To my knowledge, ING Direct is the only major U.S. bank blocking third-party PFM access. But users can direct their PFM around the gate with a special "read-only" access code.
How it works
It’s not particularly easy to find, buried three levels deep in MyAccounts | Preferences | Access Code.
The default setting is Blocked, as you can see in the first screenshot below.
But once you find the page, it couldn’t be simpler to set up. Simply press the blue Create Access Code button in the upper right, and in a split second, you have created a read-only access code and opened your account to PFM access.
To change back, you merely click the "Block" button in upper right.
The only thing missing is an explanation of what to do with the Access Code. Is it the username or password? While that’s explained in an link from the first page, it’s not on the second page where you need it. (BTW, it’s the password).
The bank also confirmed the new code via email right away (third screenshot).
Access code main page (20 Oct 2011)
New access code
Note: OBR subscribers can access our previous reports on security at OnlineBankingReport.com (published in 1999, 2003, 2004, 2005, 2007 and 2008).