12:54 pm
November 1, 2019
Just recently I checked with the Bank of Montreal about signing into my online savings account through EQ Banks' website as required by EQ Bank when opening a new account and was told that it would put their 100% guarantee of being recompensed in the case of an improper (third party larceny) withdrawal from my online savings account IN JEOPARDY. Well, no brainer there: why would you give your main bank an out if money is taken from account for a few fractions of a per cent more interest. So, I opened an account with Alterna Bank which lets you mail in a cheque made out to yourself for $1 to verify your identity and main bank account. What EQ Bank is doing is wrong, wrong, wrong, in my opinion. I urge all visitors to this website to check with their bank before opening an account with EQ Bank.
2:33 pm
April 6, 2013
I think ReX found that providing EQ Bank one's login credentials to another bank was optional:
It is still the same...you have the choice of skipping the 3rd party portal log in.
On the very bottom of the list of sign in partners there is an option to choose not to link one's external account during the registration process.
…
I agree. It is not a good idea as many of the online banking agreements require one to not share the password and security question answers.
I also think it is disproportionately stupid as that seems to be only to verify an external account to link and not to confirm identity. If EQ Bank can't confirm identity with a TransUnion credit record, then one will still need to show government photo ID at a Canada Post outlet.
5:08 pm
April 28, 2017
I would never use a third party portal to open/link to my brick and mortar (mother) banks.
However, I have no qualms to use it when establishing links between online FIs. To stay on the safe side, I use the following method:
- link the external account from the FI that will be used to both pull and push the funds
- once the link is complete, log into the external account that funds will be pulled from and change both security answers and the pass
Voila! The info, if indeed harvested, became instantly useless.
7:28 pm
November 2, 2019
The problem is not (only) in giving your password to a third party.
Another huge issue is that by doing so you are in direct violation of most FIs terms of use.
Changing your password after the fact doesn't matter.
As I wrote above, the FI won't be chasing you because you gave your credentials to somebody. But when ANYTHING happens to your account -- say, some money is missing -- they will be in their rights to deny any investigation or compensate you in any way. And trust me, most likely they WILL exercise those rights.
8:31 pm
April 28, 2017
fv said
The problem is not (only) in giving your password to a third party.Another huge issue is that by doing so you are in direct violation of most FIs terms of use.
Changing your password after the fact doesn't matter.
As I wrote above, the FI won't be chasing you because you gave your credentials to somebody. But when ANYTHING happens to your account -- say, some money is missing -- they will be in their rights to deny any investigation or compensate you in any way. And trust me, most likely they WILL exercise those rights.
Fear born from lack of knowledge. Some people still use an abacus to verify that the calculator result.
Using 3rd party software and using 3rd party portal are two different things.
Info transmitted over 3rd party software is fully encrypted; 3rd party software resides on the FI's server. No harm done. It's like using 3rd party software e.g. Firefox browser instead of Explorer on Windows platform. My method just appeases fear by providing extra caution in the unlikely event "the calculator may be wrong".
If any funds go missing in your account at any of the big 5, even though you don't have any externally linked accounts, they WILL always exercise their right to deny you compensation claiming you did something against their policy.
8:18 am
April 6, 2013
The banks will do so especially when the client does actually do something wrong as in the case Giving Your PIN to Your Friend.
Client tries to recover "missing" $800 from his bank after sharing PIN with drinking buddy!
4:14 pm
November 2, 2019
If any funds go missing in your account at any of the big 5, even though you don't have any externally linked accounts, they WILL always exercise their right to deny you compensation claiming you did something against their policy.
No. If you don't give your credentials to anyone, then YOU have all the rights to pursue compensation (and the banks will likely compensate you if they can't find anything that proves you did something against their TOS).
That's why a TOS exists, BTW.
Of course, "giving you PIN to your buddy", or typing your password in some website other than your bank's don't qualify as compliance to the TOS. I'd be wary to do any of those, and don't recommend to do it.
Well, at the end of the day it is your money anyway. You can do whatever you want with it.
6:19 pm
April 28, 2017
The old fear tactic the Big 5 liked to pull is pretty much dead. They can't have it both ways with personal finance management tools and external bank account validation tools...then say you can't give out your credentials to other parties.
Well, you're not giving anything to other parties because you are not redirected to a third party portal or website.
You're signing in via your secure online banking website and even then, as previously mentioned, all info is encrypted - not even IT of this website can view it.
FLINKS is software ...not a "drinking buddy" or "some website".
9:01 pm
October 10, 2016
If you are signing up for an account, you are already providing substantial personal information (name, address, phone, SIN, foreign info, etc.) There has to be some degree of trust to begin.
If you were to inadvertently expose your password for a bank account (or perhaps intentionally provide it to family member so they could pay a bill or something), and then change the password, is that account never to be secured again, totally hooped. The only recourse is to close the account and go to another financial institution.
C'mon folks, this is getting in the area of tin foil hat paranoia.
10:14 pm
November 2, 2019
You ARE redirected to a third-party FI page to link your account.
Also, by doing that and connecting, you are entering an agreement with those third-party FIs as well, and most FI that force you to do that (like EQ used) do that in a way I consider a bit sneaky (basically there's no indication that you're entering a agreement with another company.
But again: it is your money. One should do whatever one thinks is better to safeguard it.
Having said that, here's a little bit of "paranoia" directly from the horse's mouth:
TD
"You must keep your Card, PIN, Credentials and Passcode Locks confidential and take every reasonable precaution to maintain them safely.This includes: (...) Not disclosing your PIN, Passcode Locks or Credentials voluntarily to anyone else at any time, including to a family member, friend, financial institution employee or law enforcement agency;"
-- http://www.tdcanadatrust.com/d.....530012.pdf
CIBC
"You agree to keep your Passwords and Personal Verification Questions absolutely confidential; they are for your use alone. You will not disclose to others (including a close family member, a friend or any bank or public official) what your Passwords or Personal Verification Questions are."
-- https://www.cibc.com/en/legal/agreements/electronic-access.html
RBC
"We are not responsible for and we will not reimburse you for losses to your Account(s) if: (...) you share any of your Passwords or Personal Verification Questions"
https://www.rbcroyalbank.com/onlinebanking/electronic-access-agreement.html
BMO
"You must keep your Secret ID Code and Card number confidential. They must only be used in connection with services you are certain come from us (or our subsidiaries or authorized service providers), including BMO Digital Banking and Telephone Banking Services, and our account and information aggregation or consolidation services."
https://www.bmo.com/home/popups/global/firstbank-service-agreement
Scotiabank
"You agree to: (...) always keep your electronic signature strictly confidential and never reveal it to anyone including any Scotiabank employee or other financial institution employee,law enforcement agency or even close family members or friend
https://www.scotiabank.com/images/ky/en/files_PersonalServices/10970.pdf
A third-party "account linking" service
"You understand and agree that XXXX is not endorsed or sponsored by any third party account providers accessible through XXXX"
--- Google it.
2:50 am
April 28, 2017
andied20 said
If you are signing up for an account, you are already providing substantial personal information (name, address, phone, SIN, foreign info, etc.) There has to be some degree of trust to begin.If you were to inadvertently expose your password for a bank account (or perhaps intentionally provide it to family member so they could pay a bill or something), and then change the password, is that account never to be secured again, totally hooped. The only recourse is to close the account and go to another financial institution.
C'mon folks, this is getting in the area of tin foil hat paranoia.
Ditto...Finally someone who can think independently.
When BMO's customer data got compromised, they reassured there was no danger but strongly advised to change password(s).
fv said
You ARE redirected to a third-party FI page to link your account.
...
Not true; do NOT Google it... attempt the process yourself...log into either your EQ or Oaken account and watch the address bar.
2:19 pm
April 28, 2017
...thank you for nice props.
The network administrator for the domain "eqbank.ca" is in charge of mapping the names in the eqbank.ca domain to specific machines and their IP addresses. In many large companies, there will be different machines (with different IP addresses) handling WWW, FTP, Telnet and other traffic. On smaller sites, the same machine can handle everything.
The network administrator makes a list of names and IP addresses, like this:
• h ttp://www.eqbank.ca -172.217.11.14
• h ttp://ftp.eqbank.ca-172.217.11.78
The administrator can put anything in that list, because the name servers don't care. The administrator could put in join.eqbank.ca, join.clueless.eqbank.ca and join.clueless.fv.eqbank.ca, and when someone types in those names the name server will return the IP addresses associated with them.
Domain name is just for the sake of remembering the website as it is hard to remember IP addresses.
Check left corner in green; you're still on the secure and encrypted EQ page.
Secondly, they will scrub your log in info instantly.
Source: Gray Matter
4:02 pm
November 2, 2019
@Rex, 25+ years working w/ internet networking here, so I think I know how this stuff works, but thanks anyway -- it may help others. Nevertheless, that just confirms that one is typing their account's ID and password in EQ's servers, not their bank's.
One last thing I think needs clarification: I have no problem with those third-party companies that facilitate the account link process, despite the fact that they violate the TOS of most other FIs (they do for the Big 5, as I showed above). My contributions to this discussion are just to help people make an educated decision about how to handle their hard-earned money. I would never input my password on any other website unless my bank explicitly says it is okay to do so, but that's just me. If after reading this topic and the many others on the internet about the same subject people still want to type their password in a website other that their bank's, I'm not the one stopping them.
12:57 pm
September 29, 2017
ReX said
It is still the same...you have the choice of skipping the 3rd party portal log in.
On the very bottom of the list of sign in partners there is an option to choose not to link one's external account during the registration process.
New, however, is the necessity to verify one's identity at a local post office by showing a photo ID with current domicile e.g. Driver's License and a code # emailed from EQ to finalize registration. Shortly after, EQ confirms by email you are good to go.
Log in, go to "manage external accounts", provide transit#, institution# and your account# to link accounts; 2 micro deposits then follow to that account amount of which one has to confirm back on EQ site.
Not sure if this has changed since you posted this in Dec 2020 BUT this is not accurate as of now. IF your bank is one of 15 currently listed on the EQ site when trying to create a link, the ONLY option is to use your banking login info. You can only use the previous process IF your bank is NOT listed. Even if you try to use the manual process to circumvent the login info requirement, as soon as you enter the bank ID #, the EQ site prevents you from continuing with the manual process (which then presumably still uses microdeposits to confirm the link) and forces you to use the login process.
I have just tried this to confirm. I have written to EQ about our objection to this process. Awaiting a reply.
1:12 pm
September 29, 2017
@Peter I suggest changing the title of this thread to be "New procedures for linking external bank accounts (and verifying identity) with EQ Bank?"
In contrast, there is a thread for new procedure to UNLINK accounts from EQ here:
https://www.highinterestsavings.ca/forum/eq-bank/managing-externally-linked-accounts-can-now-unlink-account-through-web-site
It is starting to get confusing with people posting comments on both topics intermixed.
11:06 pm
October 29, 2017
smayer97 said
Not sure if this has changed since you posted this in Dec 2020 BUT this is not accurate as of now. IF your bank is one of 15 currently listed on the EQ site when trying to create a link, the ONLY option is to use your banking login info. You can only use the previous process IF your bank is NOT listed. Even if you try to use the manual process to circumvent the login info requirement, as soon as you enter the bank ID #, the EQ site prevents you from continuing with the manual process (which then presumably still uses microdeposits to confirm the link) and forces you to use the login process.
I have just tried this to confirm. I have written to EQ about our objection to this process. Awaiting a reply.
This whole thread is very interesting! I signed up a couple years ago with an all online process and there was certainly no login ID or password from my external account! All my linked accounts have been done by micro deposits, including one as recent as Sept 2020. If I’m ever asked for login info, they can go to HELL! I would never give that stuff out.
9:24 am
September 24, 2019
I know back in 2016 when I first opened an online account with them I sent them a void cheque. However, I can't remember the procedure when I opened a TFSA with them for the first time in January of this year. I know I didn't send them a cheque.
Anybody else already have an account with them previously and then opened a TFSA this year?
9:32 am
October 29, 2017
Alexandra said
I know back in 2016 when I first opened an online account with them I sent them a void cheque. However, I can't remember the procedure when I opened a TFSA with them for the first time in January of this year. I know I didn't send them a cheque.Anybody else already have an account with them previously and then opened a TFSA this year?
The TFSA just opened upon request. I didn’t do anything but ask for one online. No info was required at all.
Please write your comments in the forum.