Archive

The Dulin Report

Browsable archive from the WordPress export.

Results (46)

On the role of Distinguished Engineer and CTO Mindset Apr 27, 2025 The future is bright Mar 30, 2025 2024 Reflections Dec 31, 2024 Working from home works as well as any distributed team Nov 25, 2022 Good developers can pick up new programming languages Jun 3, 2022 In most cases, there is no need for NoSQL Apr 18, 2022 Kitchen table conversations Nov 7, 2021 Returning security back to the user Feb 2, 2019 Let’s talk cloud neutrality Sep 17, 2018 What does a Chief Software Architect do? Jun 23, 2018 Leaving Facebook and Twitter: here are the alternatives Mar 25, 2018 When politics and technology intersect Mar 24, 2018 Nobody wants your app Aug 2, 2017 The technology publishing industry needs to transform in order to survive Jun 30, 2017 Rather than innovating Walmart bullies their tech vendors to leave AWS Jun 27, 2017 I tried an Apple Watch for two days and I hated it Mar 30, 2017 Copyright in the 21st century or how "IT Gurus of Atlanta" plagiarized my and other's articles Mar 21, 2017 Emails, politics, and common sense Jan 14, 2017 Here is to a great 2017! Dec 26, 2016 What I learned from using Amazon Alexa for a month Sep 7, 2016 Amazon Alexa is eating the retailers alive Jun 22, 2016 In Support Of Gary Johnson Jun 13, 2016 Why it makes perfect sense for Dropbox to leave AWS May 7, 2016 JEE in the cloud era: building application servers Apr 22, 2016 In memory of Ed Yourdon Jan 23, 2016 Operations costs are the Achille's heel of NoSQL Nov 23, 2015 Banking Technology is in Dire Need of Standartization and Openness Sep 28, 2015 I Stand With Ahmed Sep 19, 2015 Top Ten Differences Between ActiveMQ and Amazon SQS Sep 5, 2015 What Every College Computer Science Freshman Should Know Aug 14, 2015 On Maintaining Personal Brand as a Software Engineer Aug 2, 2015 Social Media Detox Jul 11, 2015 The Three Myths About JavaScript Simplicity Jul 10, 2015 Your IT Department's Kodak Moment Jun 17, 2015 Big Data is not all about Hadoop May 30, 2015 Smart IT Departments Own Their Business API and Take Ownership of Data Governance May 13, 2015 Building a Supercomputer in AWS: Is it even worth it ? Apr 13, 2015 Microsoft and Apple Have Everything to Lose if Chromebooks Succeed Mar 31, 2015 Why I am Tempted to Replace Cassandra With DynamoDB Nov 13, 2014 Software Engineering and Domain Area Expertise Nov 7, 2014 Docker can fundamentally change how you think of server deployments Aug 26, 2014 Wall St. wakes up to underinvestment in OMS Aug 21, 2014 "Hello, World!" Using Apache Thrift Feb 24, 2013 Thoughts on Wall Street Technology Aug 11, 2012 Happy New Year! Jan 1, 2012 Eminence Grise: A trusted advisor May 13, 2009

Banking Technology is in Dire Need of Standartization and Openness

September 28, 2015

[caption id="attachment_272" align="aligncenter" width="300"]Old Bank Photo credit Toby Dickens Old Bank
Photo credit Toby Dickens[/caption]

A few weeks ago Investors Bank in New Jersey overhauled their systems. As a result Mint became incompatible with Investors and Investors customers could no longer view their account in Mint. There is anecdotal evidence1 that Mint uses the Yodlee platform2 for the integration. As it turns out, there is no standard mechanism by which external applications can work with banks. Yodlee's own page states:
Through a proprietary system of direct data access and HTML parsing, Yodlee delivers financial data from more than 14,000 sources, and growing.

While the technology world is moving towards open APIs and standard authentication protocols3 the banking industry continues to rely on proprietary systems and HTML screen scraping. It seems that even using Yodlee platform it is not possible to integrate with banks in any standard way. Each time a bank updates their systems a team of engineers at Intuit must update integration scripts to ensure their customers can continue to use Mint with that bank4:
When a financial institution updates their system, our engineers have to rewrite the script on our end to match so that we can continue supporting them. Typically, they are notified when this is going to happen and can get it updated pretty quickly. However, please open a ticket by filling out our Contact Mint form to make sure this is on their radar and they can get the script updated as soon as possible.

The way Mint integrates with banks is by asking users to enter and store their bank credentials. Mint expects us to trust their security5. The technology industry, however, has long established a protocol by which an application (like Mint) needing access to an outside resource (a user's bank account) does not need to capture user's credentials. It is called OAuth6.

Had banks implemented OAuth, mint would use the protocol to obtain an authorization from the user to act upon the bank's API on behalf of the user. In the event of a security breach at Mint it would be possible for the banks to invalidate all tokens -- and disable all further access by Mint. Users would gain control over which applications they want to access their data and which they do not.

In 2015 there is no need for HTML screen scraping or proprietary technologies. Would Yodlee platform even be around if the banks used OAuth and standard API7 ? This is an industry that is in dire need of innovation. Banks need to learn how to recruit and retain top talent from the technology companies, not the other way around. They need to look beyond their traditional well accepted consulting vendors and service providers and think outside the box -- especially considering the fact that the technology challenges they face have already been solved by others.





  1. How does mint.com connect to online banks in order to get or download transaction data? 

  2. Yodlee Platform 

  3. 5 ways APIs will be the workhorses of 2015 

  4. Mint support: Mint can not sync with my investors savings bank account 

  5. Should You Trust Mint.com? 

  6. OAuth 

  7. The Future Of Coding Is Here, And It Threatens To Wipe Out Everything In Its Path 


Last updated January 20, 2026. Return to home.