Overview

This article describes the process for establishing a bank connection when two conditions are simultaneously true:

1. MasterCard/Finicity aggregation is unable to retrieve bank statements for the institution.
2. The bank is actively blocking LedgerSync's cloud infrastructure (AWS/Google Cloud IP addresses), preventing a direct Premium Bank Connection from being established through the standard flow.

Because the bank rejects connections from cloud-hosted IP addresses, the solution requires using the LedgerSync Desktop App to route the connection through a local machine's IP address, which the bank does not block.

Root Cause

Problem 1 - MasterCard aggregation unavailable: The bank is not supported or is too difficult for MasterCard/Finicity to service via standard aggregation.

Problem 2 - Credentials held by end user: Only the account holder has the bank login credentials; they must be entered directly.

Problem 3 - Cloud IP blocking: The bank's security systems detect and block connection attempts originating from AWS and Google Cloud IP ranges, which are used by LedgerSync's hosted infrastructure. Connections must instead originate from a trusted local IP address.

Solution Summary

The workaround is a two-step process:

Step 1: Have the account holder add their credentials through the Premium Bank Connection flow. The connection will fail, but this saves the credentials securely in the LedgerSync database.

Step 2: Run the bank connection from a local machine using the LedgerSync Desktop App. The bank will issue a multi-factor authentication token to the account holder, which is then entered to complete registration of the local machine.

Step-by-Step Process

Phase 1: Save Credentials via Premium Bank Connection

1. Invite the account holder to LedgerSync.
2. Ask the account holder to click the Add Bank Connection button within LedgerSync.
3. Instruct them to select Premium Bank Connection.
4. Have them search for and select the bank.
5. Have the account holder enter their bank credentials and submit.
6. The connection will fail. This is expected. The credentials are now saved in the LedgerSync database. Proceed to Phase 2.

Phase 2: Complete Connection via LedgerSync Desktop App

7. Open the LedgerSync Desktop App on your local machine.
8. Initiate the bank connection for the account from within the Desktop App. The connection will now route through your local machine's IP address.
9. The bank will prompt for a multi-factor authentication token. Contact the account holder and ask them to provide the token code sent to them by the bank.
10. Enter the token code when prompted.
11. The local machine is now registered with the bank. The connection should run successfully going forward.

Notes

MasterCard escalation: If this bank becomes supportable via MasterCard statement aggregation in the future, this workaround would no longer be necessary. Check with the aggregation team on the status of the bank before initiating this process.

Token requirement: The MFA token is only required on first connection from a given machine. Once the machine is registered, subsequent runs will not require a new token.

Coordination required: This process requires real-time coordination with the account holder for the MFA token step. Confirm availability before beginning Phase 2.