Just a few months ago, banks were howling with outrage over "screen scraping," an ugly term that describes how technologists can gather information about customer accounts from a bank's Web site on the customer's behalf but unbeknownst to the bank.
Customers can see all their own financial data--or even things like e-mail and frequent-flyer mileage accounts--from any number of institutions, all aggregated on one Web site. And these sites were run not by banks but by technology upstarts such as VerticalOne Corp. or Yodlee.com.
What a difference a summer makes. Since June, all of the nation's biggest banks and brokerages--and many smaller ones--have either announced deals, or are striking deals, to offer account aggregation services of their own. And who's providing the technology that makes these sites work? The very same upstarts.
Citigroup's MyCiti.com service was the first up and running, starting in late July, but Chase Manhattan Corp., Wells Fargo & Co., Merrill Lynch & Co. and Morgan Stanley Dean Witter & Co. have all gone public with their plans. Even First Union Corp., considered one of the financial industry's most vocal opponents of screen scraping, plans to launch an account aggregation service by the end of the year, although it will likely rely on other data-collection methods.
They're entering the market in response to the two biggest motivators for any established business: fear and greed.
Financial firms are clearly afraid of the new technology players--from the start-ups to such Internet establishment companies as Yahoo and America Online. They fear these non-financial companies will create a relationship that gets between them and their customers. They also fear the serious security threats that data-collection techniques like screen scraping pose to their own computer systems, so they want some say over how information gets transmitted.
And they also smell opportunity, if not for immediate payback through fees, then for longer-term riches. Knowing what savings, investments, credit cards and loans customers hold with competitors presents an enormous benefit for direct marketing and sales. And financial and non-financial firms alike see a host of new services they can attach to aggregation sites, from financial planning to automatic funds transfer.
Most of all, consumers seem to want to aggregate their accounts. Projections are that anywhere from 400,000 to 800,000 people will be using these kinds of services by the end of this year. That's not too many, but remember, the field is still new and the service has been available for only a year at most. Really, it's predictions of the potential market that have bankers in a tizzy.
In a report published at the end of May that many bankers say jarred them into moving quickly into aggregation, U.S. Bancorp Piper Jaffray's senior eFinance analyst, Stephen Franco, predicted that the number of users will hit an incredible 90 million over the next five years.
But despite bankers' new-found enthusiasm, they concede that a host of troubling questions still must be resolved. The most pressing issues revolve around customer privacy, the security of information from fraud and hackers, regulation (particularly of aggregators that aren't themselves financial firms) and liability when things go wrong.
"This is truly an area where the Internet is creating new business opportunities. Account aggregation is clearly something consumers want, and the technology is finally available," says Catherine A. Allen, chief executive of BITS, the technology-focused arm of the Financial Services Roundtable, the Washington-based industry group. "But it opens up all kinds of security concerns unless we create a business framework--boundaries around how this information is transmitted and used--to promise safety and security to customers."
Her organization is trying to create just such a framework, bringing together about 170 people at 60 financial firms, technology companies and regulatory agencies in a special committee with a handful of working groups dedicated to such topics as technology and standards, security, business practices and privacy. BITS held a forum on aggregation and screen scraping in June and will hold a second in early November, at which it plans to announce its first round of recommendations.
The issues must be tackled fast, because so many players have been rushing headlong into account aggregation. And the industry is moving beyond merely showing customers the balances and recent activity in their various financial accounts.
"The first version was very much a cut-and-paste model," says Todd Lesher, president and chief operating officer of Atlanta-based VerticalOne, the industry pioneer and a subsidiary of S1 Corp. "Very quickly, though, we see this as evolving into something much more dynamic."
Within months, aggregators plan to add functions such as performance charting and asset allocation analysis--programs that automatically tell customers how they're doing and how to make better use of their money, based on their own financial goals. That raises the bar for makers of personal financial management software--Intuit's Quicken and Microsoft Money--since their programs are essentially manual versions of what aggregators are automating.
The next step will be electronic fund transfers that would let customers move money among accounts at different institutions, although that's not likely to come for at least a year. If you include among aggregators electronic bill payment and presentment companies, like Lawrenceville, NJ-based Paytrust, the ability to move funds around is already here.
Not too long from now, the technology could lead to online auctions for financial services, in which customers can request the best rates for certificates of deposit, checking accounts, home loans or credit cards--and transfer funds to the highest (or lowest) bidder on the spot. That level of choice, combined with ease of funds transfer, for consumers and small businesses means that traditional financial products could become pure commodities to a far greater extent than they are now.
So the stakes are high and climbing fast.
Many bankers are keenly aware of what's at stake. "Everyone has gotten on the bandwagon so quickly that we think waiting more than two months means missing the opportunity to get our message out," Kristin Julbert, vice president of eBusiness development at ABN-AMRO North America, said in an interview in early September.
Her company, which operates three separate banks in three different U.S. markets, first became interested in aggregation at the end of May, primarily because of "fears and concerns," she says.
But in researching aggregation services and consumer attitudes, the company concluded that it couldn't stop the aggregation juggernaut, so perhaps it should join it. "We came to a decision very quickly. It took very little time, because our customers already had access to aggregation services," says Julbert. "I've been in banking almost 10 years, and I've never seen a decision made that quickly and easily." The service is scheduled to be launched by the end of October.
ABN-AMRO is getting its aggregation technology from Yodlee.com, a privately held technology company based in Redwood Shores, CA. Founded in 1999, with the first version of its screen-scraping software released only a year ago, Yodlee has already emerged as one of the biggest players in account aggregation. It has more than 45 "partners"--its term for institutional clients--including Citi, Chase, Morgan Stanley, AOL and Intuit, along with Internet banking technology companies such as Corillian Corp. Some are more literal partners: Corillian recently bought an equity stake in the company.
The other big name--if anyone in this fledgling market could be considered big--is VerticalOne. Some 180,000 consumers currently use its software to track about $2.5 billion in assets, but that number will grow swiftly, since both Wells Fargo and Yahoo announced Aug. 30 that they'd signed on to offer it. Other aggregators are considerably smaller.
A host of much larger technology companies are considered very likely to enter the market, however, either by creating systems of their own, buying one of the small-fry or simply licensing outside technology and integrating it into the big banking systems they sell. Microsoft has already announced intentions to enter the fray, and other possibilities include EDS, Unisys, IBM, Cisco Systems and Oracle.
Of course, it's still far too early in the game to guess the final score. But the prevailing mood at companies offering aggregation is unbridled optimism. MyCiti.com, in the first two months it was available, was "signing up thousands of clients a week," split equally between current Citi online banking customers and non-customers, according to Noor Menai, managing director of e-consumer portals and customer relationship management at Citigroup.
The service aggregates information, including travel, news and e-mail, from more than 1,400 sites. It's purely informational for now, with no transactional ability. But new functions--such as giving customers financial advice, letting them pay their bills electronically and move money among accounts--will be added eventually, Menai says, although he declines to divulge when.
Most aggregators work the same way, although the technology and techniques are shifting rapidly--one of the reasons financial institutions feel ready to start participating. First, the aggregator asks customers to turn over their user names and passwords to any Web sites where they get information, e-mail or other data they want aggregated. Then its software "robots" log into those sites--banks, brokerages, credit card providers and the like--essentially masquerading as the customer, and automatically grab data such as account balances. That's screen scraping in a nutshell. The aggregator translates that disparate data into a standard format and presents it to the customer as a summary displayed on its own Web site.
Screen scraping has a number of problems, however. For one thing, it can be a pretty clumsy tool, and early versions of the software had trouble finding the right information on all those different Web sites, leading to mistakes and omissions in reporting to consumers.Technologists say they're solving that problem with new software geared specifically to finding financial information, rather than reading the ubiquitous Internet code, HTML--although it still amounts to screen scraping, just with a finer-mesh tool.
"We use intelligent bots instead of HTML screen scraping," says Jim Taschetta, Yodlee's chief marketing officer. "They use object-based parsing, which means these are smart enough to move around a Web page and find what they need."
eBalance Inc., an 18-month-old aggregator based in San Ramon, CA, uses screen scraping about 10% of the time. Another 10% of its data comes through the method Taschetta describes, using QIF or OFX code, which is rapidly emerging as a financial-reporting standard. According to Larry Braitman, eBalance's vice president of marketing, it gets the other 80% of its information through a software robot that downloads customer information into personal financial management software, like Intuit's Quicken or Microsoft Money, on behalf of consumers, again using OFX.
Another new entrant, Teknowledge of Palo Alto, CA, uses a similar mix of techniques.
However, none of these means of gathering customer data addresses one of the biggest concerns banks have: It's hard--if not impossible--to tell who's actually picking up the customer data, an actual customer or an aggregator or a thief who has the customer's name and password. To allay their fears, aggregators have begun supplying financial institutions with identifying codes for their servers, so that bankers know who's looking at the data on their site.
But more and more, financial institutions and aggregators are setting up direct data feeds, so that customer information--with verified permission, of course--can be sent regularly or even on-demand to aggregators, so they don't have to resort to screen scraping. That means that information is much more likely to be accurate, traceable and able to be updated whenever customers want.
Many of these sorts of technical solutions have come about through better communication among institutions, aggregators and regulators. For instance, late last year, First Union began to identify its most worrisome issues with aggregators, and set up a list of guidelines for aggregators that wanted to work with the bank, says Gayle Wellborn, director of customer advocacy for eChannels, First Union's e-commerce division. She also co-chairs the BITS aggregation initiative. "We review their technology," she says. "They have to have a process to validate the accuracy of information, we make sure they authenticate information in such a way that provides adequate security, and they have to have end-to-end audit trails throughout the process."
First Union also asks aggregators not to share customer information with third parties and scrutinizes their disclosures to consumers. The bank hired outside consultants to give objective opinions on aggregators' performance on its measures. "The major players were very eager and willing to work with us," Wellborn says.
First Union plans to launch an aggregation service of its own by the end of this year, and Wellborn promises that the bank will adhere to the standards it set for others.
As Wellborn's concerns with business practices makes clear, many of the biggest problems with aggregation--and obstacles to its full development--aren't technical. They have more to do with regulation, legal liabilities and customer relations. Current bank regulation doesn't really address aggregation, so it's hard for financial institutions to know what they can and can't do. And it's vexing that the non-financial upstarts may not be subject to the same rules.Aggregators, whether they're financial companies or not, are likely to come under the Gramm-Leach-Bliley Act's privacy provisions, but the actual rules haven't been written yet. The same goes for security provisions.
Regulators plan to tread with care. "It's important to me as a regulator to keep a delicate balance to ensure that the criteria of safety and soundness are met without strangling new technology," says Clifford A. Wilke, director of bank technology at the Office of the Comptroller of the Currency.
He may be ahead of many people in at least understanding the implications of financial aggregation, since he developed a similar product for the oil industry at Mobile Corp. in the mid-1990s.
As aggregation moves inexorably into funds transfer--after all, what's the point of seeing all your finances in one place if you can't move that money around?--the legal liabilities become even more pronounced. Under the Federal Reserve's Regulation E, which governs electronic funds transfers, financial institutions are held liable for security breaches even if there's "customer neglect," such as giving a name and password to an aggregator who fails to safeguard it.
Not surprisingly, that's a bone of contention at BITS, and a big problem for banks. "When there's a dispute between a consumer, aggregator and financial institution, who's going to eat it?" asks Mike Curtis, e-commerce development manager at Bank of Hawaii. "The law requires that we eat it."
Catherine Allen of BITS describes the naÏveté about banking regulations some technology firms displayed at the group's aggregation forum in June. In a discussion of the legal implications for banks, "a young lawyer from one of the small technology companies stood up and said, 'Well, why don't you tell the Fed to change Reg E?'" she recalls, adding that there are plenty of very good reasons the regulation exists. (To be sure, adapting it to accommodate the aggregation problem is likely to surface as one of the Financial Services Roundtable's lobbying priorities this year.)
Many aggregators are only now encountering the reality of bank regulation--and how seriously their bank clients take it. Until recently, Allen says, "they had no understanding of the risks. They didn't think of the protection of data, just the revenue opportunities."
Consumers, too, are ignoring the risks inherent in financial aggregation, and that makes even bankers who plan to offer the service a bit queasy, particularly when they ponder the role of new technology companies. "Who are these companies? What business are they in? Do consumers realize that they've given the keys to the castle away?" Curtis asks.
"Clearly people want this--they're signing up in droves. It's a convenience, and I see it as a wonderful way to provide advice and financial planning," he says. "But I've tried it personally, and it gives me the creeps. If consumers really understood this, they wouldn't do it."
