As banks and data aggregators continue to grapple with the logistics and legalities of sharing bank account data, the virtual card provider Privacy.com on Thursday said it will start marketing an application programming interface directly to consumers.
The move is a test of how much data consumers really want shared with third parties and which third parties.
"The purpose is to put something out there and start the conversation, with the developer community and our users very much aware that this is a V1," said Bo Jiang, Privacy.com's CEO.
It could help the company navigate a tricky landscape that has ensnared others, most recently Capital One Financial and Plaid, in conflict.
Consumers, banks, data aggregators and third-party app providers presumably want the same thing — for consumers to have control over their banking data and share it with whom they choose.
The tricky part comes in how this is done. Does the customer have full transparency around which pieces of data are being shared and with whom? Does the bank have the right to keep certain data fields private? How does the aggregator make sure sketchy apps are not accessing the information? Who is liable when a shady company does access a customer's data, or worse, steals it?
Figuring out the answers to these questions is becoming more important as Europe's PSD2 directive takes effect and the open banking movement in the U.S. continues.
In its basic business, Privacy.com tokenizes consumers' credit and debit cards, so that as they shop online or on a mobile app, they are not giving out their real card number with merchants, only a number that cannot be used elsewhere.
Its new API lets consumers create views of their transactions on their Privacy.com cards and set up push notifications when new transactions occur or subscriptions are up for renewal.
"A lot of our users use us for all online spending," Jiang said. "If you wanted to build an analysis of how you’ve been spending over the past couple of months, the way some [personal financial managers] are doing, that’s a clear, immediate use case." Privacy.com's users tend to be tech-savvy, he noted.
Later, the company may work with data aggregators and third-party app providers to share data with them.
For now, the API offering is something of an experiment to see what customers really want.
"So they can understand, how do we balance the fact that we want to empower people to build full-featured apps on top of our API while still providing full transparency to consumers about what’s happening with their data and who has access to their data?" Jiang said.
Consumers, for instance, may want an app to have access to their transaction information to help analyze it.
But "you may not want all-you-can-eat indefinite access — it may be access to a certain account for 60 days," Jiang said. "That’s something you should be able to control. It seems this is something that absolutely should exist for your most sensitive financial information."