Still frustrated by their lack of control over the mechanics of account aggregation, a group of financial institutions said Wednesday that they are working with vendors on a plan that would give them more.
The proposed system, the banks say, would reduce the industry's reliance on screen-scraping, the main technology used to lift customer account information from multiple Web sites and compile it on one. Financial institutions have long complained that they have no way to tell the scrapers that come to their sites from legitimate customers, and that this presents obstacles to securing and auditing the aggregation process.
Another major goal of the effort, which is being spearheaded by the Financial Services Technology Consortium, an industry research group, is to enable funds transfers between accounts at different banks. This feature is considered critical to making aggregated information more valuable to consumers.
"The target that we all have is data that is not read-only but is actionable," said Zachary Tumin, the consortium's executive director.
A core group of consortium members - Bank of America Corp., Fidelity Investments, and the Federal Reserve Bank of Chicago - are working on the project along with three aggregation vendors: Yodlee Inc. of Redwood City, Calif.; Access Softek Inc. of Berkeley, Calif.; and Business Logic Corp. of Chicago.
The industry's attempt to wrest more control over the process is an acknowledgement that aggregation is here to stay, Mr. Tumin said. Aggregation is "one of the most successful financial institution initiatives of the last decade," he said. "Penetration is tremendous. Customer demand is tremendous. We think this will address some of the issues of risk" that have made some banks wary of offering aggregation.
Mr. Tumin said the proposed system would rely on direct data feeds, rather than screen-scraping, to compile information. Screen scraping may not disappear, he said, but the need for it will be reduced.
Aggregation technology vendors, including those participating in the consortium's effort, were the first to promote the concept of screen-scraping for financial information. The companies use passwords supplied by customers to lift data from bank Web sites, usually without the banks' knowledge or permission.
"The banks did not have a whole lot of say in the way today's account aggregation technology was developed," said Chauncey Smith, the senior vice president for e-commerce at Bank of America who has worked on the technology consortium's project.
In addition to potential security problems from shared passwords, Mr. Smith said, Bank of America is concerned that screen scraping "can result in a less-than-ideal customer experience," because of delays and inaccuracies in reporting financial information.
When customers share their passwords with aggregators, he said it becomes harder for banks "to differentiate customers from aggregation providers and audit the overall process."
The new aggregation prototype will be built on a model the consortium developed for establishing consumer identity. The first phase of that project, dubbed "Financial Agent Secure Transaction," or FAST, ran from November 1999 to May 2000 and resulted in a new, generic messaging framework for institutions and their customers to communicate authentication data.
That framework does not require customers to share passwords with aggregation providers. Instead, aggregation providers would delegate authorization and authentication duties to financial institutions. Users could still control access rights to their accounts, and grant full or partial access to aggregation providers for their financial records, the consortium said.
The consortium has been working behind the scenes for more than six months to write a detailed project proposal, Mr. Tumin said. Bank of Montreal, Royal Bank of Canada, Wells Fargo & Co., and J.P. Morgan Chase & Co. have also taken part in the project's planning.
The consortium also is working with BITS, the technology arm of the Financial Services Roundtable, which has its own aggregation initiative underway, Mr. Tumin said. Some companies are participating in both efforts.
Given the variety of institutions and vendors involved, the aggregation project is likely to spur new innovation and competition, said Jim Salters, the director of technology initiatives and project development at the consortium. "We don't think there is going to be a single solution that will pervade the marketplace," Mr. Salters said. "There will be a number of different solutions."
And the vendors are equally enthusiastic. From Yodlee's standpoint, the FAST authentication approach is a key advantage, said Schwark Satyavolu, the vice president of product development. "We take on a lot of liability today" by collecting personal identification numbers and login codes, he said. "It's easier for Yodlee if we find a way to do this where we do not have to cache all these PINs and passwords."
Mr. Satyavolu defended his company's screen-scraping, but also said Yodlee is willing to work with banks that are trying to move away from it. "While today everything works and everything is fine, we want to take this to a different model," he said.
Yodlee uses a "plug-in" infrastructure that allows the company to mix and match technical features. "You could even use FAST authentication with Web scraping," he said. "The Yodlee standard accommodates all those things."
