Data security

The use of one-time tokens has picked up steam in the past year, especially with merchant groups waiting for EMVCo to release specifications for a payment account reference.

Banks are checking vendors' security practices; Mnuchin appointment to Treasury put on hold as Democrats stall.

The long-running feud between banks and fintech companies over screen scraping is morphing into a more nuanced and important conversation about how to exchange consumers' financial data securely and fairly.

Recommendations for a framework to develop a "universal security baseline" to protect sensitive payment data at rest and in transit remains a key goal of the Federal Reserve faster payments initiative.

Facebook now lets users log in using a physical token. If banks gave consumers this option, it would strengthen the security of online accounts — or at least bolster their image.

As Facebook users increasingly deal with personal and payment data, the social media giant is turning to the Security Keys standard hosted through the Faster Identity Online Alliance for stronger authentication.

The deal points a way forward, not only to resolve the debate over screen scraping and ownership of customer data but to redefine banks' value proposition.

Customers of JPMorgan Chase will no longer have to surrender their bank credentials in order to use Intuit products like Mint, TurboTax or QuickBooks.

The breaches at large retailers and other companies are continuing, making it time to fully embrace a new authentication method.

A pair of technology entrepreneurs hopes the flexibility provided by mobile technology and open development tools can finally kill off the stale authentication method.