The main alleged weakness is the lack of two-factor authentication by Ocean Bank. While I am not sure that this places all of the blame in Ocean’s hands, and I think that Patco should be at least partially responsible for their losses if it is found that their own systems were compromised, a victory by the plaintiff in this case could set an interesting precedent to financial institutions who have not implemented strong authentication mechanisms in their online services. Banks and credit unions – take note! However, a victory by the defendant will likely send a very different signal, more to the tune of “If you bank online, you take your chances.” Small businesses and individuals – take note!

This week’s Data Security Podcast also has an excellent interview with the attorney who filed the suit on behalf of Patco.

Think about it for a minute and this makes perfect sense. Many of my clients frequently ask “why would anyone come after me? I don’t have anything anyone would want.” If you’ve ever watched a good heist movie (Ocean’s 11, the Italian Job, Heat, Heist, etc.) you can get an idea of what a massive “bank job” entails (at least, in Hollywood). That having been said, it’s a lot easier to simply forge an email to someone within a company using a tactic known as “spear phishing,” where the sender fools the recipient into divulging information in some way. The Post continues:

… the scammers … send a targeted e-mail to the company’s controller or treasurer, a message that contains either a virus-laden attachment or a link that — when opened — surreptitiously installs malicious software designed to steal passwords. … the crooks then initiate a series of wire transfers, usually in increments of less than $10,000 to avoid banks’ anti-money-laundering reporting requirements.

While laws protect consumers from fraudulent charges on their credit cards, similar legislation does not protect bank accounts, and generally, once the money’s gone, it’s gone, as is illustrated in this paragraph from the article:

In February, fraudsters struck JM Test Systems, an electronics calibration company in Baton Rouge. According to … the company’s controller… an unauthorized wire transfer of $45,640 was sent from JM Test’s account to a bank in Russia. … [JM Test] was able to recover just $7,200 of the stolen money…

All small businesses should ensure that everyone with access to any sort of financial information on their computers or online has gone through basic “safe browsing” and social engineering awareness training to ensure that they do not accidentally give away the keys to the kingdom.

I don’t know about the current Quicken for Macintosh, but last I checked, it did not use the same file format as the Windows version. This means if I create a file in Quicken, and want to use it on a Mac, I need to manually export every account (checkbook, investment, savings, loan, etc.) one at a time, and import it into the Mac version. Then, if I decide to go back to Windows, I need to do the same thing in the other direction. This is obviously not a fun or quick and easy process, so moving back and forth is not an option. If, for instance, you have a Mac and a Windows machine at home, and want to share the finances, you can’t easily do this with Quicken.

Another consistent annoyance is Quicken is bloated and slow. It frequently will hang and the window will strobe constantly, as if the focus is changing back and forth between two panels in the program. During this time, it is completely useless, and will often hang for several minutes, forcing me to terminate the program and restart it.

Intuit updates the software every year, and takes steps to make you have to upgrade, like disabling support for their older file format downloads from online banking institutions. However, they rarely add any new features that make it worth upgrading.

Finally, Quicken’s data file is prone to corruption. In the last year, mine got corrupted twice, forcing me to revert to a prior backup, losing a week or so worth of data on one occasion. That was the last straw.

Enter Moneydance. I first heard about Moneydance from Chess Griffin‘s Linux Reality podcast. Moneydance immediately appealed to me because it is available for Mac, PC, and Linux. Furthermore, all three editions share the same file format, so I could use Moneydance on my Mac, my Linux workstation, or my Windows desktop to do my finances, and not be tied to any one.

I was able to download a trial version from the Moneydance website, and install it in a few minutes. Immediately, I noticed that Moneydance loads more quickly than Quicken. Its interface is less flashy, and different from the one I’m used to with Quicken, but I was able to quickly learn my way around so that I could transfer my finances to it.

Moneydance supports the current QFX (Quicken 2005 or newer) file download type, as well as the older QIF import, which Quicken no longer supports. I exported all of my accounts from my credit union as of July 1, and reconciled them in Moneydance. A (very minor) glitch I saw here was that there was no way to “accept all” transactions – I had to click “accept” to each and every transaction as I imported them. Given that I was importing a month’s worth of transactions from three accounts, this took a while.

Another small quirk is that Moneydance assigns a default category to every transaction. For some reason, it chose “ATM Withdrawl” as mine (probably because it was alphabetically first in line), so everything I imported was an “ATM Withdrawl.” I had to go through and change categories on them to things like healthcare, groceries, aikido, etc.

Moneydance, with several accounts’ information loaded, uses around 10MB of memory. Quicken, on the other hand, took up nearly 80MB of memory just to load.

Moneydance also allows me to sort my registers by date ascending or descending – something Quicken never let me do. Amazing. Now I can look at my register side-by-side with my online banking statement in the same order!

One useful feature which Moneydance appears to lack is integration with larger financial institutions for automated downloads. Ameritrade, Bank of America, American Express, etc., all offer services to integrate Quicken with these and other institutions, making updating your accounts online very simple. Unfortunately, with Moneydance, this requires visiting the financial institution’s website and downloading files, or manually updating investment account balances. Given that I have to visit my local credit union’s site to download my statements anyway, this is not a huge inconvenience. However, updating my stock portfolios is proving to be a little more work than I had hoped.

In short, Moneydance is well worth the $39.99. It costs about the same as Quicken, runs on multiple platforms, chews up fewer resources, and lacks all of the bloat.