BankThink

Security Must Be First Priority in Screen-Scraping Debate

Customers love innovative ways to help them manage their money, and banks are among the companies finding ways to make this added convenience happen, both in-house and by partnering with fintech firms. However, when it comes to consumers' most sensitive financial data, it's what is underneath slick customer interfaces that matters most.

Banks fully support data access and are working to ensure their customers can share their financial data safely, including by building secure portals for data transmission. This is not as easy as flipping a switch, as some have suggested. First, there is a lot of coordination that needs to happen and banks and fintech companies must address the important issues of security, transparency and control.

Start with security. Consumers deserve bank-level security and protection regardless of where they choose to share their data. Today, 86% of consumers trust banks to securely manage their data, compared to just 2% who trust consumer technology companies, according to an Accenture survey. There is a reason for this: banks have strict rules, strong oversight and a solid track record of protecting customer data.

Today, common practice requires consumers to surrender their username and password to third-party providers in order to share their data. This practice introduces significant risks to consumers who often unknowingly forfeit key protections.

Would you give the key to your front door to someone without knowing when and how many times he would come into your home, what he could do when inside or how he would protect the key from thieves? Of course not. This scenario is no different from customers giving up their bank credentials to third parties — allowing them to log in to their most sensitive financial accounts.

When customers give up these login credentials they — often unknowingly — introduce real risks. This is why many aggregators limit their own liability and put that risk on the consumer. Moreover, many consumers don't realize that some aggregators require consumers to grant them limited power of attorney, giving the company authority to move money and make account changes. Hidden dangers like these are where the story often falls short about customer protection, particularly from the data aggregators.

Second, consumers must have transparency about how companies are using their financial data. It should be clear to consumers what data a fintech company is accessing, how long the company is holding this data and in what way it is using the data. Aggregators often collect far more data than is necessary to provide the service offered. Additionally, aggregators may sell or trade this information in ways customers don't realize.

Third, consumers should have control over the access and use of their data. Customers should have control over what data is shared and how their data is used. Today, when a consumer forfeits their login credentials, data aggregators typically have access to their full account data for an unlimited time period. Instead, consumers should have intuitive control that allows them to easily view who is authorized to receive their data, modify what access they have and revoke that access when a service is no longer used. If consumers can easily control what data is being accessed, they can better understand what is being used and why.

Whether it's your home or your financial accounts, access must be provided in a way that is secure, transparent and gives you control. After all, we introduce risk of misuse and data breaches, which can have serious consequences for consumers, any time data is shared. These risks are manageable, but only if we address them head on.

Clearly, there is a better way forward than handing over bank credentials to third-party services. The entire industry must come together and address these issues. The good news is that we all share the common goal of providing innovative services in a safe and secure environment.

By fairly addressing both the opportunities and risks, we have the ability to give consumers innovative services that they can trust. Just as you would think carefully about who you would let walk into your home, customers need security, transparency and control to unlock the true potential of fintech and take charge of their financial future.

Rob Morgan is vice president of emerging technologies at the American Bankers Association. He can be reached on Twitter @RobAMorg.

For reprint and licensing requests for this article, click here.
Bank technology Law and regulation Fintech Digital banking Mobile banking
MORE FROM AMERICAN BANKER