Egg money manager and similar schemes

Richard Clayton ukcrypto@chiark.greenend.org.uk
Thu, 16 Sep 2004 14:15:43 +0100 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <670.754T1297T7203962ghira@mistral.co.uk>, Adam Atkinson
<ghira@mistral.co.uk> writes

>I got a thing in the post about "Egg money manager" today. It offers
>to allow me to manage all my accounts, cards etc. via Egg. I imagine
>it's not the only such scheme around.

in the jargon, this is "account aggregation"

>Has this been discussed on the list at all? If so, I don't remember
>seeing it. 

nor I, but it has been of interest to the FSA who seem to have it as a
background matter of concern, this is from May 2001

    http://www.fsa.gov.uk/pubs/press/2001/057.html

    "The key message for consumers is that the FSA will have no powers
    to regulate the provision of account aggregation. This activity will
    fall outside the jurisdiction of the FSA and, as a result, we cannot
    guarantee you the protection of the regulatory system if something
    should go wrong. While we can see the attraction in using the
    services of an aggregator, it is important that you weigh up the
    risks involved too."

but that was in the dying days of the dot-com bubble and a lot of the
proposed services never actually materialised. Hence, I suspect, the
lack of concern... and of course there's a Dec 2001 Code of Practice
from APACS [so that's all right then!]

    http://www.apacs.org.uk/downloads/aggguidelinesv10.pdf

which points at US security principles from BITS

    http://www.bitsinfo.org/FinalAggregationBook051601.pdf

I have also heard suggestions that some banks might be disposed to
discourage use of their systems by aggregators [nothing to do with
security, or the denial-of-service aspects of the screen-scraping by the
aggregators... it's just that the customer would not see _their_
advertisements!]

>I don't plan to sign up for this service, and wonder what
>other people think of it. e.g. What happens if something goes wrong?
>Surely the terms of service with other banks and cards are such that
>you probably aren't allowed to tell Egg enough for this to work.

The FSA's list of difficult questions are at:

<URL:http://www.fsa.gov.uk/consumer/01_WARNINGS/updates/aggregate/mn_que
stions.html>

and one might assume that Egg has all the answers at their fingertips!

You could always ask :)

- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBQUmR/xfnRQV/feRLEQIoDACfbOwKjJbHIhKoOmmxZQAqeq0O8HQAn0/2
/IqzR+GgDSeATZ8nLg2xorFX
=nx7Q
-----END PGP SIGNATURE-----