steal. The authentication risk has shifted from a more easily compromised user generated/tracked password system to a more systematic, highly monitored, authenticated connection," he says.

A spokesperson for Yodlee, which is providing the technology for 22seven, said the firm is providing the same technology protection that it provides to banks elsewhere. In a statement, 22seven also said it's a "read only" service, which means it gathers information from accounts, but doesn't allow transfers or transactions. Communications between users' PCs or mobile devices is encrypted using a 256-bit extended validation SSL certificate, which is designed to ensure that information flowing between users and the firm can't be deciphered by external parties.

"It is interesting to note that initial reaction of U.S. banks quickly turned from hostile to engaging with independent aggregators," says Christo Davel, CEO of 22seven, who then took an indirect swipe of his own at the South African banks. "The majority of the largest U.S. banks now have direct data feeds to established aggregators. I believe the more innovative South African banks will do the same in the future."

Founded by Davel, 22seven collects financial data from South African bank accounts. While the site is still in beta, its strategy uses gamification to make the interface more user friendly and behavioral science to produce a graphic-heavy interface that aids in personal financial decision-making.

"We do not believe we are adding a layer of risk to people's digital interaction with their money," Davel says. "Yodlee's track record is impeccable, and we have independent specialists constantly working with us to ensure we are always up to date with international standards."