Capital One and DirectConnect - any advice appreciated

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Capital One and DirectConnect - any advice appreciated

Emmet Devine
Hi,

Apologies if this question has been addressed elsewhere, but I couldn't
find it in the documentation or the mailing list archive.  In short, my OFX
transfers from Capital One have suddenly stopped working; it appears that
Capital One has changed it's system and that the previous GnuCash/AqBanking
configuration is no longer compatible.

I've been using GnuCash on Windows for the last few years and am currently
using 2.4.11.  During that time, I've had no significant issues downloading
my transactions from Capital One (or any of my other banks, credit card
companies, or brokers for that matter).

Since the middle of February, however, any attempt to get transactions
results in an error code 2000.  I enabled logging and the pertinent message
in the c:\tmp\ofx file is:

<STATUS>

<CODE>2000

<SEVERITY>ERROR

<MESSAGE>This software isn't supported by Capital One Online Banking. For
more information, please visit www.capitalone.com/online-banking/faq/ or
call us at 1-877-442-3764, option 4, M-F 8 AM - 10 PM ET, Sat-Sun 9 AM - 6
PM ET. Thanks.

</STATUS>


I've tried changing some of the settings (e.g. the version of the software
and the version of OFX) to make GnuCash/AqBanking appear more like the
officially supported packages (namely, Quicken).  The closest that I've
gotten was that a change of the OFX version from 1.0.2 to 1.0.3 resulted in
the error:

<STATUS>

<CODE>2000

<SEVERITY>ERROR

<MESSAGE>Oops, this device isn't authorized for use with your Capital One
account. To authorize it, call Capital One Online Banking Customer Service
at 1-877-442-3764, option 4, M-F 8 AM - 10 PM ET, Sat-Sun 9 AM - 6 PM ET.
Thanks.

</STATUS>


I've spoken with the support at Capital One twice.  Both times, they
confirmed that my account is authorized for OFX transfers and that software
packages that are not officially supported do, in fact, work with their
system.  However, they couldn't provide any configuration advice for
unsupported packages and suggested that I contact the vendor :).

So, as the subject line indicates, any advice would be much appreciated.

Thanks!
Emmet
_______________________________________________
gnucash-user mailing list
[hidden email]
https://lists.gnucash.org/mailman/listinfo/gnucash-user
-----
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
Reply | Threaded
Open this post in threaded view
|

Re: Capital One and DirectConnect - any advice appreciated

John Ralls-2

On Mar 3, 2013, at 2:27 PM, Emmet Devine <[hidden email]> wrote:

> Hi,
>
> Apologies if this question has been addressed elsewhere, but I couldn't
> find it in the documentation or the mailing list archive.  In short, my OFX
> transfers from Capital One have suddenly stopped working; it appears that
> Capital One has changed it's system and that the previous GnuCash/AqBanking
> configuration is no longer compatible.
>
> I've been using GnuCash on Windows for the last few years and am currently
> using 2.4.11.  During that time, I've had no significant issues downloading
> my transactions from Capital One (or any of my other banks, credit card
> companies, or brokers for that matter).
>
> Since the middle of February, however, any attempt to get transactions
> results in an error code 2000.  I enabled logging and the pertinent message
> in the c:\tmp\ofx file is:
>
> <STATUS>
>
> <CODE>2000
>
> <SEVERITY>ERROR
>
> <MESSAGE>This software isn't supported by Capital One Online Banking. For
> more information, please visit www.capitalone.com/online-banking/faq/ or
> call us at 1-877-442-3764, option 4, M-F 8 AM - 10 PM ET, Sat-Sun 9 AM - 6
> PM ET. Thanks.
>
> </STATUS>
>
>
> I've tried changing some of the settings (e.g. the version of the software
> and the version of OFX) to make GnuCash/AqBanking appear more like the
> officially supported packages (namely, Quicken).  The closest that I've
> gotten was that a change of the OFX version from 1.0.2 to 1.0.3 resulted in
> the error:
>
> <STATUS>
>
> <CODE>2000
>
> <SEVERITY>ERROR
>
> <MESSAGE>Oops, this device isn't authorized for use with your Capital One
> account. To authorize it, call Capital One Online Banking Customer Service
> at 1-877-442-3764, option 4, M-F 8 AM - 10 PM ET, Sat-Sun 9 AM - 6 PM ET.
> Thanks.
>
> </STATUS>
>
>
> I've spoken with the support at Capital One twice.  Both times, they
> confirmed that my account is authorized for OFX transfers and that software
> packages that are not officially supported do, in fact, work with their
> system.  However, they couldn't provide any configuration advice for
> unsupported packages and suggested that I contact the vendor :).
>
> So, as the subject line indicates, any advice would be much appreciated.

Amazingly, Capital One was proactive and told us about the change last december:
http://lists.gnucash.org/pipermail/gnucash-devel/2012-December/034626.html

You need to set the ClientUID field. What they didn't tell us is what to put
in it, but perhaps if you call their support line and ask they'll tell you what
to enter.
Note that the Cap One rep included her phone number in the first message.

Regards,
John Ralls


_______________________________________________
gnucash-user mailing list
[hidden email]
https://lists.gnucash.org/mailman/listinfo/gnucash-user
-----
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
Reply | Threaded
Open this post in threaded view
|

Re: Capital One and DirectConnect - any advice appreciated

randix
To revive an old thread...

I haven't tried calling Capital One yet, but was curious if anyone solved the mystery of what to put in the ClientUID field in order to be able to successfully download Cap1 credit card transactions?

Thanks.  Steve
Reply | Threaded
Open this post in threaded view
|

Re: Capital One and DirectConnect - any advice appreciated

David Reiser-4
> On Jan 3, 2016, at 7:38 AM, Steve <[hidden email]> wrote:
>
> To revive an old thread...
>
> I haven't tried calling Capital One yet, but was curious if anyone solved
> the mystery of what to put in the ClientUID field in order to be able to
> successfully download Cap1 credit card transactions?
>
> Thanks.  Steve
>

In the Intuit realm, the ClientUID is generated by Quicken for each data file when it is created. That ClientUID remains in the data file, so there are no changes across Quicken upgrades. Given that Quicken generates the numbers, it seems unlikely to me that Capital One will have any idea what you’re talking about if you ask them what to ‘put in’ that field.

The Intuit ClientUID is a 32-character ASCII representation of a hex number. Find any UUID generator you trust, take its output and strip the hyphens that are usually added to most UUIDs, optionally make any alphabetic characters lower case (case shouldn’t matter, but I’ve read one report that it might), and paste that result into the ClientUID in the User Settings of the AqBanking setup Edit User dialog.

You’ll also need to change the Header Version data field in the Application Settings tab of the same Edit User dialog to 103 instead of 102.

With a value in ClientUID and the right header version, aqbanking sends the ClientUID in a way that is compatible with current Intuit QFX servers. If Capital One isn’t using Intuit server software, you might have additional issues.

All this hassle only covers half the problem though. For ClientUID to do any good as a security precaution, the bank needs some way to authenticate the connection between you and that ClientUID. Chase recently switched to requiring a ClientUID, and they are using an out-of-band secure message linked to a screen where customers can click a button to say “Yeah, that’s me”. You might be able to get Capital One to tell you how you authenticate a new data file in Quicken. But I recommend finding a friend that uses Capital One and Quicken,  and ask them what happened the first time they connected.

I think the reason Chase just changed to requiring the extra security (aside from the fact that the banking oversight authorities have been insisting on multifactor authentication for several years…) is that with Intuit’s standard sunsetting of DirectConnect capability in older Quicken versions, banks now know authoritatively that any customer who can use DirectConnect has a version of Quicken that can handle ClientUIDs.

If you’ve never connected to Capital One, you might be in for a challenge. There are several instances of Capital One in the AqBanking setup wizard. Choosing the right one will probably require trial-and-error identification of the right server. Good luck.

--
Dave Reiser
[hidden email]



_______________________________________________
gnucash-user mailing list
[hidden email]
https://lists.gnucash.org/mailman/listinfo/gnucash-user
-----
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
Reply | Threaded
Open this post in threaded view
|

Re: Capital One and DirectConnect - any advice appreciated

David Reiser-4
Oops. Intuit says Capital One does not have Direct Connect services for Capital One credit cards:

https://fi.intuit.com/fisearchbasic/personal/quicken/basic_search/Quicken_windows_2015.html
--
Dave Reiser
[hidden email]





> On Jan 3, 2016, at 8:58 PM, David Reiser <[hidden email]> wrote:
>
>> On Jan 3, 2016, at 7:38 AM, Steve <[hidden email]> wrote:
>>
>> To revive an old thread...
>>
>> I haven't tried calling Capital One yet, but was curious if anyone solved
>> the mystery of what to put in the ClientUID field in order to be able to
>> successfully download Cap1 credit card transactions?
>>
>> Thanks.  Steve
>>
>
> In the Intuit realm, the ClientUID is generated by Quicken for each data file when it is created. That ClientUID remains in the data file, so there are no changes across Quicken upgrades. Given that Quicken generates the numbers, it seems unlikely to me that Capital One will have any idea what you’re talking about if you ask them what to ‘put in’ that field.
>
> The Intuit ClientUID is a 32-character ASCII representation of a hex number. Find any UUID generator you trust, take its output and strip the hyphens that are usually added to most UUIDs, optionally make any alphabetic characters lower case (case shouldn’t matter, but I’ve read one report that it might), and paste that result into the ClientUID in the User Settings of the AqBanking setup Edit User dialog.
>
> You’ll also need to change the Header Version data field in the Application Settings tab of the same Edit User dialog to 103 instead of 102.
>
> With a value in ClientUID and the right header version, aqbanking sends the ClientUID in a way that is compatible with current Intuit QFX servers. If Capital One isn’t using Intuit server software, you might have additional issues.
>
> All this hassle only covers half the problem though. For ClientUID to do any good as a security precaution, the bank needs some way to authenticate the connection between you and that ClientUID. Chase recently switched to requiring a ClientUID, and they are using an out-of-band secure message linked to a screen where customers can click a button to say “Yeah, that’s me”. You might be able to get Capital One to tell you how you authenticate a new data file in Quicken. But I recommend finding a friend that uses Capital One and Quicken,  and ask them what happened the first time they connected.
>
> I think the reason Chase just changed to requiring the extra security (aside from the fact that the banking oversight authorities have been insisting on multifactor authentication for several years…) is that with Intuit’s standard sunsetting of DirectConnect capability in older Quicken versions, banks now know authoritatively that any customer who can use DirectConnect has a version of Quicken that can handle ClientUIDs.
>
> If you’ve never connected to Capital One, you might be in for a challenge. There are several instances of Capital One in the AqBanking setup wizard. Choosing the right one will probably require trial-and-error identification of the right server. Good luck.
>
> --
> Dave Reiser
> [hidden email]
>
>
>
> _______________________________________________
> gnucash-user mailing list
> [hidden email]
> https://lists.gnucash.org/mailman/listinfo/gnucash-user
> -----
> Please remember to CC this list on all your replies.
> You can do this by using Reply-To-List or Reply-All.


_______________________________________________
gnucash-user mailing list
[hidden email]
https://lists.gnucash.org/mailman/listinfo/gnucash-user
-----
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.