Topic: Integrity of the Directory

I'm curious what validation happens when sites are submitted to this directory? How do you ensure that a fake ofx server isn't inserted into the list?

I'd love to use the API to grab the full list of banks, but I also don't want to expose my customers to have their bank passwords intercepted.

Re: Integrity of the Directory

That is a valid question.  There are a few things we do:

1) Check that the submitted URL responds with a valid OFX response
2) Check that the URL has a valid certificate, generally with verisign
3) Check that the certificate is who they say they are

This system is not fool proof but it is better than a lot of things out there.  Prior to OFX Home I came across OFX server information on blogs or on publicly edited wikis.  I think this is a vast improvement.

Jesse