"The more I look at Facebook's authorization and reliance on open standards for encryption, and then compare to some existing bank credential code, I am fairly convinced that large fintech providers aren't necessarily doing any better job in physically coding and securing authorization than many of the social sites," he says. "Which means it is only a matter of time before we see larger scale breaches — all of it's testing our networks," he says. "I'm actually amazed we don't have more breaches that involve account data."
Regardless, bankers need to make those risk decisions for themselves, says Jim Marous, a senior vice president of corporate development at digital direct marketing agency New Control, and author of the Bank Marketing Strategy blog.
"I think this is all uncharted territory. It's one thing to have a small or a midsize bank overseas use Facebook sign-on or Twitter sign-on," he says. "But I think you move the needle exponentially when you talk about a large bank [in the U.S.] doing this where there is more risk."
An inquiry sent to Facebook's press office seeking comment was not immediately answered. A tweet sent to Twitter was not answered, either. An email sent to LinkedIn also received no response.