How payments are driving banks to confront data-sharing dilemmas

In the tug-of-war between banks and third parties over who controls access to customer account data, payments are primed to play a key role as banks start to take action and regulators begin to weigh in.

What began a decade ago with third-party data aggregators tapping bank account data to power personal financial management tools like Mint has rapidly accelerated and diversified, spurred in large part by payments technology.

P2P transfers for products like Venmo and bill payment services are among the top reasons third-party aggregators ping banks’ servers to gather data, and real-time payments technology is similarly expected to lean on data-sharing for B2B and other use cases.

“Large or small, payments increasingly are the front door to the totality of the relationship any customer or organization has with a financial institution, and data-sharing will be closely connected to payments as they evolve,” said Zach Aron, banking and capital markets payments leader at Deloitte.

Regulators also are eyeing the role of payments as they shape policies around data sharing. In a recent bulletin, the Office of the Comptroller of the Currency provided some basic security guidelines for banks working either with third parties to support mobile payments or fintechs to extend payments to underbanked consumers.

Though there are no federal rules yet for data sharing, the need is clear.

A tipping point came late last year when PNC took a stance against unfettered third-party access to bank data by blocking Plaid, a major data aggregator, from automatically verifying PNC customers’ new Venmo accounts.

PNC's top concern with Plaid and certain other third-party aggregators was potential security threats as a result of screen-scraping, when data aggregators use consumers’ login credentials to broadly capture bank customers' account data. The risk of inconveniencing customers by forcing them to manually verify new Venmo accounts outweighed the potential fraud risk, according to PNC.

Other banks shared PNC’s concerns about third-party data sharing. Last month, they joined forces to acquire Akoya, a data-sharing platform Fidelity launched that will act as a bridge between financial institutions and data recipients, including fintechs and data aggregators.

The company is jointly owned by Fidelity along with The Clearing House Payments Co. and 11 large banks including PNC, Bank of America, Citi and U.S. Bank. It uses APIs to restrict third parties to extracting only specific data for defined use cases, to enhance privacy and security.

TD Bank, one of Akoya’s new co-owners, sees the acquisition as a breakthrough toward standardizing data aggregation for the benefit of all parties.

Barry Baird, TD Bank's head of payments capability and delivery at TD Bank, said Akoya enables banks to narrow third-party access to necessary data only. “The customer might be OK with granted access to the kitchen or the living room, but probably not the bathroom or the bedroom," Baird said.

Bloomberg News

Akoya is only one of several examples where TD Bank is maintaining control over the role its products — including payments — play in emerging financial services scenarios, he said.

“With Akoya we’re establishing a single set of APIs everyone can share, that fintechs can access, which will open up new opportunities for each participant. We’ll look for ways to do the same thing in sharing data for evolving real-time payments, which will radically improve our capabilities,” Baird said.

Jack Henry & Associates isn't among Akoya's owners, but the bank technology platform provider is in discussions with Akoya about leveraging its platform, said Tede Forman, group president for consumer and commercial payments at Jack Henry.

One of Jack Henry’s greatest areas of concern with data sharing has been with third-party bill payment providers that use screen-scraping techniques, Forman said.

“Data aggregation has always been a challenge for maintaining scalability and reliability, and we’d like to get rid of screen-scraping and use API-based approaches or direct integrations to share data whenever it’s necessary,” Forman said.

To modernize data-sharing for online bill payment services, Jack Henry is looking at various new approaches. One example is Mastercard’s evolving Bill Pay Exchange service, currently in pilot with a range of partners including ConEd, Aliaswire and Transactis.

“The solution Mastercard is rolling out provides a direct integration with a biller that could produce a PDF of, say, a utility bill with no data-aggregation,” Forman said.

Jack Henry has also been working for several years with Inlet, a partnership between Broadridge Financial Solutions and Pitney Bowes, to build direct integrations with different biller platforms for online bill payment services.

“I think we’re going to see more and more solutions emerging for specific use cases where data needs to be shared,” Forman said.

By leaning in to data-sharing initiatives and partnering with fintechs, financial institutions of all sizes are more likely to protect their turf and enhance their overall operations, Deloitte’s Aron said.

“Open banking and data sharing may seem threatening to some banks, but there’s nothing that precludes a bank from owning the experience. A bank can own and design the way it partners with third parties, so it remains the gatekeeper and trusted advisor to the consumer,” Aron said.

For reprint and licensing requests for this article, click here.
APIs P-to-P payments Compliance Online banking Online payments
MORE FROM AMERICAN BANKER