Banks may be dropping support for online direct connections from Money and Quicken while scrambling to comply with new banking regulations. If you are a user of these software applications you may find that you lose features either temporarily or permanently.

In October of 2005 the FFIEC (a bank regulator) [1] created a regulatory "guidance" [2] that pushes banks towards stronger authentication. Authentication that is appropriate for the risk level is required for transactions involving large sums of money, transfers out of the account or other transactions which may be the target of hackers. That may mean two-factor or other approaches, but any changes must be made by the end of 2006 (see FAQ [3])

Many banking customers use software such as Microsoft Money [4] and Intuit's Quicken [5] to access all their financial institutions. These software packages allow the user to have consolidated view and control of multiple banks, brokers, savings, 401k's etc. Rather than visiting a dozen or so online banking websites, users of this type of software can do everything in one place, a huge time saver that also translates into better control of finances.

Out of a sample of a dozen financial institutions we have seen different responses to this regulation. One bank, ING Direct USA [6] shut down direct access for a few weeks while the authentication mechanism was revamped (presumably in response to the regulations, or because of due-diligence on their own). When it returned there were a dozen new authentication questions for web-based access (first pet, color of car, high-school name etc.) These same questions were used to strengthen the authentication for direct connections from Money and Quicken which were re-enabled.

But other banks have taken a dramatically different approach: HSBC USA N.A. [7] for example just sent an email to customers today announcing that as of December 10th all direct connections via MS-Money and Quicken would be discontinued. When we contacted the online banking representatives for comment, they told us that the service termination was not temporary but indefinite! The alternative offered: download transactions from your statement and import into your PC, a solution which precludes bill-pay, online reconciliation, transfers etc. Other banks may follow suite. For consumers this may bring tremendous uncertainty: no bank is likely to guarantee any support and for the next few months it's fingers crossed and wait-and-see.

Business banking customers may face even more difficulties. Business accounts are explicitly covered by the FFIEC regulations and banks are required to provide stronger authentication for their transactions. Depending on how banks decide to implement stronger authentication this may mean reduced integration/interoperability with online accounting systems for the short term, or even long term for those banks that underestimate the impact of their choices!

Finally, small and medium business may be stuck somewhere in the middle: small enough to use consumer software for their banking, not large enough to get the full attention and care of the banks.

How many more banks will be dumping online integration features to comply with regulations? No way to know, your bank may be next!