Fraud Insurance / Security at YNAB
Having been a victim of identity in the past I take security very seriously. I would like to know if linking my bank accounts with YNAB would invalidate any fraud protection insurance that my bank would provide. Were YNAB to be involved in a data breach or to leak my details causing any financial loss would the bank and or YNAB reimburse in full. I won't say banks name but I bank with one of Canada's big 5.
If that is a major concern, you could always just not connect your accounts to YNAB and instead use the file import feature to download your banking transactions to your computer, then upload them to YNAB. I'm doing that myself--but not because of security concerns. Not long ago I had some issues with connectivity between my credit union and YNAB and going to a file import methodology solved the problem.
Hey NeedSomeConvincing ! I'm sorry to hear you've had to deal with identity theft. Just popping in to echo what some of the folks have mentioned above and include some additional resources.
We know security is important to you, and as YNAB users ourselves—we understand.
Our import partners have significant experience handling sensitive information as aggregation providers, but if you are uncomfortable for any reason, the Direct Import feature is completely optional. Our security and privacy policies may be of interest to you as well.
You will still need to add your accounts to YNAB but if you’d rather not set up direct import you can choose to add an "Unlinked Account" instead. We do offer File-Based Importing (in the web app) as an alternative that will allow you to drag and drop a file containing your transactions right into YNAB.
NeedSomeConvincing Here's what I know, what I don't know, and what I did with it, from the perspective of an information security professional, whose job it is to deal with risk every day...
(note: I'm just a customer, and not affiliated with YNAB)
"Fraud protection insurance", assuming you are referring to what we call "identity theft insurance" here in the US, doesn't cover what you probably think it does.
Most consumers expect such insurance to cover any financial losses they experience due to identity theft. What these plans do (again, here in the US, but it sounds like you mean the same thing) is provide you a customer service rep to make phone calls and collect paperwork on your behalf after you've experienced identity theft, to try and speed up the process of correcting it. I personally consider such plans useless and refuse to opt in, because the company can't service me anyway unless I give them power of attorney over all my financials so they can act on my behalf, which presents its own significant set of risks.
This is totally separate from any guarantee from your bank to cover losses in the event of fraud. What that means depends a bit on your agreement with the bank, and a lot on Canadian law.
As far as I can tell, YNAB is going all the right things regarding what is within their power.
YNAB has reasonable policies (see Nicole 's post), and has chosen the only aggregator company that doesn't primarily make its money off of selling user data to governments, marketers, background check companies, and more. That aggregator's policies prohibit them from sharing financial information at all. Unless one of these organizations is outright lying in their documentation, they're in pretty good shape.
I don't know either organization's software development practices, but reading their "body language" so to speak, I'd imagine that both are markedly above the very dismal average.
There are still some things not under YNAB's control.
I have a reasonable amount of trust in my bank, the aggregator, YNAB, and the connection between the aggregator and YNAB. The problem is the connection between the aggregator and the bank.
You may be wondering why an aggregator is involved at all. Why can't YNAB just talk to my bank? The answer is that the technical protocols for getting this information out of the bank are extremely old, finicky, and by modern standards insecure. These protocols aren't even implemented uniformly from bank to bank: each one tends to be a bit different. The aggregator represents an entire company full of people learning the detail's of each bank's protocols, deciphering how to interface with the banks reliably, Many banks don't share information on their protocols, or notify anyone when those protocols change, so this is a full-time job. I can only tell you the state of these protocols at about 1/4 of the banks I use, and I'm an expert, just to indicate how hard it is to get usable information. Often, the aggregator has to guess, test, revise, test...slowly working out the edges and behaviors of a black box.
In case you weren't suitably frightened at this point, some banks don't even know their own protocols well enough to secure those endpoints effectively.
Does it matter?
The questionable protocols exist for most bank accounts whether you use them or not. Connecting to them does provide an extra, small window for an attacker to grab information, but it's not really a lot more risk than if you never used it. If you want that not to be the case, switch exclusively to Swiss or Japanese banks, as those are the only two nations that aren't holding back the security of their banks with regulation that takes no account of technological threats' evolution over time.
I, personally, use unlinked accounts only and manage my transactions manually. I totally respect the choice to use the linked accounts approach, however. It's not a huge difference, and most people don't have my threat model. Before my current job as a security researcher, I did some work making life hard for organized financial crime, so given the people I've pissed off, I'm a bit of a special target for criminals who target financial systems.
YNAB's file-based importing does circumvent the problems outlined above, so that's another option if you don't want to go totally manual.
...in banking, as in everything else, it is impossible to get down to zero risk. The key is to figure out which risks to accept, so you have time to still have a life and get on with things. :)