The chief executives of Bank of America and PNC Financial Services Group expressed concerns Tuesday about how well financial management sites protect customer data, arguing that the sites could pose a risk to the banks as well as their customers.
The comments, made at a conference in New York, come amid growing tensions between banks and financial management companies, also known as data aggregators. These companies, which include Mint.com and Yodlee, use bank account information provided by customers to pull their data from bank sites through a method called screen scraping.
B of A, JPMorgan and Wells Fargo have all been accused in recent weeks of disrupting aggregators' access to their sites to prevent traffic jams on their servers, protect their customer data and, possibly, box out a category of potential competitors that are growing in popularity.
Bill Demchak, CEO of the Pittsburgh-based PNC, did not explicitly admit to shutting out the aggregators, but he said the aggregators "jam up our channels" and that the bank takes steps to prevent that.
"They slow down service for the rest of our accounts, and we react to that," he said at a conference held by the Clearing House, a trade group that represents about two dozen of the country's largest banks.
B of A CEO Brian Moynihan said he is worried about how aggregators store customer data, and said the bank needs to do a better job of educating its own customers about the dangers of giving the sites their account information.
"These sites have capabilities the customers want" but information security "is a safety-and-soundness issue," he said.
Aggregators, or personal financial management sites, are popular with consumers because they allow them to view and manage financial data from multiple sources in one place. As their usage has increased they have at times become a headache for banks, because the large volume of account logins they send to banks' servers slows traffic.
The issue is complicated by the fact that some big banks partner with PFM sites to offer customer interface. Demchak expressed some annoyance with these arrangements Tuesday.
"We tend to put out data to these people and then pay to get it back," Demchak said.
Bank complaints about online finance companies' use of their data are not new, but, perhaps because many partner with the aggregators, they have tended to publicly disavow allegations of site-blocking. The Wall Street Journal first reported on the shutdowns earlier this month, and said that JPMorgan CEO Jamie Dimon met with Consumer Financial Protection Bureau head Richard Cordray recently to air his concerns. JPMorgan acknowledged that it blocked Intuit, the owner of Mint, from its sites last month after it flooded the bank's website with requests.
B of A has been reported to have clamped off access to personal financial management sites, but never confirmed it. Moynihan said Tuesday he had not been aware of the issue before seeing reports in the media.
The Clearing House is reportedly looking into the matter after receiving complaints from its members. The issue was seldom raised at its conference Tuesday, aside from the comments by Demchak and Moynihan, but data security was one of the main points of discussion by several bank chiefs.
TD Bank Group CEO Bharat Masrani credited regulators with having spurred banks to better protect customer data and said that the investments in security will prove to be a long-term financial benefit to banks.
"Once this is behind us, aside from making us more resilient," better data security "will yield great benefits," he said.
But fraud remains a big problem, and passwords are a main reason why, conference attendees said. The biggest increase in fraud that PNC is seeing is actually from commercial clients, Demchak said, though in many cases the account breaches still come through stolen passwords.
"A lot of [fraud] happens in very simple form. It's not always a massive data breach," Demchak said. "It's a missing password, and suddenly $2 million is wired to a place where you can't get it back."