If Banks Fear Screen Scraping, Why Are They Fighting the Alternative?
Brian Moynihan and Bill Demchak raised concerns Tuesday about the conduct of data aggregators, and particularly how well they protect customer data. The comments come amid reports that banks have been trying to strangle aggregators' access to their systems.
As U.S. banks wrangle with account-aggregation sites over screen scraping, the U.K. is championing a safer method for sharing data that could transform the way customers interact with financial institutions.
It was not that long ago, before the internet, when consumers were forced to conduct their banking by walking or driving to the nearest branch during "banker's hours." That was the unflattering term referencing the small window during the day when bank lobbies and teller windows were open. After 4 p.m.? Forget it. Needed something on a weekend or holiday? Try again. More often than not, the door sign read, "CLOSED."
Times have truly changed as online banking now provides around-the-clock convenience, and an array of nonbank apps enable personal financial management tools at one's fingertips. However, some financial institutions are still closing their doors to consumers in an entirely new way.
Today personal financial applications like Acorn, Digit and Mint rely on bank account information to provide users with a complete snapshot of their financial footprint, improving customers' experience when they pay bills, save money and make other financial decisions. But banks are still resisting the innovation known as application programming interfaces that allow apps to import such data efficiently and securely, and taking more aggressive action when PFM apps — without the benefits of an API — must scrape the data from a customer's login.
With scraping, a third party application must use a customer's credentials to log in to each institution each time the application updates, to pull the most recent data. Because of this process, financial institutions argue they cannot tell between a series of legitimate logins or brute-force hacking attempts. According to recent reports, three large banks — Bank of America, JPMorgan Chase and Wells Fargo — have been accused of limiting or, in some cases, cutting off access. The banks claimed their actions were not meant to restrict competitors, but rather out of security and website bandwidth concerns. But those arguments simply fall flat.
If banks were truly concerned about bandwidth and security, then why are they also refusing to integrate a separate and secure portal — such as APIs — so customers can access their finances?
Data, no matter the content, is nothing more than a series of ones and zeros that can be safely and securely transmitted. Google, Facebook, Twitter and others allow third party access to data using APIs and secure authentication tokens. These allow secure transfer of data between the platforms and third party applications without requiring users to provide login credentials, thereby enabling consumers to manage single or multiple accounts on one platform in a safe, secure manner. These platforms foster a robust third party developer community that tremendously enhances the user experience. This is not new. In fact, most financial institutions have already built secure portals to transmit financial data throughout their own applications. Financial institutions should operate no differently than today's most popular internet platforms when looking to securely transmit data to third parties.
Financial institutions across the pond are already working collaboratively toward this. In an effort to improve consumer services, boost competition and foster growth in the rising fintech community, the U.K. government is pushing to implement an open API standard for all financial institutions. According to research firm Gartner, while these efforts are good for British customers, without similar action larger U.S. financial institutions will be at a disadvantage when competing in the global marketplace.
Financial institutions here in the U.S. should embrace this innovation rather than resist it. Innovators in Silicon Valley are already creating APIs for the financial services industry for this very purpose. API-enabled access would eliminate constraints on the front end of a bank's website. As financial institutions innovate to try and keep up with fintech startups, why would they not open their platforms to the broadest base of potential users? Let those users plug in securely however they wish. The opposite approach — raising barriers to shield competition — will only frustrate customers, and make winners out of startups and the financial institutions that choose to innovate.
Over its short history, we have seen time and again how the internet has democratized information and utility. The browser wars that once dominated the tech industry have long dissipated, and it no longer really matters what operating system one uses. Nearly all web applications are platform-agnostic. In that same spirit, consumers should be empowered with the choice to securely access their finances through any preferred platform or application to help them take more control over their financial lives.
Brian Peters is the executive director of Financial Innovation Now, an advocacy group for several technology firms including Intuit, the parent company of Mint.com. He is also a partner at the Franklin Square Group, a technology consulting firm in Washington.