When will YNAB "meet CapitalOne's security requirements" (ie support OAuth)?

I just started using YNAB this month, and I'm liking it so far. The only real problem I have is that I can't connect my CapitalOne account, and it seems like there's a bit of disingenuousness from YNAB's side. Here's what the error message states:

"CapitalOne made a change that prevents you from being able to link your accounts. We are working with them to restore your connection. It's important that they hear from consumers directly. Below are some ways to voice your concerns."

While CapitalOne says that they've updated their security standards and that YNAB doesn't yet meet the new standards (https://twitter.com/AskCapitalOne/status/1259486002957225985).

Browsing their API docs, I believe the root of the problem is that CapitalOne is trying to move to an OAuth-based solution for providing transaction data to apps. This seems like the right thing to do for security vs. the existing method of having to share your login credentials with YNAB / Plaid, so why are you resisting this? Is it not possible for Plaid (the service you use to handle backend bank connections) to support this directly, and can you put pressure on them instead?

10replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • I'd love to know what kind of warning  capital one gave aggregators.  Since o have exactly the same issue with personal capital I blame capital one.

  • I mean it definitely isn't YNAB's fault, but I feel like they could put some pressure on Plaid at least. It sounds like Plaid is dragging their feet. They've had previous disputes with CapitalOne due to requirements changes in the past: https://www.americanbanker.com/news/in-data-dispute-with-capital-one-plaid-stands-alone

    I can't speak to the amount of notice given by CapitalOne, but I believe Personal Capital uses Plaid as well, so I believe that explains why you see the same issue there. Meanwhile Mint is able to pull my transactions from CapitalOne just fine...

  • Agree 100%.  Giving credentials to a third party is a big "no-no!" in cyber security.  We have had to grit our teeth and do it, because there wasn't a better solution.  Well, now there is: it's called OAUTH.  However, for this to work, I think the financial institutions will also have to support it.  CapitalOne presumably is ready, but I doubt my credit union is.  Nevertheless, YNAB and/or Plaid should start supporting it for financial institutions that are ready to play.

    Like 2
    • Duncan Isn't OAUTH already behind the times with OAUTH2 being used?

      • Duncan
      • OK, maybe I will drink the kool-aid...
      • Pink_Boa.9
      • 1 mth ago
      • 1
      • Reported - view

      dakinemaui Maybe so.  I'm not sure of details and what OAuth2 provides vs OAuth.  The general idea is that we should not have to give a 3rd party our login credentials, and if I am not mistaken, OAuth makes that possible.

      Like 1
  • Yes, this Capital One issue is getting out of hand.  It's to the point that YNAB should be refunding users. It has been nearly useless this entire year and has required constant reconnection.  

    • Orange Sound Agreed.  I think a refund to Capital One users would be appropriate at this point.

      Like 2
  • Yeah this is super frustrating. Definitely would prefer to use Oauth for connecting to my bank. Definitely need CapitalOne support in YNAB. QFX import is a stop gap, but really want the import to get working again.

    Also, I'm frustrated with the lack of transparency from YNAB on this. 

  • I don't have a CapitalOne account, but I was so impressed with YNAB (user for about a week) that I helped get a friend set up on it. And she did have a CapitalOne account, and she is frustrated. I would like someone from YNAB to please comment here on the OAUTH issue, and what the timeline is, because I don't know if she'll sign up, and I certainly won't be recommending it to others who have CapitalOne cards.... importing is a pain compared to the push of information to streamline tracking. Seems like a core function that should really have been resolved faster, based on the many posts on this saying it has been a year of trouble....? 

    • Hi Orange Cleric and Slate Blue Trumpet !

      Sorry for the trouble! This is currently a known issue with Capital One and we've been posting updates about it on our status page. If you (or your friend) report a Bank Importing Issue our Direct Import Team can take a closer look at your accounts and see if we have any alternatives available to get things up and running for you! :)

Like4 Follow
  • 2 wk agoLast active
  • 10Replies
  • 217Views
  • 11 Following