Bank Connections, Data Access, and Connection Stability

Questions & Answers

Question 1

When a user opens an additional account (e.g., a new card under the same bank login), must the existing connection be deleted and re-added to include the new account?

Answer

Yes. This is the required process, and it is driven by bank-enforced security and privacy policies, not by LedgerSync.

When a bank connection is initially added, the user explicitly authorizes access to a specific set of accounts at that moment in time. The bank grants permissions only for those selected accounts, under one security session and one authorization agreement.

Key constraints:

• Banks do not allow permissions to be edited after the connection is established.

• A single login session cannot later be modified to include newly opened accounts.

• Allowing post-authorization edits would violate bank privacy rules and existing contractual agreements (particularly with card networks).

If a user has both personal and business accounts under one login, and only authorizes business accounts during setup, the bank will not permit changes later. To include additional accounts, the connection must be deleted and re-authorized so the user can explicitly approve the full set of accounts again.

Exception:
Some banks (for example, Chase) support pre-authorization during setup. This allows future accounts under the same login to be shared automatically. This capability is determined entirely by the bank and is not available across all institutions.

Summary:
This behavior is mandated by bank policy. LedgerSync cannot override or modify bank-level authorization rules.

Question 2

Why are bank statements and check images obtained through separate connections, and will they ever be available through a single setup?

Answer

No. These data types cannot be combined into a single connection due to bank API limitations and market constraints.

Banks strictly control what their APIs expose:

• Some banks allow transaction aggregation and statement access only for specific account types or owners.

• Other banks restrict statement access entirely for certain branded cards due to third-party agreements.

• Check images are not supported by standard bank APIs.

Currently:

• There are only a small number of bank data providers in the market.

• None of them offer check image access through standard APIs.

• Banks are highly resistant to exposing check images due to security, cost, and infrastructure complexity.

As a result:

• Statement data and check images must be retrieved through separate connection methods.

• Each provider operates within a closed, bank-controlled API environment.

• LedgerSync cannot merge or bypass these systems.

Summary:
This limitation is industry-wide. There is no technical or contractual path today to combine these data sources into a single connection.

Question 3

Why do some bank connections periodically break and require user re-authentication, especially compared to more stable connections like Chase?

Answer

Connection stability depends on whether the bank uses a modern API or legacy access methods.

API-based connections (e.g., Chase, Bank of America):

• Built directly by the banks at significant cost.

• Typically break only when:

  • The user changes their password

  • Fraud is detected

  • The bank enforces periodic re-verification (usually every 6–12 months) to confirm continued consent

This re-verification is intentional and required to prevent banks from sending data indefinitely to unused or forgotten applications.

Legacy or screen-based connections:

• Access the bank’s website rather than a dedicated API.

• Are more likely to break due to:

  • Bank security changes

  • Anti-scraping measures

  • IP restrictions

• Banks are actively working to eliminate this access method in favor of APIs.

Over time, these connections are expected to migrate to API-based models, which significantly improves stability.

User Re-Authentication Process:
When re-authentication is required, the user receives a secure link (typically via text). The process takes approximately 30 seconds and remains valid for several days.

LedgerSync also supports bulk re-authentication workflows, allowing many users to be prompted simultaneously with minimal effort.

Summary:
Periodic re-authentication is a bank security requirement, not a system failure. While LedgerSync cannot prevent these requests, it provides streamlined tools to resolve them quickly.

Key Takeaways

• Account re-authorization is required due to bank privacy and permission rules.

• Bank statements and check images cannot be combined into a single connection.

• Connection interruptions are driven by bank security practices and access methods.

• LedgerSync operates within these constraints while optimizing the user experience as much as possible.