The two groups that oversee two of the most prominent used data-sharing standards — the Open Financial Exchange and the Financial Data Exchange — announced this week they are working together to harmonize them and make a single standard.
As the push for open banking gains ground in the U.S., banks and other parties that share information are under pressure to adopt similar standards that can resolve technical issues that crop up, including format, interoperability, security, privacy and liability.
But resolving the most common data-sharing standards is tricky. OFX, which started in 1997, uses tokenized authentication and is used by 7,000 financial institutions. But technology has changed significantly in the past 22 years.
“If you were to build OFX today, you’d build FDX,” said Don Cardinal, managing director of FDX, which is a subsidiary of the Financial Services Information Sharing and Analysis Center. (Cardinal recently came from Bank of America, where he worked for 23 years and co-chaired the FS-ISAC’s working group on data sharing.)
FDX supports restful application programming interfaces (APIs) and biometric authentication. Two million consumers use it; Cardinal expects 6 million will by year-end.
“That's with no mandate, that's just with market forces and people working together,” Cardinal said. “Unfortunately, we estimate there are probably 45 to 50 million credential pairs out there.”
Cardinal is referring to the common practice of screen scraping, where consumers give their online banking usernames and passwords to a third party so they can log in as the user and scrape their bank account data.
OFX has also evolved in the last 20 years. It’s not just used for sharing banking data, but also for sharing information from tax documents such as 1099s, according to Olivier Helleboid, vice president of product and engineering in the Financial Data Services unit at Intuit.
OFX and FDX are harmonizing their standards and closing the gaps on a few differences, to make FDX the standard. For many banks, OFX still works, so they may not rush to change. Most will upgrade when they’re doing a technology refresh anyway.
Why don’t more banks share data?
The concept of open banking and data sharing has existed for some time and is legally required in Europe, but a relatively small number of U.S. banks have embraced it.
“Because it is kind of a new concept, some folks are not sure what to make of it and are waiting to see what other people are doing,” said Cardinal. “There are some first movers, but others have not seen a lot of first-mover advantage. I think some folks have seen what's happened in Europe and think it's a government thing.”
Helleboid pointed out that as consumers use new apps, they want to be able to do more things with them.
“Customers don’t want to type anything,” he said. “They want all their accounts in there; their expectations increase all the time.”
The way Helleboid sees the future, consumers will be able to access all their data — bank data, payment data — in whatever application they choose. The data will be secure, shared only with consent, and there will be traceability.