I’ve been trying out a few of the online services for managing money. I have a couple of pretty simple use cases for this:
- Am I being robbed? Look through credit card and bank statements for activity I don’t remember, subscriptions I thought I’d cancelled or Direct Debits that shouldn’t be taking money.
- Cashflow projections based on different debt mechanisms (i.e. if I pay x off a credit card, what does my cashflow look like)
- Slicing, dicing and browsing to see where money is really going.
Pretty typical usage for most people I think. I have a few credit cards, and I use my debit card a lot, so tracking all of this manually is quite a pain. Ideally I’d use a service that fetches all this data automagically from the various institutions, and provides me with a decent interface. I’d settle for uploading my statements manually. I’m happy to pay for this service.
I’ve found four options:
Mint has had rave reviews, and sounds excellent. Unfortunately it’s US only for now. They plan to roll out in the UK “late 2008, early 2009″. But not right now.
I use First Direct, the HSBC online bank, for my current account. Their web interface isn’t the greatest, but it works reliably. I can do all the things I want to, even if sometimes it’s a bit tortuous. They provide an additional pay-for service called Internet Banking Plus that integrates with other banks and shows your statements for every account. I don’t know what else it does, but it sounds worth a try.
Unfortunately it requires Windows and Internet Explorer, so it’s complete FAIL.
This is a beta service that’s aiming to do the same sorts of things as Mint.com. I registered for this and went through the various options for telling it your transactions. It has an automagic integration (using Yodlee) with every bank I need – you provide your access details for the bank, and it connects and pulls down your transaction details.
Unfortunately, the security for this is a complete disaster. If you go to http://www.kublax.com and log in, you remain on an unencrypted connection. When they pop up a form asking for your banking details, this submits the details over an unencrypted connection. You can see a screenshot from firebug below (click on the image to get the full-size view).
That last GET request is the one that contains all your lovely super secure banking details – going over the public internet in the clear. Thankfully I was paying attention and saw everything was in the clear, and entered only “foo”s. I suspect most people don’t notice.
The impact of this might not be obvious. For those who don’t know, lots of internet equipment has been hacked by bad guys, and you have to assume that anything that isn’t strongly encrypted is being snooped successfully. In addition of course, if you are on a wireless connection that isn’t using WPA, your data is easily snooped locally too, using any old laptop. Not so much of a problem at home perhaps, but try not to do your online banking in airports, ok?
I’ve informed Kublax about this breach incidentally.
You can navigate manually to https://www.kublax.com and then do the same thing, but this time over an encrypted connection. All they need do is switch to an encrypted connection early enough. It is quite upsetting that they provide any service over unencrypted http to be honest – just bouncing every http request directly to an https URL would be the best solution.
Once I’d convinced myself my details were going over a secure link, I tried automatically downloading my statements from a bank account and a credit card, but neither actually worked, and I got a non-specific error at the end of the process. So after all that, it didn’t work. sigh.
Perservering perhaps more than was sane, I uploaded some bank statements that I had manually downloaded from my bank. This functionality works pretty well, although to get to the point of adding a manual account you have to go through a whole bunch of hoops that are difficult to repeat. It supports QIF and OFX formats, which all of my banks provide, so that’s ok.
Once the statements are uploaded, you are presented with some basic analytics on your data, and you have the option to categorise your transactions. Categorisation is klunky and difficult to apply, with an interface that requires quite a few clicks and mouse movements to execute. When you’re doing this for dozens of transactions it gets painful quickly. Seriously guys, this is 2009, do some bloody usability work before coding ok?
Also, changes didn’t always stick – I’d categorise an item, it would claim to be categorised, but if i paged off and back it would go back to being “Uncategorised”.
Finally, when I’d got a bunch of data categorised I couldn’t really do any of the things I wanted with it. It shows a flash pie chart, and you can slice and dice, which is kind of interesting. But I couldn’t find any functionality for doing much more than that. This was better than the competition though, depressingly.
In conclusion for Kublax: security fail, usability fail and coding fail.
If I were a VC who had funded this I would be quite upset. if you are a VC who funded this, then give my company, Isotoma, a call – we build web apps that are secure, a joy to use and that actually function, unlike your current lot.
Wesabe looks promising – the site design is much better than that of Kublax, and it shows some smarts. It has two options for providing your transaction data – for banks that they support automatic access, you can enter your credentials for your bank and it will fetch the data. Alternatively, they have a Firefox plugin, which is would be a good idea if it actually worked.
The browser plugin works by recording your activity – you tell the plugin the starting url for your banking site, and then it records what you enter to download a statement. It can then replay this to get your statement. Thing is, banks have instituted specific measures to defeat replay attacks – most sites now ask you for specific letters from a longer password. This specifically stops this kind of automation from working. In addition my current account site uses a popup for the banking interface, which is obviously a bit crap of them, but it defeated the Wesabe plugin completely. It could replay as far as clicking the button to open the popup, and then stopped.
So, stopped at the first hurdle – I never managed to get any data into this site. If there is a manual upload facility, so I can put my statements in, I failed to find it. I’d be happy doing this too, to be honest – uploading six statements once a month isn’t that onerous.
None of these sites satisfied me. Kublax came closest, since I actually managed to get some data into them and view it, but it’s interface was klunky enough, and their security feeble enough, to stop me wanting to go back. There is a real opportunity for someone to clean up here, and it could well be Mint.com, if they do a competent release in the UK.