I’m (trying to be) on the Android beta, but it keeps telling me a system issue has occurred when I’m putting my phone number in. 
1 Like
I rather like the excluded transactions to be err, excluded.
1 Like
As I say, I’d like the option to show or hide on the main transaction feed.
1 Like
Sorry if this has already been covered, but how come none of my banks show that Emma is connected to my account through data sharing? Is Emma not using the open banking scheme perhaps.
Emma has never claimed to be using the open banking it uses screen scraping to get the information and has been very open about this
2 Likes
I may have missed it, but I couldn’t find that information on their website. Furthermore they mention TrueLayer and APIs which has obviously led me to incorrectly assume open banking was being used.
It does concern me that I can’t revoke this access at my bank without changing my log in details.
Hi Peter, this is probably an ad blocker or proxy you are using. It has nothing to do with the beta. 
1 Like
Hi Osm,
internal transfers can still be accessed from the Analytics (2 clicks from opening the app) and single accounts. All transactions is a summary of the good stuff, we have had numerous complaints about a bazillion of internal paypal transfers and other things that to be really honest are a bit irrelevant; so we have decided to keep the main feed clean from this type of transfers.
I understand you don’t like the change, but most of our users want to see expenses, not how much they move around their accounts. If 5 internal tranfers clutter the information and prevent the user from finding unwanted charges or things that shouldn’t be there, it’s counterproductive.
1 Like
Hi Dave,
we are registered with the FCA, don’t violate the bank’s terms and are read only. Open Banking is just a protocol they are working on - nothing compulsory. At this point, it doesn’t add any value to us or our users. It’s a nice word, but poorly executed. That’s why we have no interest to adopt it, at least for another year.
Hi Edoardo,
Thanks for your reply to my concern. So where are my account log in details actually stored? In the app, or on servers somewhere in the “cloud” or both?
They are encrypted and stored on TrueLayer’s servers and we (Emma) have the keys to decrypt them; but to be really honest, you should be more scared to walk around the street. It’s not possible to lose any money via us or any other aggregator app.
I think dismissing concerns in that way is a poor answer. If you have the ability to access my log in details in a way that I use them, then potentially someone could access my account and in some cases could perform money transfers.
Clearly I was wrong, and that’s my fault. I assumed the details were being used one time only to get a token from my bank to allow you access, and that it could be revoked there.
1 Like
In order to do that, they need to perform:
- The best hack in the history of the internet (compromise our system and truelayer at the same time).
- Login to your account without your bank noticing anything.
- Transfer some cash to a list of payee you have set.
- Get arrested.
Number of incidents due to scraping in 15 years -> 0.
Number of £ stolen every year due to credit card fraud -> Millions.
Technically speaking, it’s easier to hack your bank right away. Why would I want to go through this? It’s just stupid.
If your developers can write an app that can decrypt the data so that it can log in and get details of transactions, then your developers can access my account details (and so could others). That’s all it takes.
I’m not sure what point two or four on your list have got to do with the ability to at least cause me hassle in getting the transfers reversed?
It’s probably in your terms of service that this is what happens, and as I’ve already said that’s my fault for not reading them properly.
Can I ask what happens to the data if I delete a bank account from the app?
Everything gets deleted and your point above doesn’t make any sense, but I am not going to debate any further. I have already explained to you that what you are stating is impossible; so whatever.
1 Like
I’m sorry that you feel my concern doesn’t make any sense. I’m not being awkward, I am just trying to understand better what happens and as you can provide definitive answers I was hoping that you could explain better or provide me with some link to this information on your website.
My entire point was that I didn’t intended to give a third-party permanent access to my bank login details, and I realise now that these apps work in more than one way, and I need to be careful to find out how they are working before I sign up.
Thanks for your contribution though, at least I have some of the answers I was looking for.
1 Like
Thanks. That’s useful. And do you have an equivalent page on your own website regarding how you decrypt the data and ensure that nobody can access the data in an unauthorised manner (after all, you are the ones with the keys)? 
1 Like
No, we don’t.
Hey @edo1493,
I think there’s possibly a knowledge gap between what you know to be true, and what some of us know (we don’t know anywhere near enough about TrueLayer or anything else).
So to the uneducated (me), @dave.b’s point makes sense and absolutely reasonable.
To you, it looks crazy (given what you know).
I use EMMA, and think you guys have done a great job with development since it launched - But I guess the “security” element will always be the biggest concern.
Have you considered doing a few blogs on exactly how it works? Or is there then a risk of someone seeing it, and trying to circumnavigate your systems?
With all the hacks you see online, I don’t think anyone can be 100% confident with online services - Every year, the “greatest hack ever” happens.
Perhaps it’s not something that can easily be explaianed to someone without a solid technical understanding of the systems.
But it might help these types of questions.
5 Likes