When consumers use a service like Quicken or Mint, they aren't just using a single piece of software. Rather, they are using a complex set of software and services operated independently by a dozen or more companies – some supplied by banks, others supplied by nonbanks. Sometimes customers ask if there's a durable business and technical basis for these connections and software services.
Twenty years ago, that was a very important question. In the mid-to-late 1990s, the rivalry between financial institutions and tech companies with financial offerings was as pointed as, say, Facebook versus Google today. Consumers were right to wonder whether the rivalry would get in the way of their ability to access and analyze their personal financial data.
Today, there are still some areas of tension between financial institutions and tech companies. However, the ground rules for making account data available to consumers for use in external software products and apps are in place and the so-called rivalry is overblown.
Over the last 20 years, the companies have established a modus vivendi that affords consumers a choice between bank-supplied software and third-party software that downloads transaction data without compromising security and privacy. Both parties understand the importance of privacy and security and use techniques such as advanced encryption and multifactor authentication to protect customer data.
Regardless of whether data is being downloaded from a bank website, via file download or using a purpose-built protocol such as the Open Financial Exchange, the user credentials and the data itself are protected by encryption. In fact, the same verification steps that apply to the bank's website and mobile app access will typically also protect interactions with third-party products (for example, requesting that users answer personal background questions only the user would know).
Just like banks, technology companies do regular security reviews and audits and are also increasingly respectful of the marketing component of privacy. Quicken Inc., for example, does not use downloaded data to market to customers.
In recent months, however, one of the common ways for financial data to be received has been taking heat in the media for the perception of being particularly risky. Some customers are concerned that one of the common ways for data to be received is via website download, sometimes called screen scraping. From an engineering perspective, website download is inelegant, in that it requires a computer to interpret a web page that was designed to be read by a human. However, as a computer-to-computer interaction, it is protected by the same encryption and password requirements as a web browsing session, so the security is strong.
The only real drawback of website download as a data retrieval technology is that there is no explicit software contract between the website and the server using it to access data. As a result, reliability is lower than with other forms of data access. For example, a bank can change its website for a perfectly good reason – perhaps to improve the readability of a display of data. Because the screen-scraping server isn't prepared for this change, it can't interpret the transaction data; thus, the end user sees an error code.
This is one of the reasons that personal finance management software companies have been, and will continue to be, very supportive of purpose-built server-to-server technologies such as the OFX protocol, and more recently, Durable Data Access, a standard that Wells Fargo has proposed.
Financial institutions and technology companies are different and have contrasting business models. But they are both solving customer problems with modern technology and are searching for a better model.
Eric Dunn is the chief executive of Quicken Inc. Dunn joined Intuit, Quicken's previous owner, in 1986, when Quicken was the only Intuit software product; he was employee No. 4 at Intuit.