Issue downloading transactions from Chase

classic Classic list List threaded Threaded
20 messages Options
Reply | Threaded
Open this post in threaded view
|

Issue downloading transactions from Chase

Matt Kowske
Hello all,

I have a Chase credit card that I have hooked up via AQBanking to d/l
transactions to GnuCash and it has been working no problem for a long
time. I recently received an e-mail informing me:

/
/ /*"The first time you access your accounts after November 25*// using
Personal Financial Management (PFM) software such as Quicken//®// or
QuickBooks//®// we will ask you to confirm your identity. //
//
//We'll send instructions to your Chase Online//SM// //Inbox in the
Secure Message Center upon login to your PFM software. You will need to
sign in to chase.com on your computer to view the instructions and
complete the steps."/

When I try to d/l transactions in GnuCash, the login fails now:

Status for signon request: Code 15510, severity "ERROR"
Status for transaction statement request: Signon invalid (Code 15500,
severity "ERROR")
The user cannot signon because he or she entered an invalid user ID or
password.

So, does anyone know how I might "confirm my identify" with GnuCash? I
can find nothing on their website as to how to do this... I will contact
Chase support as well.
_______________________________________________
gnucash-user mailing list
[hidden email]
https://lists.gnucash.org/mailman/listinfo/gnucash-user
-----
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
Reply | Threaded
Open this post in threaded view
|

Re: Issue downloading transactions from Chase

John Ralls-2

> On Nov 26, 2015, at 5:04 AM, Matt Kowske <[hidden email]> wrote:
>
> Hello all,
>
> I have a Chase credit card that I have hooked up via AQBanking to d/l
> transactions to GnuCash and it has been working no problem for a long
> time. I recently received an e-mail informing me:
>
> /
> / /*"The first time you access your accounts after November 25*// using
> Personal Financial Management (PFM) software such as Quicken//®// or
> QuickBooks//®// we will ask you to confirm your identity. //
> //
> //We'll send instructions to your Chase Online//SM// //Inbox in the
> Secure Message Center upon login to your PFM software. You will need to
> sign in to chase.com on your computer to view the instructions and
> complete the steps."/
>
> When I try to d/l transactions in GnuCash, the login fails now:
>
> Status for signon request: Code 15510, severity "ERROR"
> Status for transaction statement request: Signon invalid (Code 15500,
> severity "ERROR")
> The user cannot signon because he or she entered an invalid user ID or
> password.
>
> So, does anyone know how I might "confirm my identify" with GnuCash? I
> can find nothing on their website as to how to do this... I will contact
> Chase support as well.

Is there access to the “secure message center” from the website? The email implies that the access is from within the financial software and GnuCash doesn’t have that capability.

Regards,
John Ralls


_______________________________________________
gnucash-user mailing list
[hidden email]
https://lists.gnucash.org/mailman/listinfo/gnucash-user
-----
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
Reply | Threaded
Open this post in threaded view
|

Re: Issue downloading transactions from Chase

Matt Kowske
On 11/26/2015 09:19 AM, John Ralls wrote:

>> On Nov 26, 2015, at 5:04 AM, Matt Kowske <[hidden email]> wrote:
>>
>> Hello all,
>>
>> I have a Chase credit card that I have hooked up via AQBanking to d/l
>> transactions to GnuCash and it has been working no problem for a long
>> time. I recently received an e-mail informing me:
>>
>> /
>> / /*"The first time you access your accounts after November 25*// using
>> Personal Financial Management (PFM) software such as Quicken//®// or
>> QuickBooks//®// we will ask you to confirm your identity. //
>> //
>> //We'll send instructions to your Chase Online//SM// //Inbox in the
>> Secure Message Center upon login to your PFM software. You will need to
>> sign in to chase.com on your computer to view the instructions and
>> complete the steps."/
>>
>> When I try to d/l transactions in GnuCash, the login fails now:
>>
>> Status for signon request: Code 15510, severity "ERROR"
>> Status for transaction statement request: Signon invalid (Code 15500,
>> severity "ERROR")
>> The user cannot signon because he or she entered an invalid user ID or
>> password.
>>
>> So, does anyone know how I might "confirm my identify" with GnuCash? I
>> can find nothing on their website as to how to do this... I will contact
>> Chase support as well.
> Is there access to the “secure message center” from the website? The email implies that the access is from within the financial software and GnuCash doesn’t have that capability.
>
> Regards,
> John Ralls
>
Yes, but that message is sent only after connecting with Quicken/MS
Money. I don't have that message yet in my Secure Messsage Center
because I don't have the software to connect with.
_______________________________________________
gnucash-user mailing list
[hidden email]
https://lists.gnucash.org/mailman/listinfo/gnucash-user
-----
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
Reply | Threaded
Open this post in threaded view
|

Re: Issue downloading transactions from Chase

David Reiser-4
> On Nov 26, 2015, at 11:19 AM, Matt Kowske <[hidden email]> wrote:
>
> On 11/26/2015 09:19 AM, John Ralls wrote:
>>> On Nov 26, 2015, at 5:04 AM, Matt Kowske <[hidden email]> wrote:
>>>
>>> Hello all,
>>>
>>> I have a Chase credit card that I have hooked up via AQBanking to d/l
>>> transactions to GnuCash and it has been working no problem for a long
>>> time. I recently received an e-mail informing me:
>>>
>>> /
>>> / /*"The first time you access your accounts after November 25*// using
>>> Personal Financial Management (PFM) software such as Quicken//®// or
>>> QuickBooks//®// we will ask you to confirm your identity. //
>>> //
>>> //We'll send instructions to your Chase Online//SM// //Inbox in the
>>> Secure Message Center upon login to your PFM software. You will need to
>>> sign in to chase.com on your computer to view the instructions and
>>> complete the steps."/
>>>
>>> When I try to d/l transactions in GnuCash, the login fails now:
>>>
>>> Status for signon request: Code 15510, severity "ERROR"
>>> Status for transaction statement request: Signon invalid (Code 15500,
>>> severity "ERROR")
>>> The user cannot signon because he or she entered an invalid user ID or
>>> password.
>>>
>>> So, does anyone know how I might "confirm my identify" with GnuCash? I
>>> can find nothing on their website as to how to do this... I will contact
>>> Chase support as well.
>> Is there access to the “secure message center” from the website? The email implies that the access is from within the financial software and GnuCash doesn’t have that capability.
>>
>> Regards,
>> John Ralls
>>
> Yes, but that message is sent only after connecting with Quicken/MS
> Money. I don't have that message yet in my Secure Messsage Center
> because I don't have the software to connect with.

The ofx.log for my attempt to download Chase transactions includes:

<OFX><SIGNONMSGSRSV1><SONRS><STATUS><CODE>15510<SEVERITY>ERROR
<MESSAGE>Please verify your identity within the next 7 days.
Using your desktop computer, go to your bankís website and
visit the Secure Message Center for instructions.</STATUS>
<DTSERVER>20151126132101.390[-5:EST]<LANGUAGE>ENG<FI><ORG>B1<FID>10898</FI></SONRS>
</SIGNONMSGSRSV1><CREDITCARDMSGSRSV1><CCSTMTTRNRS>
<TRNUID>20151126132057.000<STATUS><CODE>15500<SEVERITY>ERROR</STATUS>
<CLTCOOKIE>1</CCSTMTTRNRS></CREDITCARDMSGSRSV1></OFX>

which suggests that the ID verification email trigger was tripped by the GnuCash connection. That Chase doesn’t have the mentioned message in my secure message center suggests that Chase picked a really stupid day to flip the switch on a security “enhancement”. The language of the message “go to your bank’s website” suggests that Chase may have subcontracted their online OFX/QFX connection management. OTOH, since Chase kept Bank One’s QFX infrastructure after they bought Bank One, it’s hard to tell what their scope or intent are.

Dave
--
Dave Reiser
[hidden email]







_______________________________________________
gnucash-user mailing list
[hidden email]
https://lists.gnucash.org/mailman/listinfo/gnucash-user
-----
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
Reply | Threaded
Open this post in threaded view
|

Re: Issue downloading transactions from Chase

David Carlson-4
In reply to this post by Matt Kowske

   
The banks that I do business with have 'secure message centers' that users can access from inside the Web page.  I suspect that is where the instructions  are, which might be some way to effect 'out-of-band' validation of authenticity.   It will be interesting to hear how this gets resolved. 
David C


Sent via the Samsung Galaxy S® 5 ACTIVE™, an AT&T 4G LTE smartphone

-------- Original message --------
From: David Reiser <[hidden email]>
Date: 11/26/2015  12:34 PM  (GMT-06:00)
To: Matt Kowske <[hidden email]>
Cc: GnuCash-User List <[hidden email]>
Subject: Re: Issue downloading transactions from Chase

> On Nov 26, 2015, at 11:19 AM, Matt Kowske <[hidden email]> wrote:
>
> On 11/26/2015 09:19 AM, John Ralls wrote:
>>> On Nov 26, 2015, at 5:04 AM, Matt Kowske <[hidden email]> wrote:
>>>
>>> Hello all,
>>>
>>> I have a Chase credit card that I have hooked up via AQBanking to d/l
>>> transactions to GnuCash and it has been working no problem for a long
>>> time. I recently received an e-mail informing me:
>>>
>>> /
>>> / /*"The first time you access your accounts after November 25*// using
>>> Personal Financial Management (PFM) software such as Quicken//®// or
>>> QuickBooks//®// we will ask you to confirm your identity. //
>>> //
>>> //We'll send instructions to your Chase Online//SM// //Inbox in the
>>> Secure Message Center upon login to your PFM software. You will need to
>>> sign in to chase.com on your computer to view the instructions and
>>> complete the steps."/
>>>
>>> When I try to d/l transactions in GnuCash, the login fails now:
>>>
>>> Status for signon request: Code 15510, severity "ERROR"
>>> Status for transaction statement request: Signon invalid (Code 15500,
>>> severity "ERROR")
>>> The user cannot signon because he or she entered an invalid user ID or
>>> password.
>>>
>>> So, does anyone know how I might "confirm my identify" with GnuCash? I
>>> can find nothing on their website as to how to do this... I will contact
>>> Chase support as well.
>> Is there access to the “secure message center” from the website? The email implies that the access is from within the financial software and GnuCash doesn’t have that capability.
>>
>> Regards,
>> John Ralls
>>
> Yes, but that message is sent only after connecting with Quicken/MS
> Money. I don't have that message yet in my Secure Messsage Center
> because I don't have the software to connect with.

The ofx.log for my attempt to download Chase transactions includes:

<OFX><SIGNONMSGSRSV1><SONRS><STATUS><CODE>15510<SEVERITY>ERROR
<MESSAGE>Please verify your identity within the next 7 days.
Using your desktop computer, go to your bankís website and
visit the Secure Message Center for instructions.</STATUS>
<DTSERVER>20151126132101.390[-5:EST]<LANGUAGE>ENG<FI><ORG>B1<FID>10898</FI></SONRS>
</SIGNONMSGSRSV1><CREDITCARDMSGSRSV1><CCSTMTTRNRS>
<TRNUID>20151126132057.000<STATUS><CODE>15500<SEVERITY>ERROR</STATUS>
<CLTCOOKIE>1</CCSTMTTRNRS></CREDITCARDMSGSRSV1></OFX>

which suggests that the ID verification email trigger was tripped by the GnuCash connection. That Chase doesn’t have the mentioned message in my secure message center suggests that Chase picked a really stupid day to flip the switch on a security “enhancement”. The language of the message “go to your bank’s website” suggests that Chase may have subcontracted their online OFX/QFX connection management. OTOH, since Chase kept Bank One’s QFX infrastructure after they bought Bank One, it’s hard to tell what their scope or intent are.

Dave
--
Dave Reiser
[hidden email]







_______________________________________________
gnucash-user mailing list
[hidden email]
https://lists.gnucash.org/mailman/listinfo/gnucash-user
-----
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
_______________________________________________
gnucash-user mailing list
[hidden email]
https://lists.gnucash.org/mailman/listinfo/gnucash-user
-----
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
Reply | Threaded
Open this post in threaded view
|

Re: Issue downloading transactions from Chase

randix
In the "let's pile on the topic but not really add much new value" category... (sorry, too much stuffing)

1. I too have a Chase card, Sapphire Preferred, never had an issue downloading transactions through GnuCash

2. I got the same email in question from Chase

3. As of today, no transactions are downloaded yet I do see by going to the website that new ones have been cleared, but I do not receive any type of error message in GnuCash

4. Yes, the Chase site does indeed have a secure message area, but no, there are no messages yet received from Chase

Hoping that when the sun rises tomorrow, it will be ok again (ok, I'm dreamin')
Reply | Threaded
Open this post in threaded view
|

Re: Issue downloading transactions from Chase

David G Hamblen-2

On 11/26/2015 08:08 PM, Steve wrote:

> In the "let's pile on the topic but not really add much new value"
> category... (sorry, too much stuffing)
>
> 1. I too have a Chase card, Sapphire Preferred, never had an issue
> downloading transactions through GnuCash
>
> 2. I got the same email in question from Chase
>
> 3. As of today, no transactions are downloaded yet I do see by going to the
> website that new ones have been cleared, but I do not receive any type of
> error message in GnuCash
>
> 4. Yes, the Chase site does indeed have a secure message area, but no, there
> are no messages yet received from Chase
>
> Hoping that when the sun rises tomorrow, it will be ok again (ok, I'm
> dreamin')
Me too, except that I never got any notification.  Downloading the qfx
files (2 cards) from the web site still works, although I had to tell GC
which account to use.


--
[hidden email]
home phone (207) 633-4342
Cell Phone (207) 350-0440

_______________________________________________
gnucash-user mailing list
[hidden email]
https://lists.gnucash.org/mailman/listinfo/gnucash-user
-----
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
Reply | Threaded
Open this post in threaded view
|

Re: Issue downloading transactions from Chase

Matt Kowske


On 11/27/2015 06:34 AM, David G Hamblen wrote:

>
> On 11/26/2015 08:08 PM, Steve wrote:
>> In the "let's pile on the topic but not really add much new value"
>> category... (sorry, too much stuffing)
>>
>> 1. I too have a Chase card, Sapphire Preferred, never had an issue
>> downloading transactions through GnuCash
>>
>> 2. I got the same email in question from Chase
>>
>> 3. As of today, no transactions are downloaded yet I do see by going
>> to the
>> website that new ones have been cleared, but I do not receive any
>> type of
>> error message in GnuCash
>>
>> 4. Yes, the Chase site does indeed have a secure message area, but
>> no, there
>> are no messages yet received from Chase
>>
>> Hoping that when the sun rises tomorrow, it will be ok again (ok, I'm
>> dreamin')
> Me too, except that I never got any notification.  Downloading the qfx
> files (2 cards) from the web site still works, although I had to tell
> GC which account to use.
>
>
I just got off the phone with someone in their online department and was
told they have a high priority ticket open right now about some
customers not receiving messages. I was told that we SHOULD be receiving
that message soon, as soon as the ticket is resolved and then will be
able to confirm identity and download transactions again.

_______________________________________________
gnucash-user mailing list
[hidden email]
https://lists.gnucash.org/mailman/listinfo/gnucash-user
-----
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
Reply | Threaded
Open this post in threaded view
|

Re: Issue downloading transactions from Chase

randix
Just an update...just talked to someone in Chase online support, and apparently the issue has not yet been resolved, he anticipates it will be "several more business days".  When it is resolved, we "should" be receiving a message in our secure inbox on the Chase site.

fyi and for whatever the heck it's worth...

S
Reply | Threaded
Open this post in threaded view
|

Re: Issue downloading transactions from Chase

David Bergum

> On Nov 30, 2015, at 15:40, Steve <[hidden email]> wrote:
>
> Just an update...just talked to someone in Chase online support, and
> apparently the issue has *not* yet been resolved, he anticipates it will be
> "several more business days".  When it is resolved, we "should" be receiving
> a message in our secure inbox on the Chase site.
>
> fyi and for whatever the heck it's worth…

Just as a data point, I use Gnucash for a business and iBank for a personal account.  I don't download anything from Chase in Gnucash.  However, my Chase Sapphire card transactions are downloading fine in iBank with no additional authentication.  I did get the email and expect something.  Maybe it is because i'm on the left side of the International Date Line?


David Bergum <[hidden email]>
℅ Leslie Small +64 22 028 1049 mobile
91a Kemp Road +1 218-206-2133 Skype
Kerikeri 0230 Northland NZ


_______________________________________________
gnucash-user mailing list
[hidden email]
https://lists.gnucash.org/mailman/listinfo/gnucash-user
-----
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
Reply | Threaded
Open this post in threaded view
|

Re: Issue downloading transactions from Chase

David Reiser-4

> On Nov 30, 2015, at 12:54 AM, David Bergum <[hidden email]> wrote:
>
>
>> On Nov 30, 2015, at 15:40, Steve <[hidden email]> wrote:
>>
>> Just an update...just talked to someone in Chase online support, and
>> apparently the issue has *not* yet been resolved, he anticipates it will be
>> "several more business days".  When it is resolved, we "should" be receiving
>> a message in our secure inbox on the Chase site.
>>
>> fyi and for whatever the heck it's worth…
>
> Just as a data point, I use Gnucash for a business and iBank for a personal account.  I don't download anything from Chase in Gnucash.  However, my Chase Sapphire card transactions are downloading fine in iBank with no additional authentication.  I did get the email and expect something.  Maybe it is because i'm on the left side of the International Date Line?
>
>
> David Bergum

Chase is being pretty bizarre on this one.

On Friday 11/20, I attempted to download transactions from a Chase Sapphire Preferred Visa account. OFX threw a 15500 error (related to authentication errors). However, transactions from a Freedom Visa card had no problems being accessed from the same credentials. On Saturday, I sent a secure message from inside the web account area to ask why a process that had been working for years was suddenly flakey. After 10 paragraphs of blithering in the answer, they said:

"Further, regarding the Direct Connect, I would like to
inform that protecting your account is a top priority to
us. That's why we suspended access to chase.com for some
services. You can try again later. And you can always
access chase.com directly to view your account
information.”

WTF? “I can try again later" is a security strategy??? Anyway, by Monday morning, both accounts were accessible through Gnucash.

Later Monday, I got 2 copies of the email about ‘action required’ after they disabled DirectConnect access on Thanksgiving (one for each set of login credentials).

On Thanksgiving, I tried to access a second Freedom account from a second set of credentials, and got the “no transactions found” dialog from Gnucash, but the ofx log showed:

<OFX><SIGNONMSGSRSV1><SONRS><STATUS><CODE>15510<SEVERITY>ERROR
<MESSAGE>Please verify your identity within the next 7 days.
Using your desktop computer, go to your bankís website and
visit the Secure Message Center for instructions.</STATUS>
<DTSERVER>20151126zzzzzz.yyy[-5:EST]<LANGUAGE>ENG<FI><ORG>B1<FID>10898</FI></SONRS>
</SIGNONMSGSRSV1><CREDITCARDMSGSRSV1><CCSTMTTRNRS>
<TRNUID>20151126222222.000<STATUS><CODE>15500<SEVERITY>ERROR</STATUS>
<CLTCOOKIE>1</CCSTMTTRNRS></CREDITCARDMSGSRSV1></OFX>

I gave them until Friday before calling the online account support folks. It took about 20 minutes to get to the same explanation others have related here.

But I also sent a message via the “We’re Listening” link in the online account area complaining that it was a complete failure on Chase’s part to turn on a seemingly completely untested security change on the first day of an extended holiday. After an extra round of “we need more information before we can help…”, part of their response included:

"In the meantime, we'll need
to have you contact our Consumer Online Tech Support team
so that they can manually generate your Activation Code
for you to enter on your side. Once this code is entered,
your identity is verified and you can begin using the
Direct Connect feature with your Personal Financial
Management software.”

I haven’t tried to take them up on the offer yet because I figure it’ll take a long time and at least 3 reps before someone will accept that a Chase employee actually said that. Then I’d need accurate instructions on how to enter the code (and where). I’d rather wait for written instructions on that.

Since then, the Sapphire and Freedom accounts on the first set of credentials are not blocked, but the Freedom card that had the problem still does.

Chase programmers (or the Chase subcontractor programmers) are incompetent, and the Chase project managers are worse.

6 days, and no sign of the promised secure message. Idiots.

Dave
--
Dave Reiser
[hidden email]





_______________________________________________
gnucash-user mailing list
[hidden email]
https://lists.gnucash.org/mailman/listinfo/gnucash-user
-----
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
Reply | Threaded
Open this post in threaded view
|

Re: Issue downloading transactions from Chase

Matt Kowske
On 12/02/2015 10:43 PM, David Reiser wrote:

>
> Chase is being pretty bizarre on this one.
>
> On Friday 11/20, I attempted to download transactions from a Chase Sapphire Preferred Visa account. OFX threw a 15500 error (related to authentication errors). However, transactions from a Freedom Visa card had no problems being accessed from the same credentials. On Saturday, I sent a secure message from inside the web account area to ask why a process that had been working for years was suddenly flakey. After 10 paragraphs of blithering in the answer, they said:
>
> "Further, regarding the Direct Connect, I would like to
> inform that protecting your account is a top priority to
> us. That's why we suspended access to chase.com for some
> services. You can try again later. And you can always
> access chase.com directly to view your account
> information.”
>
> WTF? “I can try again later" is a security strategy??? Anyway, by Monday morning, both accounts were accessible through Gnucash.
>
> Later Monday, I got 2 copies of the email about ‘action required’ after they disabled DirectConnect access on Thanksgiving (one for each set of login credentials).
>
> On Thanksgiving, I tried to access a second Freedom account from a second set of credentials, and got the “no transactions found” dialog from Gnucash, but the ofx log showed:
>
> <OFX><SIGNONMSGSRSV1><SONRS><STATUS><CODE>15510<SEVERITY>ERROR
> <MESSAGE>Please verify your identity within the next 7 days.
> Using your desktop computer, go to your bankís website and
> visit the Secure Message Center for instructions.</STATUS>
> <DTSERVER>20151126zzzzzz.yyy[-5:EST]<LANGUAGE>ENG<FI><ORG>B1<FID>10898</FI></SONRS>
> </SIGNONMSGSRSV1><CREDITCARDMSGSRSV1><CCSTMTTRNRS>
> <TRNUID>20151126222222.000<STATUS><CODE>15500<SEVERITY>ERROR</STATUS>
> <CLTCOOKIE>1</CCSTMTTRNRS></CREDITCARDMSGSRSV1></OFX>
>
> I gave them until Friday before calling the online account support folks. It took about 20 minutes to get to the same explanation others have related here.
>
> But I also sent a message via the “We’re Listening” link in the online account area complaining that it was a complete failure on Chase’s part to turn on a seemingly completely untested security change on the first day of an extended holiday. After an extra round of “we need more information before we can help…”, part of their response included:
>
> "In the meantime, we'll need
> to have you contact our Consumer Online Tech Support team
> so that they can manually generate your Activation Code
> for you to enter on your side. Once this code is entered,
> your identity is verified and you can begin using the
> Direct Connect feature with your Personal Financial
> Management software.”
>
> I haven’t tried to take them up on the offer yet because I figure it’ll take a long time and at least 3 reps before someone will accept that a Chase employee actually said that. Then I’d need accurate instructions on how to enter the code (and where). I’d rather wait for written instructions on that.
>
> Since then, the Sapphire and Freedom accounts on the first set of credentials are not blocked, but the Freedom card that had the problem still does.
>
> Chase programmers (or the Chase subcontractor programmers) are incompetent, and the Chase project managers are worse.
>
> 6 days, and no sign of the promised secure message. Idiots.
>
> Dave
> --
> Dave Reiser
> [hidden email]
>
Thanks for doing the legwork! I feel your frustration. I am in the same
boat. I get the authentication error, but my ofx.log shows the message
about needing to verify my account in the next 7 days. I also have not
received any message on how to do this. Please keep us updated if you
hear back.
_______________________________________________
gnucash-user mailing list
[hidden email]
https://lists.gnucash.org/mailman/listinfo/gnucash-user
-----
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
Reply | Threaded
Open this post in threaded view
|

Re: Issue downloading transactions from Chase

William Starrs
In reply to this post by Matt Kowske
Hi,

I've been battling this same issue.  Constant rejection from Chase saying
that the username or password are incorrect and no help from customer
service.

I had switched from Quicken 2013 last year to GnuCash but installed it
last night in a VM and connected to Chase.  It worked.  I then got the
email in the Secure Message center which took me to a website where I
clicked a button and it said all was good.  Quicken was then able to
connect and download transactions without issue.

I then went right back to GnuCash and tried to connect but got the same
rejection.  The AppID and Version were the same in the OFX settings, but
there has to be something else that Quicken is doing which AqBanking is
not.  Looks like Chase is requiring something specific that identifies
Quicken specifically.  There was some kind of token generated that I
accepted from the secure message.  Perhaps this was generated by something
specific in the Quicken OFX request?

I have the OFX log from Quicken and will compare it to AqBanking to see
what else may be different.  I'm no expert in OFX however, if someone more
experienced would like to analyze after I scrub my account info out let me
know.

Best regards,

Bill Starrs

_______________________________________________
gnucash-user mailing list
[hidden email]
https://lists.gnucash.org/mailman/listinfo/gnucash-user
-----
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
Reply | Threaded
Open this post in threaded view
|

Re: Issue downloading transactions from Chase

David Reiser-4

> On Dec 4, 2015, at 9:04 AM, Bill Starrs <[hidden email]> wrote:
>
> Hi,
>
> I've been battling this same issue.  Constant rejection from Chase saying
> that the username or password are incorrect and no help from customer
> service.
>
> I had switched from Quicken 2013 last year to GnuCash but installed it
> last night in a VM and connected to Chase.  It worked.  I then got the
> email in the Secure Message center which took me to a website where I
> clicked a button and it said all was good.  Quicken was then able to
> connect and download transactions without issue.
>
> I then went right back to GnuCash and tried to connect but got the same
> rejection.  The AppID and Version were the same in the OFX settings, but
> there has to be something else that Quicken is doing which AqBanking is
> not.  Looks like Chase is requiring something specific that identifies
> Quicken specifically.  There was some kind of token generated that I
> accepted from the secure message.  Perhaps this was generated by something
> specific in the Quicken OFX request?
>
> I have the OFX log from Quicken and will compare it to AqBanking to see
> what else may be different.  I'm no expert in OFX however, if someone more
> experienced would like to analyze after I scrub my account info out let me
> know.
>
> Best regards,
>
> Bill Starrs
>

Success!

Your comment that Quicken works led me indirectly to:
https://fi.intuit.com/support/security/ffiec/ <https://fi.intuit.com/support/security/ffiec/> and
https://fi.intuit.com/support/security/ffiec/MFA_FAQ_&_%20Refernce_%20Guide.doc <https://fi.intuit.com/support/security/ffiec/MFA_FAQ_&_%20Refernce_%20Guide.doc>

Back around 2008, I looked very hard, with no success, to find the information that Intuit has since published in the FAQ (second link above). That FAQ was last edited 2 years ago, but I haven’t been looking lately because none of my banks had been locking me out.

The current change results from Chase implementing Multi Factor Authentication for DirectConnect sessions by insisting that any Quicken-like software be able to supply a <CLIENTUID> tag as part of the login attempt. Martin supplied the capability in aqbanking by the end of 2008, but Intuit wasn’t providing any public help about how they were implementing it. The FAQ above provides enough of that information to get Gnucash reconnected to Chase accounts.

The key features are that aqbanking has to use “103” as the Header Version for its ofx connections, and it has to send a ClientUID.

The Header Version is on the Application Settings tab available while editing a User definition in an AqBanking Setup session accessed from Gnucash’s Tools>Online Banking Setup… menu.

The Client UID entry box is in the User Settings tab in the same Edit User dialog in banking setup. It has been a long time since I set up a new bank account for aqbanking, but reading some of aqbanking’s git log messages, aqbanking may offer the option of generating a ClientUID while you’re defining the user in the first place. For established accounts, it’s probably easier to find any old UUID generator and paste the results into that box in the Edit User dialog.

Because Intuit specifically says that Quicken sends a 32 character ASCII representation of a hexadecimal number, I’m almost certain that you have to delete the customary hyphens that show up in most uuidgen output. I also made my ClientUID lower case for any of the letters, based on someone else’s observations that their bank was requiring lower case. I have no idea if lower case is required, but it worked for me.

What happens with the connection is that the first time Chase sees an ofx header version 103 connection with a ClientUID that hasn’t been associated with your account, it will let you download transactions, but it fires off the ‘action required’ email to the address associated with your account, telling you to visit the Secure Message Area in your account page on the web. For me that outside email appeared approximately 3 seconds after I had connected. In that secure message, there’s a link that jumps to a verification web page (and Chase has pasted in your one-time authentication PIN) where all you have to do is click Next. There was some kind of successful completion page displayed.

Since completing the authentication process, I have been able to download transactions from my formerly blocked account from both 2.4.15 and 2.6.9 gnucash versions. They both use the same aqbanking user data, so chase just thinks I’ve logged in from the same app multiple times.

If I’m reading Chase’s tea leaves correctly, after February 15, you won’t get any grace period — you’ll have to authenticate before you can access any transaction data. It looks like the authentication PINs will expire in 7 days, now and in the future. If you go beyond 7 days (or maybe if you launch several attempts to log in without authenticating) it looks like Chase’s system will keep generating new PINs for each attempted login. Their mail message mentions you have to be sure to use the most recent PIN if you have received several secure messages regarding authentication.

The FAQ mentions that DirectConnect servers have to be at version 103 in order to implement MFA via ClientUID. In the Quicken realm all versions that haven’t been locked out of DirectConnect for failure to pay Intuit’s upgrade tax already use header version 103. Servers using version  103 are not required to use ClientUID, but 102 and earlier server versions are unable to use UIDs.

If you have already logged into a Chase account with Quicken and authenticated your ID, you might have to call Chase and have them clear your authentication. Intuit suggests that banks allow at least 2 valid ClientUID’s per account. But the banks can do what they want. Intuit also suggests that implementation of ClientUIDs be invisible to the user (#ChaseFail). Quicken stores the ClientUID in the data file, and at least in Quicken 2013 provided no way to see the number. The ClientUID was also redacted from the Quicken ofx logs, at least when I looked. Because the ClientUID is stored in the data file, you don’t have to update your authentication when you upgrade Quicken. The good news there is that GnuCash users might be able to use their authenticated ClientUID essentially forever (at least until Quicken’s potential new owner changes something else).

I hope I’ve found a general solution to the problem.

Dave
--
Dave Reiser
[hidden email]





_______________________________________________
gnucash-user mailing list
[hidden email]
https://lists.gnucash.org/mailman/listinfo/gnucash-user
-----
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
Reply | Threaded
Open this post in threaded view
|

Re: Issue downloading transactions from Chase

David G Hamblen-2


On 12/04/2015 08:46 PM, David Reiser wrote:

>> On Dec 4, 2015, at 9:04 AM, Bill Starrs <[hidden email]> wrote:
>>
>> Hi,
>>
>> I've been battling this same issue.  Constant rejection from Chase saying
>> that the username or password are incorrect and no help from customer
>> service.
>>
>> I had switched from Quicken 2013 last year to GnuCash but installed it
>> last night in a VM and connected to Chase.  It worked.  I then got the
>> email in the Secure Message center which took me to a website where I
>> clicked a button and it said all was good.  Quicken was then able to
>> connect and download transactions without issue.
>>
>> I then went right back to GnuCash and tried to connect but got the same
>> rejection.  The AppID and Version were the same in the OFX settings, but
>> there has to be something else that Quicken is doing which AqBanking is
>> not.  Looks like Chase is requiring something specific that identifies
>> Quicken specifically.  There was some kind of token generated that I
>> accepted from the secure message.  Perhaps this was generated by something
>> specific in the Quicken OFX request?
>>
>> I have the OFX log from Quicken and will compare it to AqBanking to see
>> what else may be different.  I'm no expert in OFX however, if someone more
>> experienced would like to analyze after I scrub my account info out let me
>> know.
>>
>> Best regards,
>>
>> Bill Starrs
>>
> Success!
>
> Your comment that Quicken works led me indirectly to:
> https://fi.intuit.com/support/security/ffiec/ <https://fi.intuit.com/support/security/ffiec/> and
> https://fi.intuit.com/support/security/ffiec/MFA_FAQ_&_%20Refernce_%20Guide.doc <https://fi.intuit.com/support/security/ffiec/MFA_FAQ_&_%20Refernce_%20Guide.doc>
>
> Back around 2008, I looked very hard, with no success, to find the information that Intuit has since published in the FAQ (second link above). That FAQ was last edited 2 years ago, but I haven’t been looking lately because none of my banks had been locking me out.
>
> The current change results from Chase implementing Multi Factor Authentication for DirectConnect sessions by insisting that any Quicken-like software be able to supply a <CLIENTUID> tag as part of the login attempt. Martin supplied the capability in aqbanking by the end of 2008, but Intuit wasn’t providing any public help about how they were implementing it. The FAQ above provides enough of that information to get Gnucash reconnected to Chase accounts.
>
> The key features are that aqbanking has to use “103” as the Header Version for its ofx connections, and it has to send a ClientUID.
>
> The Header Version is on the Application Settings tab available while editing a User definition in an AqBanking Setup session accessed from Gnucash’s Tools>Online Banking Setup… menu.
>
> The Client UID entry box is in the User Settings tab in the same Edit User dialog in banking setup. It has been a long time since I set up a new bank account for aqbanking, but reading some of aqbanking’s git log messages, aqbanking may offer the option of generating a ClientUID while you’re defining the user in the first place. For established accounts, it’s probably easier to find any old UUID generator and paste the results into that box in the Edit User dialog.
>
> Because Intuit specifically says that Quicken sends a 32 character ASCII representation of a hexadecimal number, I’m almost certain that you have to delete the customary hyphens that show up in most uuidgen output. I also made my ClientUID lower case for any of the letters, based on someone else’s observations that their bank was requiring lower case. I have no idea if lower case is required, but it worked for me.
>
> What happens with the connection is that the first time Chase sees an ofx header version 103 connection with a ClientUID that hasn’t been associated with your account, it will let you download transactions, but it fires off the ‘action required’ email to the address associated with your account, telling you to visit the Secure Message Area in your account page on the web. For me that outside email appeared approximately 3 seconds after I had connected. In that secure message, there’s a link that jumps to a verification web page (and Chase has pasted in your one-time authentication PIN) where all you have to do is click Next. There was some kind of successful completion page displayed.
>
> Since completing the authentication process, I have been able to download transactions from my formerly blocked account from both 2.4.15 and 2.6.9 gnucash versions. They both use the same aqbanking user data, so chase just thinks I’ve logged in from the same app multiple times.
>
> If I’m reading Chase’s tea leaves correctly, after February 15, you won’t get any grace period — you’ll have to authenticate before you can access any transaction data. It looks like the authentication PINs will expire in 7 days, now and in the future. If you go beyond 7 days (or maybe if you launch several attempts to log in without authenticating) it looks like Chase’s system will keep generating new PINs for each attempted login. Their mail message mentions you have to be sure to use the most recent PIN if you have received several secure messages regarding authentication.
>
> The FAQ mentions that DirectConnect servers have to be at version 103 in order to implement MFA via ClientUID. In the Quicken realm all versions that haven’t been locked out of DirectConnect for failure to pay Intuit’s upgrade tax already use header version 103. Servers using version  103 are not required to use ClientUID, but 102 and earlier server versions are unable to use UIDs.
>
> If you have already logged into a Chase account with Quicken and authenticated your ID, you might have to call Chase and have them clear your authentication. Intuit suggests that banks allow at least 2 valid ClientUID’s per account. But the banks can do what they want. Intuit also suggests that implementation of ClientUIDs be invisible to the user (#ChaseFail). Quicken stores the ClientUID in the data file, and at least in Quicken 2013 provided no way to see the number. The ClientUID was also redacted from the Quicken ofx logs, at least when I looked. Because the ClientUID is stored in the data file, you don’t have to update your authentication when you upgrade Quicken. The good news there is that GnuCash users might be able to use their authenticated ClientUID essentially forever (at least until Quicken’s potential new owner changes something else).
>
> I hope I’ve found a general solution to the problem.
>
> Dave
> --
> Dave Reiser
> [hidden email]
>
>
>
>
>
> _______________________________________________
> gnucash-user mailing list
> [hidden email]
> https://lists.gnucash.org/mailman/listinfo/gnucash-user
> -----
> Please remember to CC this list on all your replies.
> You can do this by using Reply-To-List or Reply-All.
Seems to work for me.  On Ubuntu I created a UUID in a terminal with
uuidgen.  One can probably edit ~/.aqbanking/settings/users/<xxx.conf>
directly, but I used the wizard.

It always takes me a while to find where the aqbanking settings are
within gnucash; so here it is.

Start Tools/Online Banking Setup, Forward, Start AqBanking Wizard, Edit
User, User Settings, then paste the UUID.

Then in the same Edit User dialog, select Application Settings, and set
the Header version to 103.

I then downloaded some data (not all), so I then logged onto the web
site (www.chase.com), read the secure message and activated the
account.  Now it's working.  We'll see how long it lasts :-(


_______________________________________________
gnucash-user mailing list
[hidden email]
https://lists.gnucash.org/mailman/listinfo/gnucash-user
-----
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
Reply | Threaded
Open this post in threaded view
|

Re: Issue downloading transactions from Chase

William Starrs
In reply to this post by David Reiser-4
Dave,

This worked like a champ!  It looks like Chase will allow at least 2 UID's
because the following got me up and running in just a few minutes:


   1. Generated a Version 4 UUID here:
   https://www.uuidgenerator.net/version4
   2. Entered it in my user settings in the aqbanking wizard - without the
   dashes
   3. Changed the Header version to 103 (was 102)
   4. Connect and instant success!  Transactions and balance downloaded
   with no error messages in log.

Also at least within the last 5 minutes there are no new authentication
messages in the secure inbox.  Appears to be smooth sailing from here.

Thank you very much for your assistance.

Bill


On Fri, Dec 4, 2015 at 8:46 PM David Reiser <[hidden email]> wrote:

>
> On Dec 4, 2015, at 9:04 AM, Bill Starrs <[hidden email]> wrote:
>
> Hi,
>
> I've been battling this same issue.  Constant rejection from Chase saying
> that the username or password are incorrect and no help from customer
> service.
>
> I had switched from Quicken 2013 last year to GnuCash but installed it
> last night in a VM and connected to Chase.  It worked.  I then got the
> email in the Secure Message center which took me to a website where I
> clicked a button and it said all was good.  Quicken was then able to
> connect and download transactions without issue.
>
> I then went right back to GnuCash and tried to connect but got the same
> rejection.  The AppID and Version were the same in the OFX settings, but
> there has to be something else that Quicken is doing which AqBanking is
> not.  Looks like Chase is requiring something specific that identifies
> Quicken specifically.  There was some kind of token generated that I
> accepted from the secure message.  Perhaps this was generated by something
> specific in the Quicken OFX request?
>
> I have the OFX log from Quicken and will compare it to AqBanking to see
> what else may be different.  I'm no expert in OFX however, if someone more
> experienced would like to analyze after I scrub my account info out let me
> know.
>
> Best regards,
>
> Bill Starrs
>
>
> Success!
>
> Your comment that Quicken works led me indirectly to:
> https://fi.intuit.com/support/security/ffiec/ and
>
> https://fi.intuit.com/support/security/ffiec/MFA_FAQ_&_%20Refernce_%20Guide.doc
>
> Back around 2008, I looked very hard, with no success, to find the
> information that Intuit has since published in the FAQ (second link above).
> That FAQ was last edited 2 years ago, but I haven’t been looking lately
> because none of my banks had been locking me out.
>
> The current change results from Chase implementing Multi Factor
> Authentication for DirectConnect sessions by insisting that any
> Quicken-like software be able to supply a <CLIENTUID> tag as part of the
> login attempt. Martin supplied the capability in aqbanking by the end of
> 2008, but Intuit wasn’t providing any public help about how they were
> implementing it. The FAQ above provides enough of that information to get
> Gnucash reconnected to Chase accounts.
>
> The key features are that aqbanking has to use “103” as the Header Version
> for its ofx connections, and it has to send a ClientUID.
>
> The Header Version is on the Application Settings tab available while
> editing a User definition in an AqBanking Setup session accessed from
> Gnucash’s Tools>Online Banking Setup… menu.
>
> The Client UID entry box is in the User Settings tab in the same Edit User
> dialog in banking setup. It has been a long time since I set up a new bank
> account for aqbanking, but reading some of aqbanking’s git log messages,
> aqbanking may offer the option of generating a ClientUID while you’re
> defining the user in the first place. For established accounts, it’s
> probably easier to find any old UUID generator and paste the results into
> that box in the Edit User dialog.
>
> Because Intuit specifically says that Quicken sends a 32 character ASCII
> representation of a hexadecimal number, I’m almost certain that you have to
> delete the customary hyphens that show up in most uuidgen output. I also
> made my ClientUID lower case for any of the letters, based on someone
> else’s observations that their bank was requiring lower case. I have no
> idea if lower case is required, but it worked for me.
>
> What happens with the connection is that the first time Chase sees an ofx
> header version 103 connection with a ClientUID that hasn’t been associated
> with your account, it will let you download transactions, but it fires off
> the ‘action required’ email to the address associated with your account,
> telling you to visit the Secure Message Area in your account page on the
> web. For me that outside email appeared approximately 3 seconds after I had
> connected. In that secure message, there’s a link that jumps to a
> verification web page (and Chase has pasted in your one-time authentication
> PIN) where all you have to do is click Next. There was some kind of
> successful completion page displayed.
>
> Since completing the authentication process, I have been able to download
> transactions from my formerly blocked account from both 2.4.15 and 2.6.9
> gnucash versions. They both use the same aqbanking user data, so chase just
> thinks I’ve logged in from the same app multiple times.
>
> If I’m reading Chase’s tea leaves correctly, after February 15, you won’t
> get any grace period — you’ll have to authenticate before you can access
> any transaction data. It looks like the authentication PINs will expire in
> 7 days, now and in the future. If you go beyond 7 days (or maybe if you
> launch several attempts to log in without authenticating) it looks like
> Chase’s system will keep generating new PINs for each attempted login.
> Their mail message mentions you have to be sure to use the most recent PIN
> if you have received several secure messages regarding authentication.
>
> The FAQ mentions that DirectConnect servers have to be at version 103 in
> order to implement MFA via ClientUID. In the Quicken realm all versions
> that haven’t been locked out of DirectConnect for failure to pay Intuit’s
> upgrade tax already use header version 103. Servers using version  103 are
> not required to use ClientUID, but 102 and earlier server versions are
> unable to use UIDs.
>
> If you have already logged into a Chase account with Quicken and
> authenticated your ID, you might have to call Chase and have them clear
> your authentication. Intuit suggests that banks allow at least 2 valid
> ClientUID’s per account. But the banks can do what they want. Intuit also
> suggests that implementation of ClientUIDs be invisible to the user
> (#ChaseFail). Quicken stores the ClientUID in the data file, and at least
> in Quicken 2013 provided no way to see the number. The ClientUID was also
> redacted from the Quicken ofx logs, at least when I looked. Because the
> ClientUID is stored in the data file, you don’t have to update your
> authentication when you upgrade Quicken. The good news there is that
> GnuCash users might be able to use their authenticated ClientUID
> essentially forever (at least until Quicken’s potential new owner changes
> something else).
>
> I hope I’ve found a general solution to the problem.
>
> Dave
> --
> Dave Reiser
> [hidden email]
>
>
>
>
>
>
_______________________________________________
gnucash-user mailing list
[hidden email]
https://lists.gnucash.org/mailman/listinfo/gnucash-user
-----
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
Reply | Threaded
Open this post in threaded view
|

Re: Issue downloading transactions from Chase

David G Hamblen-2
Bill,

After my success, I got an email telling me to go to the secure inbox,
which I did, and things still work.

DaveH

On 12/05/2015 10:38 AM, William Starrs wrote:

> Dave,
>
> This worked like a champ!  It looks like Chase will allow at least 2 UID's
> because the following got me up and running in just a few minutes:
>
>
>     1. Generated a Version 4 UUID here:
>     https://www.uuidgenerator.net/version4
>     2. Entered it in my user settings in the aqbanking wizard - without the
>     dashes
>     3. Changed the Header version to 103 (was 102)
>     4. Connect and instant success!  Transactions and balance downloaded
>     with no error messages in log.
>
> Also at least within the last 5 minutes there are no new authentication
> messages in the secure inbox.  Appears to be smooth sailing from here.
>
> Thank you very much for your assistance.
>
> Bill
>
>
> On Fri, Dec 4, 2015 at 8:46 PM David Reiser <[hidden email]> wrote:
>
>> On Dec 4, 2015, at 9:04 AM, Bill Starrs <[hidden email]> wrote:
>>
>> Hi,
>>
>> I've been battling this same issue.  Constant rejection from Chase saying
>> that the username or password are incorrect and no help from customer
>> service.
>>
>> I had switched from Quicken 2013 last year to GnuCash but installed it
>> last night in a VM and connected to Chase.  It worked.  I then got the
>> email in the Secure Message center which took me to a website where I
>> clicked a button and it said all was good.  Quicken was then able to
>> connect and download transactions without issue.
>>
>> I then went right back to GnuCash and tried to connect but got the same
>> rejection.  The AppID and Version were the same in the OFX settings, but
>> there has to be something else that Quicken is doing which AqBanking is
>> not.  Looks like Chase is requiring something specific that identifies
>> Quicken specifically.  There was some kind of token generated that I
>> accepted from the secure message.  Perhaps this was generated by something
>> specific in the Quicken OFX request?
>>
>> I have the OFX log from Quicken and will compare it to AqBanking to see
>> what else may be different.  I'm no expert in OFX however, if someone more
>> experienced would like to analyze after I scrub my account info out let me
>> know.
>>
>> Best regards,
>>
>> Bill Starrs
>>
>>
>> Success!
>>
>> Your comment that Quicken works led me indirectly to:
>> https://fi.intuit.com/support/security/ffiec/ and
>>
>> https://fi.intuit.com/support/security/ffiec/MFA_FAQ_&_%20Refernce_%20Guide.doc
>>
>> Back around 2008, I looked very hard, with no success, to find the
>> information that Intuit has since published in the FAQ (second link above).
>> That FAQ was last edited 2 years ago, but I haven’t been looking lately
>> because none of my banks had been locking me out.
>>
>> The current change results from Chase implementing Multi Factor
>> Authentication for DirectConnect sessions by insisting that any
>> Quicken-like software be able to supply a <CLIENTUID> tag as part of the
>> login attempt. Martin supplied the capability in aqbanking by the end of
>> 2008, but Intuit wasn’t providing any public help about how they were
>> implementing it. The FAQ above provides enough of that information to get
>> Gnucash reconnected to Chase accounts.
>>
>> The key features are that aqbanking has to use “103” as the Header Version
>> for its ofx connections, and it has to send a ClientUID.
>>
>> The Header Version is on the Application Settings tab available while
>> editing a User definition in an AqBanking Setup session accessed from
>> Gnucash’s Tools>Online Banking Setup… menu.
>>
>> The Client UID entry box is in the User Settings tab in the same Edit User
>> dialog in banking setup. It has been a long time since I set up a new bank
>> account for aqbanking, but reading some of aqbanking’s git log messages,
>> aqbanking may offer the option of generating a ClientUID while you’re
>> defining the user in the first place. For established accounts, it’s
>> probably easier to find any old UUID generator and paste the results into
>> that box in the Edit User dialog.
>>
>> Because Intuit specifically says that Quicken sends a 32 character ASCII
>> representation of a hexadecimal number, I’m almost certain that you have to
>> delete the customary hyphens that show up in most uuidgen output. I also
>> made my ClientUID lower case for any of the letters, based on someone
>> else’s observations that their bank was requiring lower case. I have no
>> idea if lower case is required, but it worked for me.
>>
>> What happens with the connection is that the first time Chase sees an ofx
>> header version 103 connection with a ClientUID that hasn’t been associated
>> with your account, it will let you download transactions, but it fires off
>> the ‘action required’ email to the address associated with your account,
>> telling you to visit the Secure Message Area in your account page on the
>> web. For me that outside email appeared approximately 3 seconds after I had
>> connected. In that secure message, there’s a link that jumps to a
>> verification web page (and Chase has pasted in your one-time authentication
>> PIN) where all you have to do is click Next. There was some kind of
>> successful completion page displayed.
>>
>> Since completing the authentication process, I have been able to download
>> transactions from my formerly blocked account from both 2.4.15 and 2.6.9
>> gnucash versions. They both use the same aqbanking user data, so chase just
>> thinks I’ve logged in from the same app multiple times.
>>
>> If I’m reading Chase’s tea leaves correctly, after February 15, you won’t
>> get any grace period — you’ll have to authenticate before you can access
>> any transaction data. It looks like the authentication PINs will expire in
>> 7 days, now and in the future. If you go beyond 7 days (or maybe if you
>> launch several attempts to log in without authenticating) it looks like
>> Chase’s system will keep generating new PINs for each attempted login.
>> Their mail message mentions you have to be sure to use the most recent PIN
>> if you have received several secure messages regarding authentication.
>>
>> The FAQ mentions that DirectConnect servers have to be at version 103 in
>> order to implement MFA via ClientUID. In the Quicken realm all versions
>> that haven’t been locked out of DirectConnect for failure to pay Intuit’s
>> upgrade tax already use header version 103. Servers using version  103 are
>> not required to use ClientUID, but 102 and earlier server versions are
>> unable to use UIDs.
>>
>> If you have already logged into a Chase account with Quicken and
>> authenticated your ID, you might have to call Chase and have them clear
>> your authentication. Intuit suggests that banks allow at least 2 valid
>> ClientUID’s per account. But the banks can do what they want. Intuit also
>> suggests that implementation of ClientUIDs be invisible to the user
>> (#ChaseFail). Quicken stores the ClientUID in the data file, and at least
>> in Quicken 2013 provided no way to see the number. The ClientUID was also
>> redacted from the Quicken ofx logs, at least when I looked. Because the
>> ClientUID is stored in the data file, you don’t have to update your
>> authentication when you upgrade Quicken. The good news there is that
>> GnuCash users might be able to use their authenticated ClientUID
>> essentially forever (at least until Quicken’s potential new owner changes
>> something else).
>>
>> I hope I’ve found a general solution to the problem.
>>
>> Dave
>> --
>> Dave Reiser
>> [hidden email]
>>
>>
>>
>>
>>
>>
> _______________________________________________
> gnucash-user mailing list
> [hidden email]
> https://lists.gnucash.org/mailman/listinfo/gnucash-user
> -----
> Please remember to CC this list on all your replies.
> You can do this by using Reply-To-List or Reply-All.

_______________________________________________
gnucash-user mailing list
[hidden email]
https://lists.gnucash.org/mailman/listinfo/gnucash-user
-----
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
Reply | Threaded
Open this post in threaded view
|

Re: Issue downloading transactions from Chase

William Starrs
In reply to this post by William Starrs
Actually took a bit but got another authentication message which I acted
on, connection is still working fine after that.

On Sat, Dec 5, 2015 at 10:38 AM William Starrs <[hidden email]>
wrote:

> Dave,
>
> This worked like a champ!  It looks like Chase will allow at least 2 UID's
> because the following got me up and running in just a few minutes:
>
>
>    1. Generated a Version 4 UUID here:
>    https://www.uuidgenerator.net/version4
>    2. Entered it in my user settings in the aqbanking wizard - without
>    the dashes
>    3. Changed the Header version to 103 (was 102)
>    4. Connect and instant success!  Transactions and balance downloaded
>    with no error messages in log.
>
> Also at least within the last 5 minutes there are no new authentication
> messages in the secure inbox.  Appears to be smooth sailing from here.
>
> Thank you very much for your assistance.
>
> Bill
>
>
> On Fri, Dec 4, 2015 at 8:46 PM David Reiser <[hidden email]> wrote:
>
>>
>> On Dec 4, 2015, at 9:04 AM, Bill Starrs <[hidden email]> wrote:
>>
>> Hi,
>>
>> I've been battling this same issue.  Constant rejection from Chase saying
>> that the username or password are incorrect and no help from customer
>> service.
>>
>> I had switched from Quicken 2013 last year to GnuCash but installed it
>> last night in a VM and connected to Chase.  It worked.  I then got the
>> email in the Secure Message center which took me to a website where I
>> clicked a button and it said all was good.  Quicken was then able to
>> connect and download transactions without issue.
>>
>> I then went right back to GnuCash and tried to connect but got the same
>> rejection.  The AppID and Version were the same in the OFX settings, but
>> there has to be something else that Quicken is doing which AqBanking is
>> not.  Looks like Chase is requiring something specific that identifies
>> Quicken specifically.  There was some kind of token generated that I
>> accepted from the secure message.  Perhaps this was generated by
>> something
>> specific in the Quicken OFX request?
>>
>> I have the OFX log from Quicken and will compare it to AqBanking to see
>> what else may be different.  I'm no expert in OFX however, if someone
>> more
>> experienced would like to analyze after I scrub my account info out let
>> me
>> know.
>>
>> Best regards,
>>
>> Bill Starrs
>>
>>
>> Success!
>>
>> Your comment that Quicken works led me indirectly to:
>> https://fi.intuit.com/support/security/ffiec/ and
>>
>> https://fi.intuit.com/support/security/ffiec/MFA_FAQ_&_%20Refernce_%20Guide.doc
>>
>> Back around 2008, I looked very hard, with no success, to find the
>> information that Intuit has since published in the FAQ (second link above).
>> That FAQ was last edited 2 years ago, but I haven’t been looking lately
>> because none of my banks had been locking me out.
>>
>> The current change results from Chase implementing Multi Factor
>> Authentication for DirectConnect sessions by insisting that any
>> Quicken-like software be able to supply a <CLIENTUID> tag as part of the
>> login attempt. Martin supplied the capability in aqbanking by the end of
>> 2008, but Intuit wasn’t providing any public help about how they were
>> implementing it. The FAQ above provides enough of that information to get
>> Gnucash reconnected to Chase accounts.
>>
>> The key features are that aqbanking has to use “103” as the Header
>> Version for its ofx connections, and it has to send a ClientUID.
>>
>> The Header Version is on the Application Settings tab available while
>> editing a User definition in an AqBanking Setup session accessed from
>> Gnucash’s Tools>Online Banking Setup… menu.
>>
>> The Client UID entry box is in the User Settings tab in the same Edit
>> User dialog in banking setup. It has been a long time since I set up a new
>> bank account for aqbanking, but reading some of aqbanking’s git log
>> messages, aqbanking may offer the option of generating a ClientUID while
>> you’re defining the user in the first place. For established accounts, it’s
>> probably easier to find any old UUID generator and paste the results into
>> that box in the Edit User dialog.
>>
>> Because Intuit specifically says that Quicken sends a 32 character ASCII
>> representation of a hexadecimal number, I’m almost certain that you have to
>> delete the customary hyphens that show up in most uuidgen output. I also
>> made my ClientUID lower case for any of the letters, based on someone
>> else’s observations that their bank was requiring lower case. I have no
>> idea if lower case is required, but it worked for me.
>>
>> What happens with the connection is that the first time Chase sees an ofx
>> header version 103 connection with a ClientUID that hasn’t been associated
>> with your account, it will let you download transactions, but it fires off
>> the ‘action required’ email to the address associated with your account,
>> telling you to visit the Secure Message Area in your account page on the
>> web. For me that outside email appeared approximately 3 seconds after I had
>> connected. In that secure message, there’s a link that jumps to a
>> verification web page (and Chase has pasted in your one-time authentication
>> PIN) where all you have to do is click Next. There was some kind of
>> successful completion page displayed.
>>
>> Since completing the authentication process, I have been able to download
>> transactions from my formerly blocked account from both 2.4.15 and 2.6.9
>> gnucash versions. They both use the same aqbanking user data, so chase just
>> thinks I’ve logged in from the same app multiple times.
>>
>> If I’m reading Chase’s tea leaves correctly, after February 15, you won’t
>> get any grace period — you’ll have to authenticate before you can access
>> any transaction data. It looks like the authentication PINs will expire in
>> 7 days, now and in the future. If you go beyond 7 days (or maybe if you
>> launch several attempts to log in without authenticating) it looks like
>> Chase’s system will keep generating new PINs for each attempted login.
>> Their mail message mentions you have to be sure to use the most recent PIN
>> if you have received several secure messages regarding authentication.
>>
>> The FAQ mentions that DirectConnect servers have to be at version 103 in
>> order to implement MFA via ClientUID. In the Quicken realm all versions
>> that haven’t been locked out of DirectConnect for failure to pay Intuit’s
>> upgrade tax already use header version 103. Servers using version  103 are
>> not required to use ClientUID, but 102 and earlier server versions are
>> unable to use UIDs.
>>
>> If you have already logged into a Chase account with Quicken and
>> authenticated your ID, you might have to call Chase and have them clear
>> your authentication. Intuit suggests that banks allow at least 2 valid
>> ClientUID’s per account. But the banks can do what they want. Intuit also
>> suggests that implementation of ClientUIDs be invisible to the user
>> (#ChaseFail). Quicken stores the ClientUID in the data file, and at least
>> in Quicken 2013 provided no way to see the number. The ClientUID was also
>> redacted from the Quicken ofx logs, at least when I looked. Because the
>> ClientUID is stored in the data file, you don’t have to update your
>> authentication when you upgrade Quicken. The good news there is that
>> GnuCash users might be able to use their authenticated ClientUID
>> essentially forever (at least until Quicken’s potential new owner changes
>> something else).
>>
>> I hope I’ve found a general solution to the problem.
>>
>> Dave
>> --
>> Dave Reiser
>> [hidden email]
>>
>>
>>
>>
>>
>>
_______________________________________________
gnucash-user mailing list
[hidden email]
https://lists.gnucash.org/mailman/listinfo/gnucash-user
-----
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
Reply | Threaded
Open this post in threaded view
|

Re: Issue downloading transactions from Chase

randix
In reply to this post by David Reiser-4
Works great, thank you very much!
Reply | Threaded
Open this post in threaded view
|

Re: Issue downloading transactions from Chase

Russell
This thread is a life-saver.  Thanks for all who made contributions to make this happen.