Online Banking – A Rant
Two of my favorite service providers over the last few years have been PNC Bank and Paytrust. Currently they are not playing nice with each other to the disadvantage of their joint customers. Moreover, this may be advance warning of a problem in online banking in general.
Paytrust (owned by Intuit of Quicken fame) is a bill payment service which not only allows you to pay ALL your bills online but also serves as the address to which bill are sent. Even though we’ve moved a couple of times and travel a lot, we don’t have to change the address where our bills go. Paytrust scans those bills which it doesn’t receive electronically so we can pay online no matter where we are in the world and bills don’t have to chase us from place to place.
PNC Bank has an OK online presence and great human support, at least at the Princeton, NJ branch. A few people have been involved with handling our accounts there over the last ten years and they’ve been so great that we’ve continued to do most of our banking there even though we now live in Vermont. They even reimburse ATM fees other banks charge here or abroad so it doesn’t matter to us that they have no ATM machines locally.
There are two interfaces between Paytrust and PNC which make this work. Paytrust writes and mails checks and makes electronic payments on my behalf which PNC processes against my checking account there. This part continues to work fine.
The second essential feature is that Paytrust displays what it calls a SmartBalance. This is the net of the current balance in the funding account and any payments made with Paytrust but not yet cleared. I almost never write paper checks on this account so this is my current balance. I don’t have to keep any other check register. At the end of the year I buy a CD from Paytrust with all my bills and payments on it. Meanwhile I can generate reports, see what checks have cleared etc.
In order to know which checks have cleared and get the balance, Paytrust has to access my bank account. Access to the account is now broken through Paytrust. The effect is no SmartBalance and a system which has become much, much harder to use – almost not worth using.
What happened is this: PNC like many banks wants to make its website more secure and help protect consumers against phishing; this is a good thing for them to be doing. Paytrust apparently uses a technique known as “screen scraping” – their computer pretends to be a person while talking to the PNC computer. But the Paytrust computer can’t read and respond to new patterns the way a human can so. When the format and sequence of login screens changes as it has, the Paytrust computer can’t log on to the PNC computer. This has happened before for brief periods until the Paytrust computer could be reprogrammed.
However, this outage has stretched on. Since part of the goal of PNC’s redesign is to thwart attacks by robots, their programmers are trying to defeat screen scrapers. So I’m not sure that Paytrust will be able to program around this – or that it should.
Quicken Bill Pay Service (also from Intuit) apparently uses a more robust way to download information from banks and is not broken by these changes (I’m not using Quicken Bill Pay but that’s what I’ve been told). In general, screen scraping is a bad way to do computer to computer communication. These should be done through APIs or other defined interfaces. Generally, screen scraping is done when the service whose screens are being scraped hasn’t defined an API or doesn’t want to make the API available to the scraping service. It is easy to see why Paytrust prior to the acquisition by Intuit started out as a screen scraper where the more powerful Quicken line of products was able to get the attention of banks for their format and even become a standard for financial transactions.
What is very difficult to understand and be patient with is that, even though Intuit acquired Paytrust at the end of 2004 according to PC World, it has either made Paytrust compatible with Quicken (or vice versa) nor fixed Paytrust’s dependence on screen scraping.
Paytrust is an unacknowledged part of the Intuit family. Every Paytrust page carries an Intuit brand and copyright statement. The “about” on the Paytrust site goes to a page about Intuit. But Paytrust appears nowhere in the list of products on the Intuit site. A search of the Intuit site using the keyword “paytrust” gets no hits.
In the TopTenReviews.com rankings of bill payment services, Paytrust comes in first, Quicken Bill pay is sixth, and PNC’s own bill payment service is rated ninth. Of the three, only Paytrust can receive and scan paper bills. Of the three, only Paytrust is broken. Arghhh…
Oh, yeah, customer service.
When I saw the announcement of the security changes at PNC I got worried and emailed my always responsive contact at PNC. Expectedly, she was responsive; she checked and found out that the changes might be a problem but couldn’t tell me whether the bank was working with Paytrust in advance. She thought, as did I, that it would be helpful that Paytrust is owned by Intuit.
I told her I would also give a heads up to Paytrust but things broke before I got around to it. I immediately filed a ticket – first to complain according to the Paytrust CSR – and got courteous service. But it’s more than a week now and the problem is not resolved nor is there a resolution date. Any attempt to update SmartBalance gets an immediate message saying that it is “temporarily” unavailable for this account, try again later (not an accurate status of the problem).
Some Paytrust CSRs (I’ve spoken to several) are frank that there may be a problem ever adapting to this new security system AND that it is happening at more and more banks.
I asked for a list of banks for which SmartBalance is working (it used to be on the Paytrust site). Both by phone and email CSRs told me that such a list “could not be made available” but, if I tell them what banks I have available locally, they will tell me which, if any, of them “support” SmartBalance.
I told them that I can bank anywhere in the US; I don’t want to play guessing games; I’d like the list, please.
“We can’t give you the list.”
“You mean you WON’T.”
“We can’t.”
“Why?”
“What if we were to tell you that bank supports SmartBalance and then it breaks?”
“What if I ask you if a bank supports SmartBalance and you say it does and then it breaks? Your willing to answer that question; why won’t you just give me the list.”
“We can’t.”
Of course there’s no point in harassing CSRs; they’re not responsible for the policy they have to defend. I asked in email for a contact at Paytrust I could discuss this with but was only given the customer support line; I asked for a supervisor to complain to and ended up on infinite hold (should have but didn’t call back).
BTW, parent Intuit WILL give out a list of the banks which support downloads and uploads from Quicken Bill Pay.
A real danger is that innovation in online banking – which doesn’t usually come from banks – will be squeezed out in the name of security. It doesn’t have to be that way. We can have both security and third-party bill paying services. But all parties have to play nicely with others.
Just add my 'dittos' to this post -- after using Paytrust quite happily for 8+ years I'm canceling my account because Paytrust will no longer support Smart Balance for USAA. USAA is my primary bank, and while I have loved Paytrust, the reasons to keep banking at USAA outweigh the incredible convenience of Paytrust. I went several rounds with Paytrust but ultimately they (and their clone MyEZBills aren't willing to support USAA). The end of an era to be sure, and after looking at Mint.com (nice by the way), Quicken Online, and Yodlee I'm not aware of anyone else that will scan in a paper bill and offers a feature similar to Smart Balance. It was nice while it lasted.
Posted by: Stuart Rowe | July 17, 2008 at 11:37 PM
I have been with Paytrust since almost day one and they have certainly gone down hill since Intuit bought them out. Intuit used to have it's own bill paying service but it was a joke compared to Paytrust (I tried it 2x hoping it would get better: it didn't). Paytrust used to have detailed EFT transaction info but they have pulled that feature and apparently won't put it back. Their CS used to be great but now you get that "Intuit attitude"...I ordered my CD early this year and STILL have not received it. When tax deadline was getting near and still no cd I asked for a refund and they refused and repeated emails to their CS for the CD or a refund never got me anywhere. Intuit has copied Microsoft's monopoly model of buying up products they can't compete with, but unlike MS, they typically run the product (Blue Ocean ) into the ground. So I am not surprised at what they are doing to Paytrust, just sad to see it happen. Perhaps after the next election these monopolies will be put on notice (doubtful but hopeful :)
Oh and so no one gets the wrong idea, I don't fault Paytrust (original owners) one bit for selling out to make a buck, just sorry as a customer that they did.
Posted by: Fletch | October 01, 2007 at 02:42 AM
Just to clarify Mark's point. In 2005 FFIEC issued guidelines requiring all financial instituions to implement two-factor or better user authentication:
http://www.fdic.gov/news/news/financial/2005/fil10305.html
The initial deadline was the end of 2006 and further clarification was published in Aug 2006:
http://www.ffiec.gov/pdf/authentication_faq.pdf
As of today, some banks have implemented something, some are still working on it, but it is clear that in order for payment aggregator's services to survive they will have to work directly with banks, as otherwise they are most unlikely to be able to have an automated process of accessing accounts' data.
Given the growing number "phishing" etc. incidents, a better security is required for online payment, however, currently even more sophisticated methods do not provide sufficient protection:
http://blog.cronto.com/index.php?title=transaction_verification_can_protect_aga
A good comparison of different methods used by US banks:
http://securityretentive.blogspot.com/2007/03/comparing-enhanced-authentication.html
On a different note, the value proposition of payment aggregators only exists because of the inefficiencies of billing systems. In Europe, checks use in general is in decline and I couldn't remember a single case where I couldn't pay a bill just by a direct transfer from my bank account, hence no need for a middle man/payment aggregator ;)
Posted by: Igor Drokov | May 15, 2007 at 09:29 AM
I have been so frustrated with Paytrust. When I found out that Intuit bought them I was think the service will get even better. It appears Intuit is killing PayTrust with the slow death of never updating or improving the service. You still can't use Paytrust with Quicken. Unbelievable! Take a look at the Paytrust site. Notice that the copyright date in the footer reads 2005. If can't update the copyright date I don't think they will make any useful changes. It's time to stop the service.
Posted by: Joel | March 24, 2007 at 03:33 PM
This article "Online Banking – A Rant" is fantastic. I totally agree. I actually wrote emails to both my bank, the only smart balance capable bank in Colorado, and paytrust. Oh paytrust (who used to be paymybills.com) had a list of like 5 banks out here, but only one of them is still in existence. If you ask me Paytrust purchased paymybills.com and then proceeded to Nerf them (meaning make their service stupid relative to what it once was when it ran under paymybills.com). Can you believe they revoked electronic transfers when they 1st took over paymybills.com? It was so stupid. Their customer support responded to my plea to not go backwards was "If you don't like it we can cancel your account" What kind of country do we live in where we cannot get what we want out of industries like banking and insurance? Only in the last few years have they reversed that brilliant move. They are like snails in when it comes to advancements like these. Anyway back to my letter to both paytrust and my bank (I reiterate the only bank in my state that seems to use smartbalance (and not very well)) I asked them to please work together to keep this functionality working as it was the only reason I was with either of them and the outtages to the smartbalance functionality was causing me to make mistakes costing me money(and giving it to one of them). To their credit they have been working together to some degree, some relationships between paytrust and banks are better than others, but still there are balance and available balance rules and nuances with the debit card that makes fee likely hoods increase.
I found your article because I'm still dissatisfied with the quirks preventing a truly workable system. The fact that we cannot have this amazing machine called THE COMPUTER balance our checking accounts in the year 2007 even if we are willing to pay 11 bucks a month to get it done is at best mind blowing and at worst flat out un American!! It doesn't seem like it is in banker man's best interest, I think they think that they wont make money in mistake fees if we could find a way to use these computer things (and the labor of the letter scanners in South Dakota) to balance our expense income picture with greater easy and reliability. Trey are a bunch of punishers!
I would also like to comment on www.usemybank.com, I saw this in an attached response to this article and explored it. Nothing there indicates they will scan my paper bills, or provide me with a PO BOX in some impoverished part of the mid west where letter opening labor is cheap and diligent. Also, it seems this guy is just advertising for him self here. Hey if he's going to circle back here, I'd like to know if his service can come close to what we are looking for.
Does any one out there with enough money and vision to prop up a real competitor system exist? I have the vision, contact me and mention this article.
Anyway thanks for the Article, I've been looking for something like this off and on for years.
Posted by: Chris | March 09, 2007 at 02:01 AM
Here's a horrible story. Paytrust works seamlessly with B of A. But then, a year ago, B of A adds new security. So, I open a new checking account at M & I. Paytrust works seemlessly with M & I. But then, a few days ago, M & I adds security. So, I ask Paytrust who I can use now? They say Chase. So, I open a Chase account, but low and behold, it won't work. So, I close the Chase account that I just opened. I scream and yell at Paytrust for giving me bad information. Then I ask again, who can I use? They say Washingtion Mutual. So, I open a WAMU account, but wouldn't you know it, it doesn't work either. So, I close the WAMU account that I just opened! I'm not going to call Paytrust again and ask who I can use. I'm giving up! I've had Paytrust since it first became available, I love it, I feel like I can't live without it, but this is just a losing battle. And, the folks at Paytrust keep saying they are working on it. Yep- they said that a year ago when B of A went dark. Too bad, because I don't think I even know how to use a check register anymore!
Posted by: Tom | February 22, 2007 at 04:06 AM
There is a protocol called OFX that is specifically designed for downloading transaction data from accounts (bank, credit card, mortgage, etc). This is the protocol that both Quicken and MS Money use and almost every account in the USA supports it. It would not be hard for PayTrust to switch to using this protocol - in fact it would probably be easier (and certainly more robust) than screen scraping all the supported websites. It would also mean that PayTrust would instantly support thousands of additional banks with no extra work.
Unfortunately it seems like Intuit is leading PayTrust into a slow death by neglect. They have not done any substaintial work on the system in years. If only there was some way to buy Paytrust or just have them let people like me work on their system, but there doesn't seem to be anyone home thetre.
It is too bad, becuase with just a lttle tweaking, Paytrust could be perfect and save millions of people hours and hours of work, hassle, and paper pushing. Even in its current sad state PayTrust is still a compeling choice.
I've written a little "What's Wrong with PayTrust (and what it would take to fix it)" here...
http://josh.com/PayTrustExport/index.htm
...if you are interested.
-josh
Posted by: josh levine | January 17, 2007 at 06:00 PM
Clearly screen scraping is a risky way to grab data (anyone can be you with your username/password and scrape your data). PNC has stopped it, as many banks will to thwart ID theft. Although Paytrust hasn't been able to make it work otherwise, the bank is the one who changed their procedures, as nearly EVERY bank in the US will be doing in the next few weeks to meet new regulatory guidelines. Paytrust needs to become a trusted scraper, which your bank can accomplish if they choose to make the effort. It is your data that the bank is now not making available to your chosen vendor.
Posted by: Mark Goines | December 23, 2006 at 02:14 PM
UseMyBank has pioneered the way for online Buyers and Sellers to transact in real time from online banking. www.usemybank.com
No bank information stored or given to the Seller. Coming to USA 07
Posted by: Brian Crozier | December 22, 2006 at 10:13 PM