Here's a New Year's resolution for bankers and data aggregators: end the screen-scraping imbroglio.
The past two years saw a lot of back-and-forth between banks and third-party personal financial management providers on the issue of screen scraping, the practice of the latter getting authorization from customers to log in to their online banking accounts on their behalf to obtain data, such as transaction history.
Banks argue that the practice is risky and can lead to identity theft and fraud. But data aggregators claim banks' opposition is self-serving — they want to stave off competition and are doing so by restricting customers' access to their own data.
Some financial institutions have found a middle ground, however. They are partnering with third-party PFM providers to offer their customers these tools, which tend to be popular, especially among millennials. Although this is not the same as allowing customers using any PFM tool they like, it is a compromise where customers can have access to such services while reducing the security risk since the aggregator is a formal partner of the bank.
"Anytime a customer shares banking credentials, there's risk involved, and Wells Fargo has consistently cautioned customers about sharing this information with third-parties," said Brett Pitts, head of digital for Wells Fargo virtual channels. "Because of this, it's imperative we work toward implementing ways to share information with third parties in ways that don't require our customers to provide their confidential login credentials."
That's a big reason why in June, Wells Fargo entered into a partnership with data-sharing platform Xero for Wells Fargo small business customers who use Xero's accounting software. The method of data sharing between Wells Fargo and Xero — driven by application-programming interfaces — gives small business owners enhanced online security and greater control over what bank information they choose to share with the accounting software firm, said Pitts.
It "gives small-business owners greater transparency in understanding exactly what data is being shared and with whom it is being shared," said Pitts. "It also gives them greater choice and control over which data they share with Xero, and the ability to manage their Wells Fargo-to-Xero data connection more easily."
It's the first partnership of its kind for Wells, Pitts said, but the bank is exploring similar partnerships with other aggregator firms as it seeks to create "a safer, more secure and reliable method of sharing customer data between financial institutions and third-party services."
Another bank that has gone down this route is TD Bank, with its partnership with Moven. In April, the Toronto-based bank went live with Moven's MySpend money management tool, making it available to its Canadian customers. Branded as TD Myspend, it is a companion app to the TD mobile banking app and allows users to track their spending habits and receive notifications in real time. TD appears to be pleased with its adoption.
"We have over 700,000 customers who love the way it helps them manage their financial well-being," Bharat Masrani, the chief executive of TD, said during a conference call earlier this month to discuss the company's fourth-quarter earnings.
In an emailed statement, a TD spokeswoman said that TD customers are free to use other PFM apps, "however users should always be aware of the risks and liabilities when sharing confidential banking account usernames and passwords with any third-party."
The spokeswoman added that the company is focused on "providing customers with the best and most secure digital experiences, and TD MySpend is an example of this."
Moven has told American Banker it is in discussions for similar partnerships with several banks globally.
Also, a few banks have established developer hubs where third-party companies can experiment with banks' APIs.
While bankers slowly move toward open APIs, regulators might add an extra push. In October at the Money 20/20 conference in Las Vegas, Richard Cordray, the director of the Consumer Financial Protection Bureau urged banks not to restrict access to data.
"We are gravely concerned by reports that some financial institutions are looking for ways to limit, or even shut off, access to financial data," Cordray said at the time. "We believe consumers should be able to access this information and give their permission for third-party companies to access this information as well."
The following month, the CFPB launched an inquiry seeking public comments on the dispute. The CFPB has rule-writing authority in this regard, a spokeswoman said, but added that the agency is still in the 90-day comment period and still weighing all sides of the matter.
"Through this inquiry the bureau is seeking to learn more about consumer access to financial records," the spokeswoman said. "The information we gather will help us evaluate whether any guidance or other action by the Bureau is appropriate to protect consumers."
Outside the U.S., regulators have already taken measures on this issue. For example, the EU's revised payments services directive calls on the industry to facilitate a way to securely allow for third parties to connect directly with consumer's bank accounts and retrieve information from them.
If this becomes the norm in the U.S., some think it should be facilitated by APIs — like Wells Fargo's project with Xero — and not via screen scraping.
Financial Innovation Now — a lobbying and advocacy group formed last year consisting of Google, Intuit, Amazon, Apple and PayPal — are already in discussions with banks to find better technological solutions that would allow consumers to share their financial data, said Brian Peters, the group's executive director.
"Data scraping should not be the way this works," he said. "Some of the services that our companies offer rely on preserving access for our customers… If a financial institution blocks that, it makes the service work more slowly or it harms the customer experience that we're trying to provide."
"There's a lot of agreement between banks, data aggregators and customers on where we want to get to …there are better ways forward than sharing login credentials," agreed Rob Morgan vice president of emerging technologies at the American Bankers Association. "Today when they share the login credentials they're sort of opening the barn doors and you can't put the horse back in."
Morgan believes banks and data aggregators actually are not that far apart on the issue and will come to some kind of compromise that will ultimately be beneficial for consumers without risking security.
"At the end of the day the customer needs to have the ability to share that data," he said. "Banks are really working to open up these systems and giving up access but doing it so in a safe way.
Still, given the size of the U.S. banking marketplace no one single solution may be the answer, said Zach Perret, CEO of financial technology infrastructure provider Plaid, which counts Venmo, Betterment and Wealthfront among its clients.
"The landscape of financial institutions is simply too diverse, and fundamentally we think financial institutions should have the freedom to find room for their own preferences and needs," he said. "So I'd be surprised if whatever regulation comes is overly prescriptive. Instead, I think we'll see a focus on the principles-based approach that gets at the spirit of the issues."
Lalita Clozel contributed to this story.