Brought to you by

Bank feeds for your credit cards

Posted 7 years ago in Xero news by Andrew Tokeley
Posted by Andrew Tokeley

Automatic bank feeds continue to be a huge hit and now credit card transactions too can appear, seamlessly in Xero.

This is another part of our integration with the Yodlee data gathering service. We now support bank feeds for credit cards from the big banks in Australia and New Zealand. If you’re in the UK or North America you’re likely to have this service already. The next (and final) step is to support banks that need multi-factor authentication, such as Bendigo Bank and Bank of America.

So in addition to supporting BNZ and Kiwibank, we now support these bank credit cards in New Zealand:  ANZ, ASB, National and Westpac. And in Australia: ANZ (prepaid and credit cards), NAB (personal credit cards) and Westpac. If this includes your bank, activate and enjoy!

Other great features in this release to check out are:

US friendly dates and zip codes –  A couple more updates to display US friendly dates and use US terminology.

Manual journals – CSV import –  Great for uploading journals from other systems.

Paypal improvements – PayPal feeds are now more reliable and have better information for bank reconciliation. Just be aware some changes may affect your bank rules.

API updates – You can now access and retrieve even more information via the API. Add draft manual journals, add inventory items, specify item codes on invoices, retrieve invoices in PDF format and retrieve responses in JSON format.

Answers for Developers – Share your ideas, help others and have your voice heard about future API features at our new answers site.

HandiLedger – GL export – This is for all you Australian accountants using Sage’s HandiLedger to prepare final accounts. You can now export your general ledger in the right format.

As always your feedback helps us prioritise the next features and improvements, and we know you’ve got lots of ideas so keep them coming.

See the full release notes here.


Elite Business Support
February 14, 2011 at 9.29 am

What about Barter Card, can we have bank feeds for these?

February 14, 2011 at 9.39 am

Looks good!

How about support for TSB Bank for Visa ?

February 14, 2011 at 9.59 am

Any auto download support planned for American Express in New Zealand from Xero? thanks

February 14, 2011 at 10.02 am

no bank feeds for the BNZ?

Philip Bridgen
February 14, 2011 at 10.07 am

What is the status of Kiwibank Mastercard, which isn’t in your list of banks/credit cards above?

February 14, 2011 at 10.15 am

Your help centre link says that clients will be required to give Yodlee their online banking login including their password. Banks require clients to keep their passwords to themselves. If the client’s bank account gets robbed for any reason presumably the bank will now have no obligation to the client?

Andrew Haynes
February 14, 2011 at 10.35 am

I’ve got an ANZ cred card feed going already, thanks Xero!

Andrew Tokeley
February 14, 2011 at 10.45 am

@Sol – TSB Credit Cards is being worked on but no timeframe available yet

@Shopping – Yodlee do not currently support the NZ American Express website. You could try logging in to the US version at,, if this works then selecting the American Express (US) option in Xero should work too.

Automated BNZ and Kiwibank credit card feeds are still available by filling out an authority form. Just select them within Xero, click on the “Get Bank Feeds” now button.

February 14, 2011 at 10.47 am


Andrew Tokeley
February 14, 2011 at 11.29 am

@Shaun – we already support automated BNZ (and Kiwibank) credit card feeds – but since you’re the second person to ask, I’m going to update the post!

February 14, 2011 at 11.57 am

We have CBA Credit Cards, and the post says that the big banks in Australia will be supported, but there is no green “get bank feeds” button next to our accounts ?!? Any help appreciated. cheers

Julie Russell
February 14, 2011 at 12.05 pm

Just keeps getting better and better – first credit card feed set up, working, and reconciled in under ten minutes. Thank you Xero!!

Andrew Tokeley
February 14, 2011 at 12.24 pm

@Dan – CBA Credit Cards requires multi-factor authentication (MFA), we are actively working on this at the moment and we hope to support MFA sources soon.

@Julie – thanks for stopping by and letting people know!

Andrew Tokeley
February 14, 2011 at 12.28 pm

@Elite Business Support – unfortunately there is no support for Barter Card

Wayne Robinson
February 14, 2011 at 12.46 pm

Great to hear about the new API features (especially the ability to download PDF invoices).

Xeroizier ( will be updated in the next week with all this new functionality.

Keep up the great work.

February 15, 2011 at 6.25 am

I also am concerned about the security for the credit cards, regardless of Yodlee maintaining high security giving out internet banking login details including passwords for my mind is a no no. Is there not a better way to access credit card data than by asking for a client’s internet banking login details. I can’t recommend this Yodlee function to client’s when it’s like this.

February 15, 2011 at 8.16 am

I love the idea of automatic cred card feeds, unfortunately have the same reservations in regards to posting my internet banking password online as Barbara and Ben. As far as I know it is not even legal. Is there another procedure get the feeds working?

February 15, 2011 at 9.16 am

I agree with Ben. As a long-time independent professional advisor I cannot ask a client for that information/use it on his/her behalf, as I am potentially putting that relationship at risk if anything were to go wrong, for whatever reason.

February 15, 2011 at 9.19 am

I should just add, different entirely of course if the client is actively using Xero him/herself and organises the download direct – then it is a personal decision

Trevor Rogan
February 15, 2011 at 10.31 am

that was so easy… I use RaboDirect and it would be great to have it set with them as well..

Wayne Robinson
February 15, 2011 at 2.51 pm

Unfortunately, until all banks offer services to push their statement data to Xero (the only way Xero got data before they started using Yodelee and still do for the banks that support it), there are no alternatives but to provide usernames/passwords to Yodelee to scrape this data from the bank’s Internet-banking product.

You have to realise that Yodelee doesn’t have partnerships with all the banks that they support, but rather they just pretend to be an end-user accessing the bank’s website.

Yodelee have A LOT of user’s bank account details. This is the company that provides the back-end access to sites like If there were a breach (which is unlikely) and they did have accounts stolen they would be obligated to tell you everyone about it and you could change your banking passwords (which is a good idea to do regularly anyway).

If you are worried about external transactions occurring without your permissions, it might be worthwhile contacting you bank and getting a RSA-like token that is required whenever you do an external transfer. This will limit the damage of someone stealing your bank account password to transfers within the same account group and accessing balance data.

If you are worried about your credit card being used to make fraudulent transactions, don’t be. Both Visa and Mastercard have excellent policies in place regarding the misuse of credit cards. If you notice fraudulent transactions, tell your bank. You are usually given the benefit of the doubt and monies are refunded. This accounts for a large portion of why merchant fees can be so high, especially in some product categories.

Of course, you always retain the option of being able to download the statements from your bank yourself and can upload them as required.

Andrew Tokeley
February 15, 2011 at 3.38 pm

A couple of points around security and bank feeds – Xero has gone to great lengths to ensure the security of these Yodlee bank feeds. Xero itself does not store any of your internet banking credentials, rather these are securely held only by Yodlee and used only to enable an entirely automated statement data gathering service. Yodlee themselves are a major provider of online banking solutions with more than 100 leading financial institutions and portals using Yodlee-powered solutions, serving millions of customers worldwide. Of course it is up to you to decide if you activate these feeds or recommend for your clients to do so, but we are confident that we have done everything we can to ensure these maintain Xero’s very high security standards. Going forward Xero will continue to work with banks to extend any existing partner (direct) bank feeds to also include credit card accounts where it is possible to do so.

February 16, 2011 at 6.19 am

Unfortunately I believe this problem lies more with the banking infrastructure being outdated, rather then with Xero/Yodlee. As much as I agree with the security concerns being described above, their really is no alternative until banking infrastructure gets out of the dark ages where commonly only one username/password is required to have FULL access to an online bank account. Until banks start to offer some sort of role based system where you can provide someone like your accountant (or a service like Xero) read only access to your data, this will continue to be a problem.

Regardless, I personally look forward to using the feature once MFA is supported. I am logged into Xero far more often then I am logged into my Bank Account. This in itself will give me far better notice of fraudulent transactions as they will become present in my account without me lifting a finger rather then having to login to yet another system regularly. Can’t wait Xero!

February 16, 2011 at 2.13 pm

I have been trying to activate bank feed for my Natwest Business Credit Card in UK since the feeds were introduced over 3 months ago, But I keep getting a message telling me I am entering wrong credentials, which I am not. Been submitting several support tickets, first I got a standard reply telling me it’s Yodlee’s fault, recently my tickets are not even answered! Sorry guys if you boast about a feature and you wanna blog about its success, acknowledge and fix the bugs when they are there. I am an otherwise very happy user of Xero Business since over two years ago, please fix the feed!

February 17, 2011 at 1.39 pm

The press release/blog which says visa feeds for the National Bank are available is only half the truth. The feeds only work for National Bank personal credit cards, the business online banking feeds are not activated yet. This should be made clear.

Anne Stephenson
February 19, 2011 at 5.18 pm

I got my business creit card up & running in no time, plus reconciled. Superb. I go into Xero on a daily basis, so if there are any fraudulent transactions, I’ll be able to pick them up really quickly. And I’d expect Yodlee would be able to notify me faster than that if their security has been breached. Quite agree thant banks have to get into the 21st century! And I know the NZ banking system is more advanced than other parts of the world.

Kalle Pokkinen
February 23, 2011 at 10.36 am

I don’t understand why you at Xero seem to be taking the contract we all have with the banks so lightly. I called up National bank to verify the understanding I had from their terms and conditions and got the confirmation I was after: If we knowingly provide the username and password to online banking to anyone we are in breach of the Terms & Conditions we have with the bank and as a result the bank is no longer liable for any transactions that take place against the account.

I genuinely don’t understand why you don’t have a big warning about this with the Yodlee setup instructions and actually I find it very irresponsible from you to even provide this service in the first place.

If you can’t do it right you should not be doing it at all. Your customers should be able to trust that the service you are offering does not expose them to unnecessary risks and stating that it is the customers choice if they want to use this or not is not good enough, especially when you don’t clearly state what the consequence is of using this service and hence breaking the agreement between the customer and the bank.



Gary Turner Xero
February 24, 2011 at 2.29 am

Hi Kalle – thanks for the comment.

We extensively validated Yodlee and its security prior to integrating it as we take our obligations on security seriously, as you might expect.

Yodlee has become so popular (as the de facto banking industry account aggregator if not a de jure one) due to the fact that a significant majority of the US banking community, including American Express and HSBC, has long since deployed Yodlee inside their own customer facing banking portals.

If the extensive measures that Yodlee takes to protect and secure sensitive data have proven to good enough to satisfy some of the world’s most discerning and largest financial institutions, we calculated that it therefore ought to be good enough for Xero and our customers.

There is a disconnect between what some financial institutions advise customers at street level and what they are happy to endorse at board level when they deploy Yodlee for their own systems. We hope that these internal conflicts flatten themselves out eventually and that all banks and credit card providers one day move to provide discrete feeds of their own – possibly based upon a shared standard – to which we’ll gladly and enthusiastically subscribe as we have with a number of direct bank feeds already. Until then Yodlee is that solution, however inelegant it may be.

We’ve never disguised our partnership with Yodlee and we don’t believe that the trust placed in Xero by its customers will be compromised by its integration.

February 24, 2011 at 6.37 am


I appreciate your comments yet I don’t think you really address Kalle’s concerns. Her main point is that knowingly giving out internet banking login details breaches bank terms & conditions and thus invalidates any claim one might try to make against them for fraudulent activity. I would also hazard a guess that VISA and Mastercard would also invalidate credit card claims once they found out that banking details were given out knowingly. I have spoken to quite a few people about this system (clients included) and all have voiced the same security concerns. I have no doubt Xero would not enter into an agreement that it thought breached the security of it’s customers but the fact remains that NZ banks will see giving out internet banking details as a breach of terms & conditions and as such I think that at the very least Xero needs to put up a warning to it’s customers prior to signing up for Yodlee feeds so they know what they are doing, otherwise the day may come where a Xero customer may hold Xero liable for losses from fraudulent transactions because the bank won’t honour the fraudulent transaction and you didn’t fully inform the consumer.

Gary Turner Xero
February 24, 2011 at 7.17 am

Ben – thanks for the feedback, I’ll pass it on.

February 24, 2011 at 4.40 pm

I agree with many of the comments above – when I saw that the yodlee feed need the internet banking and log in I was surprised. This information should not be given out and I can’t recommend the auto feeds to my clients for that reason. Some banks allow accountants or bookkeepers to have “viewing only” access to bank accounts with no access to funds…has anyone investigated this as a possibility? i.e. setting up a separate internet log in and password for the accountant with view only access and giving this to yodlee? That would be a bit safer…at least it would limit fraud…

February 26, 2011 at 4.01 am

I just heard back from my bank up here in Canada and they confirmed that this would violate the terms of my banking agreement and therefore I’d be liable for any fraudulent transactions.

@Gary – does Xero have a response other then you take security seriously? Security does not seem to be the issue, rather the fact that if we do automatic bank feeds it violates a clients existing agreement with a bank.

I agree with comments above that Xero should provide some sort of warning about this as some people will just not be aware. Big fan of your product Xero, but surprised this is being taken so lightly.

March 30, 2012 at 10.26 am

We have just tried to get automatic bankfeeds for ASB Business Credit Cards but have been sent this message from Xero:

“While Yodlee have integrated with ASB to provide automated feeds for their credit card accounts available through personal online banking, the bank feeds for their credit card accounts available through business online banking are not yet supported.
If you do have a business account which isn’t visible within personal online banking, you may be able to obtain a feed for this by contacting your bank to see if they can arrange for this to be shown.
However, we’ve recorded the name of your bank and we’ll work with Yodlee to extend their service to cover the most popular of any business accounts not yet available.
You can however still manually import bank statement lines into Xero via our importer – please click on the link to our Help Centre below to read more on this.
Xero Help Centre: Manually import a statement
If there’s anything else we can help you with please let us know.”

Does this mean i have to import the credit cards manually?

New Zealand Bank
April 19, 2012 at 2.24 am

Thats a great news from New Zealand bank, and must say i gained much pieces of information.

October 5, 2012 at 4.30 pm

I also just spoke to my bank and they said if you do that, you are in breach of our terms and conditions. ” For obvious security reasons I would not disclose the password to anyone, as this is too great a risk giving them access to all of your bank accounts, funds and personal information.”

I’m glad I now have that clarified from my bank but I’m disappointed that Xero have failed on this point, from an ethical point of view (i.e. no warning given anywhere) and from a service point of view. Back to manual statement imports!

Rod Drury Xero
October 5, 2012 at 7.40 pm

@Sol we’ve been absolutely open about Yodlee since we started. For example.

Ideally the banks should provide a clean API for providers like Xero to connect to or provide direct feeds. Many don’t.

We’re comfortable working with Yodlee but each person can make their own decision. After 2 years plus we haven’t had any security issues.

Many banks themselves use Yodlee.

Hope that clarifies.


November 23, 2012 at 6.37 pm

How do add/apply for your (Australian based) Credit Cards to feed into Xero? Is there a specific form to initialise this? Any assistance greatly appreciated.

Trehan Stenton
May 30, 2013 at 2.56 pm

Is it possible to get bank feeds from American Express Credit Cards here in Australia now? And if so – is it easy to set up like the other major four banks for CC’s?

Matt Vickers
May 30, 2013 at 3.34 pm

Hi @Trehan, a credit card feed for American Express via Yodlee. Yes, it is easy to set up like other credit card feeds.

Phillip Tse
August 7, 2014 at 12.13 am

Is a feed from American Express available for New Zealand? What about Diners Club?

March 12, 2015 at 7.01 am

How is live bank feeds imported in Xero , i am using xero from last 3 years and refering the same to some of my customer they want to know the working behind this . Please help.

December 15, 2016 at 4.17 pm

Hello @Rod Drury (nice to have received a reply from the top man himself).

Some time has passed and I wanted to know if there have been any improvements / movements? It does not appear so – because still, as of today, in my dashboard, it tells me Yodlee needs your user/pass to be able to continue……

I really don’t want to use Yodlee as it is arguably highyl insecure (just reading today (Dec 15th 2016) about Yahoo announcing 1 billion accounts got hacked – so please don’t go on about how safe Yodlee is….. If I have to provide my username and password to a third party like that, I might as well just choose admin / admin and turn off two factor security while I am at it).

My bank (TSB / Visa) says – “We strongly advise against you providing login / password credentials to any third party. ” It is 1) in breach of their terms and conditions, and 2) it is highly insecure because you do not know how those credentials will be stored.”

Now, I know this is a controversial issue and I also read what Yodlee have written about themselves and their product, but the plain truth is – if I, as a user, get hacked and the bank then subsequently discovers I gave out my username and password, I am in the poo.

@Rod – yes ideally a bank will provide clean APIs – and since some years have passed, I am really keen to hear how Xero has progressed with this issue – I know it’s a complex one, but if you can, please provide us an update.

For the time being (and the last few years), I will stick to manual statement imports. It’s not that I am super paranoid, but more that I don’t want to break the terms of my bank’s agreement (by divulging passwords!)

Thank you

Leave a reply

Your email address will not be published. Required fields are marked *